1 in 4 employees have experienced a cyber-attack or data breach at work
Amidst recent reports that the Information Commissioner’s Office (ICO) has launched an investigation into allegations that the details of hundreds of workers were leaked in a huge data breach at Jaguar Land Rover’s Lode Lane factory in Solihull, a recent survey reveals that, despite new GDPR laws, lapses in workplace data security appear to be worryingly commonplace.
In the case of Jaguar Land Rover, it has been reported that documents containing the details of over 600 agency staff have been widely shared among the workforce. The files are said to contain the names, payroll numbers, disciplinary records and even the number of sick days taken by staff. Another leaked list reportedly shows whether workers have a disability. The ICO investigation is ongoing.
The recent survey undertaken by 247meeting found that a quarter of employees have experienced either a data breach, cyber-attack or both, during their careers. It also reveals that the biggest culprits are often those in management positions. 25% of senior managers said they have experienced a stranger on a conference call. The same percentage also confess to sharing their conference call PIN information with colleagues, despite discussing employee grievances and sensitive business issues on their calls. 46% of employees admit to using technology tools to communicate at work without knowing whether they are all password protected. In addition, over a third of employees do not know where to access their company’s IT security policy and only 13% are confident that they remember all of it.
Despite the potential for huge fines to be imposed on businesses for data breaches under the new GDPR laws, 1 in 4 employees with access to confidential employee or customer data reported that they have not received any GDPR training. Employers are, therefore, urged to take the GDPR requirements seriously by putting appropriate processes and security measures in place and ensuring that all employees are aware of the need to properly protect customer and employee data.