Preventing data breaches: when one wrong click becomes a costly business

You come into work with fifty unread emails waiting and the chime of notifications for all the tasks to be completed ASAP. A few flurried hours later, with a cascade of tabs open and an important email ready to go out to a hundred clients, you finally hit send and breathe a sigh of relief. That is, until you realise that you just made everyone’s contact details visible thanks to using the ‘CC’ field instead of ‘blind-copy’.

When human errors like these happen, there’s reason to investigate whether gaps in staff training or an organisation’s compliance culture are a contributing factor. The scenario above is not far from reality. In August 2019, a marketing employee from a global real estate company published the email addresses of 300 customers to each recipient which led to an internal investigation and snowballing costs. After reporting the incident to the Office of the Australian Information Commissioner, the company spent thousands on advice from consulting firms and lawyers to fix the aftermath of the mistake. It was eventually found that the organisation did not have a data breach response plan in place.

Security in Depth’s 2019 State of Cyber Security in Australia Report found that 55% of Australian organisations don’t have a cyber governance platform in place, and 38% of companies have not carried out any structured cyber awareness training. It’s true that there may always be an underlying risk that an employee simply isn’t paying enough attention to the task at hand. But it pays to have a framework in place so that staff in the organisation can be more aware of the risks connected to privacy concerns and the impact this has on costs, workflow and reputation in the industry. Knowing both how to prevent data breaches and act in response if the worst-case scenario does eventuate is key.

Cyber security awareness is more than just an IT issue, which goes beyond being able to send emails correctly, recognise suspicious links in phishing scams or keep anti-virus software up to date. It’s about ensuring that both your staff and clients are confident that your organisation can be trusted to keep their sensitive information out of the wrong hands.

Sources: Security in DepthThe AgeAustralian Cyber Security Centre

GRC Solutions is an award-winning provider of e-learning and compliance training that can be customised to your organisation. For more information on our Cyber Security course, contact us today.