Common Workplace Errors That Could Result In A Data Breach


Common Workplace Errors That Could Result In A Data Breach

According to the Cyber Security Breaches Survey, 43% of businesses in the UK have experienced a breach or an attack in 2018¹. Data breaches are incidents where information is stolen from a system (both virtual and physical) without authorisation. Typically, criminals steal data that is sensitive or confidential, this can include:

  • Credit card details

  • Financial records

  • Bank documents

  • Medical documents

  • Employee records

  • Legal paperwork

  • Trade secrets

To protect all users, in May 2018 the EU rolled out the General Data Protection Regulation. The GDPR was introduced as a piece of law affecting EU countries to help safeguard personal and business data.

Regardless of the GDPR introduction, many people were already attuned to cyber-attacks. The media has reported hostile breaches from various EU countries year on year, meaning cyber security is not a new concept. However, many people forget that physical data (such as paper documents and reports) present criminals with the opportunity to steal data too.

With 90% of data breaches caused by human error², this article will reveal common mistakes in the workplace that could leave data vulnerable.

Physical data breaches

Uncontrolled access to data

Whilst many businesses and organisations want to trust all employees, leaving files and records exposed can result in a data breach. It is best practice to lock confidential or sensitive data away to prevent it from being stolen or leaked.

Neglecting security procedures

Often, employees can feel under pressure in a working environment and corners can be cut to improve efficiency. However, failing to follow the correct security procedures can leave private letters, documents and files vulnerable to exploration. 

Disposing of documents incorrectly

Hard copies of information are part and parcel of any workplace. Whilst most data is now virtually stored or sent, there will always be a need for paper documents such as letters, reports and employee records. However, these will unlikely need to be stored safely forever. Simply tearing up documents and putting them in the recycling is not enough as fragments of paper can be pieced together easily.

It is best practice for the majority of workplaces to invest in a paper shredder. This ensures that all sensitive documents are destroyed into small, undecipherable pieces.

There are a variety of different shredder security levels to suit all homes, businesses and organisations. All Rexel paper shredders are categorised by their DIN security level which is shown as a P-rating; this refers to the number of pieces a document is shredded into. The higher the P-rating, the higher the level of security as the document is shredded into smaller pieces.

For workplaces that want peace of mind that data is destroyed effectively, then a Rexel AutoFeed paper shredder would be an ideal solution. Some larger AutoFeed shredders have a PIN lock feature for added security. They also allow users to.

  • Shred up to 750 sheets of paper in one go (depending on the machine)

  • Automatically start shredding by simply shutting the machine’s lid

  • Save time spent on shredding by 98% compared to manual feed shredders³

Organisations and businesses that collect, store and manage person data have a legal obligation to safeguard the information. Rexel AutoFeed shredders allow users to dispose of sensitive data quickly (compared to manual shredders) and ensure documents are destroyed following GDPR best practice.

Cyber security attacks

There are four broad categories of cyber security threats. These are:

  • Ransomware – malicious software, typically via email, that doesn’t allow access to a computer until a ransom is paid

  • Malware – programmes or files that are harmful to a computer, including spyware, worms, trojan horses and viruses

  • Social engineering – manipulating individuals into revealing confidential information or performing actions

  • Phishing – criminals disguise themselves as legitimate entities to try and obtain passwords, card details etc

Whilst sometimes there is nothing a business or organisation could do to prevent a cyber-attack, there are scenarios where they have been made possible due to human error, such as:

Weak passwords

The easiest way for a criminal to hack into a system and steal data is password cracking. Dates of birth, spouse names and the unsecure ‘12345’ have a high-risk factor and can easily be hurdled. Furthermore, one generic password shared by employees or letting colleagues know a password can lead to data being stolen too.

Inept data care

Some businesses and organisations will handle large volumes of data day in, day out. It is inevitable that people will make mistakes, but these could be costly. Transferring data, sending to the incorrect email address or attaching the wrong file could lead to security breaches.

Failing to update

Unless a computer automatically updates its security software, chances are employees will put off making changes to their system as they are engrossed in work tasks. However, neglecting update notifications can leave machines vulnerable to attacks which could have easily been avoided.

Poor security awareness

An easy way scammers catch employees out is via the sending of malicious emails. Some people are not aware of these criminal emails and some correspondence looks so legitimate people do not deem them dangerous. It is not until users click the links supplied in these emails that they realise they are harmful.




    1. Evaluating AutoFeed Shredders. Prepared for ACCO Brands by Deep Blue Insight