UK News

Are your employees a threat to your cyber security?

July 2019

Unintentionally, many employees introduce malicious software into work systems that can attack and expose confidential information.  According to a recent survey from security firm RiskIQ, over half of employees in the UK that use personal devices for work also use the same devices to download or stream material from pirate sites.  These sites normally provide unauthorised videos, movies, television shows or software and can contain malware (malicious programmes such as computer viruses) which can ultimately infect and compromise work data. 

While IT professionals within companies will have their own guidelines on how best to manage the technical side of things, prevention is always better than cure.  What could employers and HR be doing to mitigate these risks?

1.  Ban the use of personal devices

Is a ban on “BYOD” (bring your own device) to work realistic? Unless your employees work with classified data, such a ban is likely to be hugely unpopular. Many employees may elect to check their emails on a personal device from home. However, this can be prevented through denying server access to these devices or enforcing the policies mentioned below. 

2.  Ensure employment policies are appropriate and up-to-date

These policies should include:
 
“Acceptable Use” policy.  This provides guidance on connecting personal devices to the IT systems at work and the employee's personal responsibilities.  It would cover:
  • Data protection accountability.
  • Prohibitions on certain electronic communications including harassing, discriminating against and bullying other employees
  • IT security including securing the physical device.
  • Prohibited Internet usage. 
  • Prohibitions on downloads.
A “Social Media” policy.  This may need to be updated to cover the use of BYOD, if implemented.
 
A “Monitoring” policy.  Generally UK employees have a legitimate expectation of privacy at work and employers need to clearly state the purpose behind any monitoring of emails, and Internet usage (see article here).  To comply with the Information Commissioner's codes of practice on data protection (which assist employers in their compliance with data protection legislation), employers should also explain the company-wide benefits of such monitoring to their employees.

3.  Live and breathe those policies

It is important for HR and IT to work hand-in-hand to protect their organisations.  Educate employees on the risks of downloading data from pirate websites and train them on your policies and their importance.

How can we help?

Abbiss Cadres offers a unique blend of skills to enable businesses to tackle complex employment-related issues such as data protection.
Our expert team can help you:
  • Draft or update your online security policies;
  • Ensure you comply with the Information Commissioner’s codes of practice; and
  • Prepare and conduct communications geared toward employees.

If you have any questions, or to discuss how we can help you, speak to a member of our employment team on +44(0)203 051 5711 or email us.

 

Disclaimer

Content is for general information purposes only. The information provided is not intended to be comprehensive and it does not constitute or contain legal or other advice. If you require assistance in relation to any issue please seek specific advice relevant to your particular circumstances. In particular, no responsibility shall be accepted by the authors or by Abbiss Cadres LLP for any losses occasioned by reliance on any content appearing on or accessible from this article. For further legal information click here.

Circular 230 disclosure

To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this article (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.