24% of UK employees have shared confidential business information, according to new research carried out by Data Privacy and Risk Management company Egress. In the survey of 2000 workers, Egress found that while much of the leakage was accidental, many have purposely handed over information to competitors or new employers.
Where errors have happened, workplace culture has played a huge part. 37% don’t always check emails before sending them, and 68% of email mistakes are caused by rushing, 8% after consuming alcohol. 42% blamed autofill for selecting the wrong email recipient.
40% accidentally insulted the recipient or included rude jokes, swear words or risqué messages, meant for someone else. 46% of respondents said that they had received a panicked email recall request.
Frighteningly, almost 10% said that they had leaked some of the most vulnerable data as attachments, such as bank details or customer information.
Proving that organisations must ensure all employees are trustworthy, half of all survey respondents said that they would delete emails sent in error from their sent folder in an attempt to cover up their mistake. This would mean that businesses may not find out about a data breach in time to minimise damage.
Tony Pepper, CEO of Egress reminded companies of the vulnerability of email, “Leaking confidential information can amount to a data breach.” In his statement, he prompted companies to by mindful of the coming GDPR, which will herald big changes in the data protection practices and breach management of companies. Under GDPR, organisations need to disclose data breaches within 72 hours.
All employees are under a legal obligation not to share confidential information, regardless of whether it is stated in their contract. But when the employment ends, ex-workers have no legal requirement to remain vigilant.
In the wake of the data breaches to NHS, Netflix and Yahoo, many companies are more mindful of the external threat to data protection, and cyber technology can help mitigate this risk. But this new research shows that companies need to be on their guard from privacy threats from employees, both accidental and malicious.
Companies must ensure that employees are thoroughly screened pre-employment, and that existing employees are aware of their obligations to data protection. Meticulous attention to data security begins on the inside.