11 Mistakes Employees Can Make When Sharing Personal Data

With data breaches on the rise and data management under the spotlight with the arrival of GDPR, data security is a key issue that organisations are tackling to ensure they are compliant with GDPR. Employees play a huge part in achieving this. Here are 11 Mistakes Employees Can Make When Sharing Personal Data:

1. Sending personal data to the wrong email address

Everyone has done it. Sent an email then realised it went to the wrong person. Without care, employees can accidentally send personal data to the wrong email address.

2. Sending personal data on an email attachment that is unsecured

Are your employees sending any personal data on email attachments? Are the attachments password protected?

3. Taking Data Home on a Laptop or USB

How many times have we heard news reports of lost or left-behind laptops or USB sticks with personal data, account details, financial, health information on them?

4. Using Personal Email Accounts to Send Data

Are you 100% sure employees are not using any personal email accounts to send data to partners or suppliers?

5. Transferring Sensitive Information Using Unsecured Communication Channels

Could your employees be using messenger or software chats to send personal data that might not be secured?

6. Sharing Work Devices and Data with Non-employees

Often employees who work at home sometimes let their family use the laptop. Can people access data if they are not authorised?

7. Using Personal Devices

Many employees now use personal devices to check work emails, access work platforms, etc. How can you ensure that the devices are safe and secure? What happens if they leave the company and still have access on their devices?

8. Sharing via Cloud Drives

Are your employees using Google Drive or Dropbox or other cloud based drives to share any data on customers etc? You cannot be 100% sure that data stored on these cloud services is stored in the EEA so unless your employee knows for a fact where the location of their shared file is and can 100% be sure that all fully encrypted levels are in place then this could open your company up to problems.

Recommended reading: The Truth About Google Drive and GDPR

9. Leaving Confidential Information Unattended

If an employee leaves confidential information on screen unattended, anyone – other employees, office visitors, even cleaning staff could steal that data by taking a picture with their phone. Are all work computers set up with privacy screens to go on if left unused?

10. Receiving Data from Suppliers or Partners in an Unsecured Manner

Suppliers and partners may not send data securely so employees might end up receiving personal data files in an unsecured way

11. Leaving Your Organisation and Leaving With Data

If an employee leaves your organisation, have their personal devices been cleared of any contact to company data? If not, that information could still be on their device and able to be accessed.

Why Employees Don’t Comply with Security Procedures

It helps if you understand why employees choose not to comply with security procedures.

A CISCO survey revealed that 44% of employees would share information in an unauthorized manner as they “needed bounce ideas off people” while 30% said they “needed to vent”, and 29% didn’t believe they were doing anything wrong. Here are some reasons why employees may not comply:

• Sometimes employees just ignore security protocols to save time or just because they can.
• Employees often share their work device with family members, as it’s cheaper that buying one for themselves.
• Disgruntled or unhappy employees may intentionally put company data at risk.
• Another common problem is that employees often prefer to use their own personal email accounts, even if doing so violates company policy.
• Sometimes data security is so stringent and un-user-friendly that people look for ways to save time, especially if they are under pressure to deliver.

Recommended reading: How to Avoid GDPR Fines with These 10 Quick Steps

What helps with employees and data security?

1. Secure sharing using a system that avoids the problem of stolen laptops or lost USBs.
2. Putting clear data retention policies in place so that data isn’t kept longer than it should be.
3. Assigning and managing privileges for access to personal data and ensuring ex-employees no longer have them once they give notice.
4. Staff training to emphasise good practice and behaviour
5. Continuous monitoring of laptops and devices being used for work.
6. Exit procedures for employees leaving the company to make sure access is revoked and personal devices are disconnected

And of course, we might be a bit biased but Rinodrive can help with all of these issues and help organisations implement best practice around GDPR and data management.

Recommended reading: How to Take Control of the Personally Identifiable Information You Handle

What are your thoughts on employees and how they share data? Have you had any instances of these mistakes happening and how did you deal with them? Tell us your thoughts in the comments below. 

Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).