INSIGHT Tony Pepper - Egress
“Even before COVID-19 and large-scale remote working, human error was one of
the primary causes of data breaches.“ Tony Pepper, CEO - Egress
How working collaboratively, but
safely, has never been more important
We are witnessing a scale of home working on a level that we’ve never experienced before. And as organisations,
under government guidance, empower staff to work remotely wherever possible, concerns around how they can
continue to keep data safe and secure will be front of mind. Tony Pepper, CEO of Egress, explains
In the initial scramble to
get organisations fully
operational in the new reality,
as well as support ongoing
healthcare eorts in the ght
against COVID-19, the
Information Commissioner’s
Oce (ICO) recognised
that some organisations may
struggle to uphold all data
protection rules – for example,
response times to Subject Access
Requests may be delayed and
more data may need to be
shared with healthcare providers
and government bodies.
However, the importance of
securing personal data remains
clear.
Likewise, the Financial
Conduct Authority (FCA)
is working closely with
Government, the Bank of
England and the Payment
Systems regulator to take
the necessary steps to ensure
customers are protected and
markets continue to function
well. It is advising rms to
take all reasonable actions to
meet the regulatory obligations
which are in place to protect
their consumers and maintain
market integrity.
As organisations and
employees have settled into this
new way of working, we’ve seen
that even routine tasks such as
sharing large les or accessing
sensitive information via the
company network can be
dicult to complete while still
adhering to company policy.
Employees might be looking
for ways to send multimedia
les or are suddenly having to
share more, and dierent, data
via email. Using insecure le
transfer solutions can lead to
mistakes and loss of control,
and ultimately potential
breach incidents. In addition,
organisations need to consider
where data is being hosted
when they upload to the Cloud,
particularly considering more
stringent data residency rules as
part of GDPR.
ese companies continue
to struggle to get everything
in place, and in the meantime,
this creates an environment
where workarounds and shadow
IT have crept in “just to get
the job done”. After all, when
productivity is at risk, security
will often take a backseat.
From individual employees’
perspectives, our routine way
of working has changed. ere
is a blurring of the boundaries
between home and work leading
to more people communicating
beyond their normal working
hours and from smaller screens
(mobile devices, laptops, etc.),
trying to maintain productivity
at usual standards or having to
amend their routines around
personal circumstances, like
childcare. In this disruptive and
highly stressed environment,
the likelihood of people making
a mistake when sharing or
collaborating on sensitive data
increases.
Even before COVID-19 and
large-scale remote working,
human error was one of the
primary causes of data breaches.
Figures published by the ICO
and obtained by Egress last year
found that 60% of personal data
breaches in the rst half of 2019
were the result of human error.
What can organisations do?
• Look for security software
that doesn’t hamper
productivity - Right now,
employees are feeling
increased pressure to prove
their productivity. If you’re
nding yourself selecting new
solutions, it’s never been more
crucial to select technologies
that don’t add dicult extra
steps for them or anyone
they’re working with outside
the organisation.
• Choose collaboration/
productivity solutions that
have security baked into them.
• Automate security wherever
possible.
• Engage employees over
security best practices -
Phishing is a good example
of this.
• Look to AI and machine
learning to help solve
advanced risks - Use cases
like conversation hijacking,
misdirected emails or people
attaching the wrong les
to documents can now be
mitigated by intelligent
technology like contextual
machine learning, which
determines what “good
security behaviour” looks like
for each individual, and alerts
them and administrators
to abnormal incidents –
eectively stopping breaches
before they happen.
• Implement no-fault reporting
- People often don’t report
security incidents because
they’re concerned about
the repercussions. Where
it’s appropriate to do so,
implement no-fault reporting
to encourage individuals to
report incidents in a timely
manner.
18 | Comms Business Magazine | June 2020 www.commsbusiness.co.uk
/www.commsbusiness.co.uk