The Information Commissioner’s Office (ICO), the “UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals”, periodically conducts analysis of the data security incidents reported by data controllers and companies themselves.
Information security incidents on the rise
From July to September 2015, 559 information security incidents were reported to the authority – a 43% increase on the number of reports received in the previous quarter. What’s astonishing is the mix:
If you pay attention to each type of incident, you will see that they are almost all connected to staff misconduct or carelessness (and the exceptions – Principle 7 failures – may also include this sort of fault). Despite the largest number of reports being about loss or theft of paperwork (21.46% of the total), digital security incidents are on the rise: there was a 158% increase in emails sent to incorrect recipients compared to the previous quarter. The sectors affected the most by this type of incident were finance, insurance and credit (22.58% of total incidents), education (20.43%), local government (16.60%), and health (11.51%).
Don’t be knocked out by your staff
You can have the best information security procedure in place, but if your staff don’t know how to comply with it, you are at risk of data breaches and consequent monetary penalties that can bring your organisation to its knees. The easiest and most convenient way to ensure your employees are aware of your security policies is by training your staff.
The Information Security Staff Awareness E-Learning course is designed to assist your employees in gaining a better understanding of security risks and compliance requirements, thereby reducing your organisation’s exposure to security threats.