Digital Transformation

Are employees deliberately ignoring data protection rules?

Staff could be bypassing data protection rules on purpose.

A new survey has suggested that British employees may be deliberately ignoring the rules on data protection in order to make their jobs easier.

The Lieberman Software poll came to light at the recent RSA Conference 2013 and showed that out of 250 IT security professionals questioned, 80 per cent thought staff were failing to follow simple rules of their own accord.

More than half of these were unconvinced that it would be possible to get people to listen more to protocols, even if they were reiterated by executive management.

Philip Lieberman from the organisation said: "Most end-users are still not taking IT security seriously and are unnecessarily putting corporate data – and potentially customer information – at risk."

He added that this kind of behaviour is continuing even though it is well-known that human error is the top cause of data breaches.

"Organisations need to implement better cyber security training that properly instructs staff about the consequences of data breaches," Mr Lieberman continued.

The reasons why staff were so willing to bypass data protection rules were not provided, but it may be that they just want to save time or ensure they can do their jobs at home on their own laptops.

It seems that the results of the survey are being borne out too – according to a recent study published by The Register on passwords, the most commonly leaked one is still ‘password’, followed by ‘123456’.

This is despite them being very easy to guess and businesses no doubt encouraging new personnel to use complicated combinations of words and numbers.

Elsewhere, a contact centre in Northern Ireland had to change the way it operates after dozens of telephone call log sheets ended up scattered around Derry city centre, while police reports were accidentally used as ticker tape during one New York parade.

Employers may be diligently backing up files and using cloud storage, but it may be they need to urge their employees to be more careful with confidential data – and not to ignore the rules.