Foolish behaviour with information

As it’s April and we’ve just had April Fool’s Day in the UK it’s relevant that we all think about some foolish behaviour that some employees could have that could land them and your organisation or company in a spot of bother.

What do I mean?

Perhaps you deal with very confidential or sensitive data and you have an employee who thinks it’s a good idea to be nosey and have a look at someone’s record.

Their thinking… “it can’t harm anyone; I’m only look not changing anything”. Somewhat foolish if their job does not require them to look at those records.

Perhaps the foolishness for the organisation comes in if there are no procedures or measures to prevent them looking at the records; you don’t have effective role-based access controls (commonly written as RBAC) in place. 

Or… an employee tries to be helpful to customers but doesn’t follow a procedure to extract a customer’s specific details or letter and inadvertently extract a number of customers details/letters and send these. They aren’t being malicious but are being foolish.

This then leads to a data breach that the organisation has to handle and may lead to disciplinary action. It would be likely to lead to a procedure review, perhaps monitoring of other employees work (never a happy situation in a team) and all because the employee didn’t follow the correct procedure.

In these brief examples, one is an affirmative action by the employee (they chose to do this) and one is inadvertent (they thought they were doing the right thing). But both have repercussions.

So, there’s a reason to have procedures and controls in place, adding in random spot checks and access audits helps reduce the number of times these foolish actions may happen.

You can get in touch with DT Information Governance if you would like some help or advice.