Data leaks: three of the most important human causes

The GDPR and the UK Data Protection Act 2018 require that companies and institutions report data leaks quickly and thoroughly, or face severe consequences. In the first half of 2019, 4856 data leaks were reported to the UK's Information Commissioner’s Office (ICO), 60% were the result of human error.


Recently we spoke with Jaap Nieuwmeijer, coordinator information security at Partners voor Jeugd (a Dutch institutions), on the increased focus on data leaks. The time wherein a public prosecutor got away with just a simply warning about leaving a computer with sensitive information in the garbage bin, is long gone.
According to Jaap, the reason for this, is that our awareness concerning the consequences of data
leaks has grown. Additionally lawmakers wants to increase this awareness, and protect the European
citizen using the General Data Protection Regulation (GDPR). If your company cannot verify that
sufficient measures have been taken to prevent a data leak, not only a will your reputation be
damaged, but will also receive a warning and/or a high fine.



What is the most important cause for a data leak?


Let’s first determine what a data leak actually is. A data leak originates when sensitive personal
information ends up in the wrong hands. When thinking about data leaks, most people think about
hackers that loot some badly protected database. However, in actual practice most of the time
human errors are the reason for a data leak. Mistakes and sloppiness occur due to a high workload,
and data leak is hardly ever on purpose. Based on a risk analysis, Jaap Nieuwmeijer has identified the
three most common causes for the leaking of sensitive personal information.


Sending an email to the wrong person


Everybody has done this at some point in their life. You want to send an email to Jimmy. You open
Outlook, type in Jim and the email program adds the name. But when you press Send you suddenly
realise that you have sent the email to the wrong Jimmy.
If this message contained personal information, it is a data leak. The annoying thing about email is
that you cannot really recall a message once it has been sent. At the same time, you are lawfully
obliged to confine the implications of a leak. There is nothing else to do than to call the receiver and
ask him to erase your message. Your reputation fully rests in their hand and that is not where you
want it to be.


Misdirecting an envelope


We are living in the digital era. However, we still send a lot of documents by snail mail. As a security
consideration we sometimes even sent digital files by ordinary postal mail. In most cases this goes
flawless. Sometimes however, somebody puts the wrong label on an envelope or puts a document in
the wrong envelope. In both cases we are speaking of a data leak. You only notice this type of data
lake when the receiver gives you a call; again your fate and reputation fully rests in their hands.



Losing your phone


A third common leak occurs when someone loses their mobile phone. A phone gets easily lost and
contains lots and lots of personal information, think about personal addresses, emails and
documents. Nowadays most phones are protected with a passwords, but unfortunately this
protection is insufficient. Sometimes you can erase your phone remotely but this does not give you
100% certainty and is only possible when the phone has a network connection. Fortunately most
new phones have some type of encryption that automatically encrypts your saved data.



How do I prevent these and other data leaks?


As you can see: accidents happen. The results however can be quite substantial. As already stated
before, now that the GDPR has come into force, a leak results not only in (significant) loss of
reputation, but also in a high fine. That’s why you as a CISO have to do everything in your power to
prevent this. On the one side this means creating a sense of awareness amongst your fellow
employees. In most cases your laptop will automatically encrypt all saved data, but if your laptop bag
contains a notepad with personal information, a leak can still occur. The exchange of files through
public services can also be a potential risk.


On the other hand, it can be wise to install software that operates in the background and assists your
colleagues in making the right choice. Keep in mind that this will only contribute to a safer working
environment if the software does not impede the user in doing his job. If employees have to perform
extra measures, like manually encrypt their files, they will experience this security as a burden. This
will result in your colleagues evading these measures and looking for other alternatives.


We communicate using different devices through several channels. Solid security software therefore
has to protect different channels of communication, like email and chat, on both desktop and mobile
devices. Moreover, an extra form of authentication is needed in order to ensure that only the
intended recipient is able to see and/or read your message. If your software also gives you the
possibility to remotely withdraw email messages, you comply with the GDPR, which obliges you to
take action to prevent data leaks and to reduce any consequences of a leak.



Checklist GDPR


We have described all the necessary steps you have to take in order to meet the GDPR legislation in
our checklist. This document elaborates on things like creating a processors agreement, getting
permission for processing personal information and security measures that have to be taken.

GO TO THE GDPR CHECKLIST

RELATED
Sales_Channel_UK_Email_Security_DPA

ZIVVER set to expand its sales channel for email security in the UK

Fresh off a media tour to support the recent launch of ZIVVER’s secure email and file transfer solutions in the United Kingdom, ZIVVER is poised to announce new channel partners shortly. These partners will help support the company’s aggressive growth strategy in 2020 and beyond. […]

Read more
FromAtoZivver

Cybersecurity Awareness Month: Email and File Transfer Security

When people think about email security, they typically associate it with widely reported hacking incidents, often nefarious in nature. These breaches tend to be higher in profile for a multitude of reasons, but actually account for a lower percentage of data breaches overall. For many organizations, the biggest threat to protecting privacy-sensitive data simply comes […]

Read more
How_does_the_Data_Protection_Act_2018_DPA 2018_supplement_the_GDPR_in_he_UK_ZIVVER_EN_blog

How does the Data Protection Act 2018 supplement the GDPR in the UK?

Overview:  Makes the previous data protection laws fit for the digital age when an increasing amount of data is now being processed. Empowers individuals to take control of their own data. Supports Organisations and UK businesses with this change. Ensures the UK is ready for the future after BREXIT. DCMS Secretary of State, Matt Hancock stated: "The Data Protection Act […]

Read more
All_it_takes_is_one_human_error_to_compromise_your_organizations_reputation_blog_zivver

All it takes is one human error to compromise your organization's reputation

Professionals understand the value of their companies' reputation. Firms with a powerful and positive reputation attract better employees, partners, and clients. They're regarded as offering additional value, which usually allows them to impose a premium. Customers tend to be more dedicated and purchase broader ranges of services and products. As the industry believes […]

Read more
Your_Success_our_primary Mission_The Customer Success team_ZIVVER_EN_blog

Your Success, our primary Mission! - The Customer Success team

At ZIVVER the success of our customers is paramount! Our purpose is to add real value to your organization. That’s nothing new, but now we even have a dedicated Customer Success team to help you achieve your desired goals with our product.  […]

Read more
Corporate_guest_branding_secure_email_powered_by_ZIVVER_but with_your_organizations_visual_identity_blog_eng-1

Corporate guest branding: Secure email powered by ZIVVER but with your organization's visual identity

Your organization has its own visual identity and naturally wishes to have it reflected in all its products and services. That includes the secure email environment provided by ZIVVER. Therefore, organizations can personalize ZIVVER's guest experience in several ways.  […]

Read more