Infographic: How to protect data from an accidental information security breach


With the UK workforce still under instruction to work from home wherever possible, the concept of how to ensure cyber and information security is changing before our eyes.

So we conducted research amongst 2000 people in the UK working at home due to Covid-19 to understand their attitudes and behaviours to data protection and information security.

Scroll down to see the full research results in our Infographic

The results reveal that the threat of an internal information security breach has never been higher.

Nearly three quarters of respondents (72%) said they need to access, share and receive sensitive customer information to do their job.

And yet 1 in 4 claim they ‘rarely or never’ consider data protection issues when sharing information and 1 in 10 UK home workers have little to no understanding of their company’s data policies at all.

Unfortunately, it gets worse…

Not only is this information being shared freely and without a second thought to its security, it’s potentially being placed into systems that have not been subject to the organisation’s procurement process – over a third (36%) of UK home workers have downloaded unapproved software onto computers to communicate with colleagues during COVID-19 homeworking.

This threat isn’t malicious. The people mean the business no harm. But it only takes one mistake by one employee and the business is left wide open to a data breach, which has the potential to do massive reputational damage.

So what can organisations do to protect themselves from these risks?

Gain visibility over where your data is and secure it at the source

When the perimeter no longer exists, and people are using shadow IT, the best way to protect the business against a breach is to define the information security policy and secure the data itself.

This starts by gaining total visibility of data at scale, because when an organisation knows exactly what data it has, where it is and who has access to it, data security becomes much easier. By knowing what data is in the estate, organisations can identify areas where remediation actions can be taken, which dramatically reduces the risk of data being compromised.

But they have to go further…

When you consider that remote working isn’t ‘the norm’ for everyone, and a lot of organisations will have had new starters who didn’t have time for a full induction with training before lockdown, organisations need to do more to promote good data governance as part of business-as-usual.

When organisations have better visibility over their data, they can spot anomalous behaviours and implement automated workflows that nudge people to do the right thing with data; to share and store it in a safe and compliant way.

When the world has changed, change with it

At a time when organisations are already being pushed to pivot and change what ‘business-as-usual’ looks like, the added pressure of how to mitigate the additional risks that remote working creates is no doubt causing a few sleepless nights for data security and governance professionals.

The challenge organisations face is that we’re all operating in a new, unknown working environment. And despite remote working not being ‘the norm’ for many, every home worker is doing everything they can to ensure they are as productive as possible.

But, in simply trying to get on as best they can, they might be leaving their business exposed.

Clearly organisations can’t lock their data up in an impenetrable vault – to do so would put a halt to business-as-usual, and that’s going to cause a whole raft of other issues.

But shifting the focus from protecting the perimeter to monitoring data, changes the mindset around securing data. Now, the combination of knowing the data better, reducing the amount of unnecessary data within the estate and targeted education of employees to change their behaviour, enables the data itself to be secured.

With data security embedded into business-as-usual, organisations can allow their remote workforce to get on with their jobs, with the knowledge that the business is protected.

How to protect data when remove workers breach information security