Three months after the announcement that the Information Commissioners Office is to be granted new powers from April 6th, 65% of people are still ignorant to the fact that they could cost their organisation 500K if their actions cause a deliberate or negligent breach of personal data.
The study, sponsored by Cyber-Ark Software amongst 500 city workers, found that the majority of employees havent been informed about the latest fines and rules of the data protection act and the impact abuse of their privileges could have on the organisation, with 65% agreeing that nothing has ever been said to them about the regulations.
This realisation will be a rude awakening to many directors if a breach should occur as the ICO has advised it will consider what reasonable steps the organisation has taken to prevent breaches when serving monetary penalties!
93% of city workers revealed that if they were personally held liable for protecting customers data, they would certainly be more careful with how they handle data. 71% of respondents claimed, now that they have been made aware of the financial implications to their employer they will be more careful with how they handle data in future.
88% of customers data on handhelds isnt adequately protected!
It may not be surprising that 64% admit to carrying customer data with them on mobile devices yet, with the Information Commissioner waiting to claim his first scalp. What is scandalous is that 38% protect it with nothing, only 50% use a password and just 12% encrypt this information to protect it from falling into the wrong hands. This will delight the hacking community as many know it only takes minutes to crack most peoples passwords, allowing them to get easy access to the majority of these devices if all they have on them to protect the data is a password at the most!
When asked whether their organisation has policies or processes in place to protect customers personal data, a staggering 38% didnt seem to recall knowing if they had them in place or not, which invariably renders any that may be in operation utterly worthless or ineffective.
Adam Bosnian, vice president of products and strategy for Cyber-Ark Software commented, People increasingly understand the need to protect their data, but for some reason its not always top of the CISOs priority list and it should be. We have been blown away by these findings especially to discover that, with a 500k fine hanging over UK directors as of the 6th April, workers are walking about with unprotected customer records. Education is one piece of the puzzle in making sure that those people who do have access to privileged data are responsible with it and recognise the vital role they play in an organisations compliance obligations. Organisations also need to control privileged users and accounts to protect sensitive information, such as customer data, from navigating its way into the wrong hands. By having the tools in place that manages who has access to what data, and tools in place to keep track of what they do with it, organisations can regain control a pretty real need not only to respect the information but to avoid the hefty fines that will soon come into force.
Cyber-Ark advises that in order for organisations not to fall foul of the latest data protection act rulings, they need to implement, promote and enforce policies and procedures that control and manage who is entitled to access sensitive data, devices and networks and make sure that users are made aware of them. Users must also be made aware of what they are allowed to do and importantly what theyre not with customers personal data. Companies can keep track of whats happening to their customers personal data by performing audit reports of all activities within these privileged sessions. Following these simple processes will ensure that your organisation will be ready to meet the latest guidelines set down by the Information Commissioners Office.