It was only in February 2019 when it was reported an EE customer was being stalked by someone who worked in the company for over a year and accessed her personal information without authorisation.
She first contacted the telecoms firm after her phone failed to receive any network signal, and after five days of this issue, was advised to visit a technician in-store. After replacing her handset and SIM-card, she then called the company to register her new details and immediately recognised the customer service advisor’s voice, a disgruntled ex-partner who worked in one of the high street stores. Considering the possibility all of her calls and messages were being monitored by him, she called the network’s complaints department with hopes of resolve. Although a complaint was filed, the harassment did not end there.
After failing to take the right course of action, the EE employee continued to harass her by calling and texting her incessantly. Once he started showing up unannounced at her new home address, she knew he had access to her personal data without her permission. The EE employee continued to visit the victim unannounced, and after fearing for her safety and privacy, formally filed a police report. However, it was only after several tweets she posted going viral EE finally took her complaint more seriously.
An EE spokesperson admitted internal policies were not followed and was being dealt with accordingly. The result? The employee was let go.
In the UK, under the Data Protection Act and GDPR, it is illegal for anyone to access personal information without consent. This incident not only could have been detrimental for the customer and her wellbeing but the business and its brand reputation.
This begs the question, do employees genuinely understand the importance of data protection and the severe consequences if policies are not followed?
A culture of security
Many organisations fail when educating their employees on the importance of security but need to be resilient and reflect on their company culture to evade cyber attacks. From the boardroom to the mailroom, organisations need to transform how employees look at security.
For many businesses, the majority of responsibility falls onto the IT department to keep data secured, without the help of their peers. Not only does it make it difficult for cybersecurity professionals to do their job correctly, but also makes it difficult for the rest of the organisation to truly understand the dangers of data protection and poor data management, especially if it doesn’t affect their 9-5.
In the past, we’ve seen businesses try to combat this level of siloing by sharing security checklists and rules to abide by without the proper schooling needed to educate employees on the impact of poor security practices across the business. Companies must promote a culture of security where employees view security in the same light as necessary daily activities.
Here are a few top tips on how to get your organisation to adopt a culture of security:
- It starts in the boardroom: The CSO must educate leadership, and illustrate the dangers of inadequate security measures to the boardroom through evaluating risk and brand reputation
- A champion of security: The CSO will need to act as an ambassador, leveraging soft skills to raise awareness and become approachable to all areas of the business
- Technology and training: HR must work with the IT department to host regular training sessions on tools, processes, as well as raising awareness on cybersecurity employees who could help when issues arise
Tackling cybercrime is tough but not impossible. For this initiative to be successful it requires a combination of technology and a culture of security at every level.
Steve Cook, VP of Business Development (EMEA) at FaceTec
- We’ve also highlighted the best secure drives to help keep your business data protected on the go