MHC: Businesses most concerned about staff as source of data breaches
More than three-quarters of Irish businesses are most concerned about their staff being a potential source of data security vulnerability, according to a survey conducted by business law firm Mason Hayes & Curran LLP.
The firm surveyed over 200 respondents from industries such as technology, financial services, retail, telecoms and education at a recent webinar looking at data security in both the EU and the US and how organisations can protect themselves from potential fraud and data breaches.
The vast majority (77 per cent) said staff were their biggest concern, followed by IT at 12 per cent and processes at 11 per cent.
Oisín Tobin, partner and technology sector lead with Mason Hayes & Curran, said: “The survey shows that ensuring staff are properly trained and supported has never been more important in terms of protecting data.
“People can be your first line of defence against fraud or malicious attacks, so if staff aren’t properly trained and don’t have access to up-to-date data security policies, they will be more vulnerable to potential frauds or scams that may compromise sensitive data.
“Organisations may spend a good deal of resources on security software, but the training of staff in customer-facing roles is invaluable in terms of avoiding fraud.”
The survey also suggested that notifiable data breaches are on the increase, with over a third (36 per cent) of respondents notifying the Irish Data Protection Commissioner or another privacy regulator of a breach in the last 12 months.
Mr Tobin said: “Data breaches will happen, so the most important thing is for organisations to be proactive and report quickly to the DPC, ensuring compliance with the 72 hour rule.”
Most respondents (63 per cent) said they felt that EU and US data laws will converge over the next five years, though Mr Tobin said “that doesn’t mean that organisations should ignore the current laws”.
“Whether that is GDPR in the EU or the differing laws at state level in the US, you should seek to ensure compliance in order to avoid fines, reputational damage or litigation,” he said.