The General Data Protection Regulation (GDPR) has been covered extensively over the past year and has come to sit at the forefront of employees’ mind. Having been implemented on 25th May 2018, the stories are dying down and it is now ingrained in day-to-day operational processes.
Two months down the line, however, has GDPR made an impact on the way organizations think about data?
Our latest Clearswift Insider Threat Index (CITI) research, which surveyed 400 senior IT decision makers in organizations of more than 1,000 employees across the United Kingdom, Germany, and the United States, suggests that it has made more employees aware of handling data sensitively, with the insider threat going down to 38%, a 4% decrease, in the UK. The trend continues when looking at the extended enterprise, with our research revealing this has gone down by 8% since 2017, now sitting at 65%.
In addition to the UK insider threat falling, Germany also presents the same trend, with employees being held responsible for 75% of cyber incidents, down from 80% last year. However, in the United States, a country outside of the direct GDPR jurisdiction, the insider threat is still on the rise with 80% of cyber incidents occurring due to the extended enterprise.
These findings suggest that EU countries are more aware of the insider threat, and organizations have taken action to ensure their employees are becoming better data citizens post-GDPR. While the threat is going down, it remains to be a high figure and the top cybersecurity threat to businesses. Therefore, organizations must continue with efforts to secure data and ensure that this trend continues year-on-year.
Employees in every department hold some form of sensitive data and GDPR has been instrumental in getting this message across. However, now the regulation has died down from the headlines, it’s important that the message does not go by the wayside and old habits start to creep back in. Regular training seminars and tailored data security workshops will help keep employees up to date about how to safeguard the data they handle and motivate them to continue to care about the ramifications of a breach.
Follow the data protection plan
All the hard work to build an information security plan in preparation for GDPR should not go to waste. Compliance is ongoing, and processes will need to change with the business. Ensure employees are continuing to follow the plan and know how to report any incidents that occur. While the plan may change as the company learns from the different security challenges, it is important to ensure that any amends are communicated to staff and all are following protocol, whether that is reporting an insider incident or how they should be handling data on a daily basis.
Invest in data protection technologies
Whilst the risk of employees handling data has reduced, human error is still inevitable and the insider threat still remains high. To protect your organization from the insider threat, Clearswift’s Adaptive Data Loss Prevention (A-DLP) solution has the ability to inspect all content coming in and going out of the organization – whether through email or the web – to prevent any sensitive information being shared or exposed unauthorized. The document sanitization and adaptive redaction features ensure that GDPR compliance is upheld by scanning all emails and documents flowing in and out of the business, detecting and removing only the critical information which could cause a data breach. With this technology, businesses can ensure that critical information isn’t being sent inadvertently – or maliciously – by staff, and that unwanted inbound data acquisition is prevented.