Despite the risk to their employer of criminal proceedings and heavy fines, two thirds (66%) of UK workers would not report a serious data protection breach if they thought it would get one of their colleagues into trouble, according to recent research.
The study by telecoms and IT firm Daisy Group, which looked at data protection and security risks, found that one in eight (13%) UK workers had disabled the password protection features on work laptops, mobiles, or tablet devices because they found them annoying. Of those who did have password protection, a third (36%) said they didn’t change their passwords regularly, and one in six people (17%) admitted their password was very simple and would be easy to guess.
However, if asked by a third party to email a client or supplier’s personal details outside of the company, more than half (56%) said they wouldn’t and one in five (19%) said they would check with their boss before doing so. Although seven per cent said that they would send the details without querying the request, as they didn’t think anyone would mind.
When asked if data security was an important issue for the company they worked for, one in five people (19%) said they had no idea.
Cloud specialist, Graham Harris, an expert at business IT and telecoms provider Daisy Group, explained: “When it comes to data security, all too often businesses focus purely on IT processes and forget about the staff that will be using them.
“As our research identified, human error is one of, if not the most likely source for data security issues, and fear of reprisal is a powerful force. Businesses must be proactive and educate their staff about what data security processes and policies there are, why they exist, what the staff member’s responsibilities are and reassure them about what to do in the event of a problem.”
Estate agents and those working in the property industry were among the most likely to turn a blind eye to colleagues’ data security failings, with 71% saying they wouldn’t report a data security breach that would get a colleague into trouble. Those working in marketing were the most likely to raise the alarm.
Despite the potential risk of commercially-sensitive data theft, business management and professional services workers were the most likely to disable data security features on their mobile devices.
The research was conducted to assess the demand among UK businesses for ‘mobile device management’. The new cloud-based technology gives organisations more control over smartphones and tablet computers by letting them remotely track and wipe the content of any lost or stolen devices, thereby ensuring the information remains confidential.
According to one statistic, 180,000 computing and communication devices were lost or stolen in the UK last year, but it is likely that the true figure is much higher as not all thefts are reported to the police.
Graham Harris explained, “It is important to ‘common sense’ test any security system. Procedures that are complicated or disrupt the working environment often result in employees finding ways to circumnavigate them or taking matters in their own hands. Similarly, it is important to plan for human error and problems, such as theft or loss of devices that carry important data, so that when they do occur, they can be dealt with quickly and effectively.”
The EU is currently in the process of reforming laws on data protection which, among other things, will require organisations to report data protection breaches to the relevant authorities within 24 hours. It is anticipated that the penalties for failure to comply will increase to as much as €100m. The legislation changes are expected to be in force by the end of 2018.
Summary of research findings (National)
When asked about password protection:
- 13% of workers said they had disabled a password because it annoyed them
- 17% said their password is simple and easy to guess
- 36% said they do not change their passwords regularly
When questioned about data security:
- 19% of workers said they have no idea whether information security is an issue for the organisation they work for
- 66% of workers said they would turn a blind eye to a clear breach of data protection
- Only 16% would report a data protection breach to their boss
If asked by a third party to send a client’s personal details outside of the business:
- 7% said they would
- 55% said they would not
- 19% would check with their boss first