The number of incidents reported to the Information Commissioner’s Office (ICO) in the second quarter of 2020 has increased by over a thousand in comparison to Q1.
In the previous report for Q1, there were 1446 reported incidents, including 412 cited as cybersecurity events. However, for Q2, there were 2594 reported incidents, which included 737 cybersecurity events, including 258 for phishing, 152 for ransomware and 190 for unauthorized access.
Among the non-cybersecurity incidents, there were 402 instances of data being emailed to the wrong person, 266 of data posted or faxed to the incorrect recipient and 141 of loss or theft of paperwork or data left in insecure locations.
With the “non cyber-incidents” still fairly prominent, Infosecurity asked speaker and author Raef Meeuwisse if he saw this ever reducing. “Whenever you get down to trusting human actions, you will always get a certain amount of human error,” he said. “Most enterprises now have various process and technology safeguards in place to reduce the possibility of human error – but there is only one way to totally get rid of human error – and that is to get rid of all the humans.
“The safeguards most enterprises have mean that although data emailed to incorrect recipient was high in terms of numbers of incidents, in most of the cases, it should not have been any significant number of records that were exposed.”
Meanwhile, Rick Goud, CEO and founder of Zivver, predicted that this type of “non cyber-incident” will become a bigger issue due to an increased digital workforce. “Digital transformation will most likely continue in 2021, but if transformation does not go hand-in-hand with providing employees with the right tools to make better decisions, many companies will see a significant increase in data leaks,” he said.
Also, considering that 141 incidents were due to loss or theft of paperwork or data left in insecure locations, how much of an issue has the move to remote working had? Goud said: “In Q2, people suddenly had to work from home, still were printing stuff, but had no place to securely dispose of the information. I expect this to drop in 2021 as people will adapt to the possibilities of digital and will print less or fax less, because both habits – and also company policies – will change.”
Meeuwisse agreed, saying that the downside to working from home is that if you need to print something out, you are no longer doing so in a secure work location.
He said: “For example, your home may not have a shredder, or lockable desk drawer and not everyone in your household may understand the significance or sensitivity of any document that is lying around. The trick is to keep printing to a minimum, keep any confidential or sensitive material locked away and always shred or burn confidential documents once they are no longer required.
“You may be in your own home – but that does not mean that everyone around you has the same understanding and regard for the materials you may need to use for your work. Most ‘loss or theft’ incidents involving confidential documents in home environments are accidental – but such incidents can be embarrassing and difficult for the employee and his, her or their company.”