How To Educate Your Employees When Handling Sensitive Data

Strategies to prevent internal cyber security threats

Data protection. The two words on everyone’s mind lately. Many businesses have become more cautious about the issue and taken preventive measures in handling their customers and their personal data. However, accidents do occur and electronic data can be compromised despite how much action was taken to prevent it.

Malicious activities such as hacking or socially engineered malware are the most mainstream security threat, however they are not the only source of threat to stay vigilant for. Sometimes the biggest harm can come from inside the company.

Take the case of insurance giant AIA who was recently fined SGD $10,000 by the Personal Data Protection Commission (PDPC) in Singapore as a result of programming error in its software system which auto-generates letters and were mistakenly sent out. System or device error is not an uncommon issue where problems in the program code could cause it to reveal personal data to incorrect third parties.

Similarly, Grab Singapore was also fined for accidentally leaking its customers’ data in an email marketing campaign which they claimed was caused by human errors due to the erroneous assembly of customer information taken from multiple database tables.

So how can we go about this seemingly impossible task of ensuring that your members’ data are securely safeguarded when even large MNCs and SMEs fail to do so? Interestingly, there have been many articles that point to human error or employee negligence as the root cause of most data breaches. But for small nonprofits or organisations it is understandable that at times, there is just not enough manpower nor resources to go around and carry out certain tasks, thus require the help of their members or volunteers to step in. Unfortunately this poses a great data security risk as accidents could stem from this and jeopardise confidential membership data.

So we’ve picked out the best and most effective tips suggested by the PDPC Singapore that you can implement into your organisation and educate your members on better conduct of handling sensitive information. All these to mitigate the risk of human errors and their consequences.

#1 Managing and Preventing Misdelivery

Misdelivery happens when employees accidentally send emails containing personal information to the wrong recipients. This form of security breach accounts for around 62% of human error in the healthcare sector alone. Although this is one of the hardest forms to avoid, it is preventable.

Hence when it comes to emails, precautions should be taken especially because volunteers can sometimes be the ones drafting and sending them out. One option is to consider encrypting emails that contain sensitive information. If this is not an option, organisations should reconsider their use of email to communicate sensitive information.

#2 Restricting Access Control

Not every member will require access to information. By merely allowing only authorised or elected members to retrieve data because they absolutely need to will significantly reduces human error.

For example, in the case of many nonprofits where volunteers have to help take attendance during events to log hours, only one individual should be assigned to this task and given access to names and information of all the participants and ensure that no other unauthorised users are able to access it. Using the bantu Workspace is one platform that organisations can restrict access control by setting a password.

#3 Safely and Properly Dispose of Personal Data

What happens when an organisation no longer needs the personal data of their members? When it comes to physical or paper-based data it is easy to ensure they are properly disposed of by simply shredding them. But electronic data is a little more complicated. A common misconception that clearing files in the recycle bin will destroy is completely is in fact false as the files still exist on the computer hidden from view and the use of certain data recovery software can retrieve such ‘deleted’ files.

Therefore, specialised software should be used to overwrite and permanently erase all electronic data. Alternatively specialised appliances can be utilised to destroy devices that magnetically recorded data such as hard disk drives. In extreme cases where the data is sensitive, it could require the physical destruction of the media itself to ensure it no longer work thus remains inaccessible. This could include cutting up CDs and DVDs, or physically damaging hard disks.

If a community management system (CMS) seems like something your organisation would benefit from at this point, check out bantu Workspace, a CMS that has features including skill based member matching, automated thank you messaging, role specification, and a unified dashboard and records page for your organisation and individual members.