In 2017, the City of Calgary was sued for $92 million and accused of breaching the privacy rights of more than 3,500 employees.
A city employee sent an email to another city sharing personal information of over 3,500 employees that included info from as far back as 2012.
The personal information included medical records, insurance accounts, addresses, and dates of birth.
The lawsuit alleges that the city acted with obvious neglect.
It also says that thousands of city employees are at risk of identity theft, and employees are humiliated since medical records were exposed.
The lawyer for the city employees claimed the incident “creates a lot of anxiety.”
According to the city, the incident occurred when an employee was seeking IT help from another city.
The data was sent to both the person’s work and personal email addresses.
The City of Calgary apologized for the “human error” in releasing the data.
The truth is, human error is the biggest cyber security problem.
And employees are the biggest risk when it comes to data breaches.
According to researchers from Stanford University, approximately 88% of all data breaches are caused by an employee mistake.
About 45% of employees say distraction is the main reason for falling victim to hackers and about 57% of remote employees say they are more distracted working from home.
To make matters worse, these days, more employees are using shadow IT to do their work.
Shadow IT is when employees use unauthorized technology to get around their IT department and their security protocols.
Some employees use shadow IT when they think their employer’s rules are too restrictive.
Now, using shadow IT is nothing new.
For instance, when Wi-Fi first came out many employees used wireless access without their IT department’s knowledge.
Of course, IT professionals eventually figured out how to secure Wi-Fi.
But today, shadow IT use is on the rise, and it’s estimated that 30% to 40% of IT spending is related to shadow IT.
Considering this, here are a few ways shadow IT use could be affecting your personal data security.
The biggest reason that shadow IT is increasing is because more people are working from home.
When employees work from home it’s easier to stay clear of the policies put in place by the IT department.
So, an employee can likely get away with using unauthorized technology when they are at home, compared to doing it at the office.
Research estimates that COVID led to a 50% increase of shadow IT use.
Technology makes it easy:
Technology is getting easier to use, and you don’t have to be a genius to understand a lot of IT these days.
For example, if an employee wanted to use a particular program but the IT department didn’t allow it, they could use cloud accounts to work around the restrictions.
The IT department wouldn’t even know the program existed or that the employee was using it.
A 2020 study showed that 80% of employees admitted to using unauthorized software for work.
Assume it’s happening:
Since it’s so easy to use shadow IT, every employer should assume it’s happening. It’s unrealistic for any company to think it doesn’t occur.
The best method to stop employees from using shadow IT is to educate them on how dangerous it is.
Since shadow IT doesn’t include security measures put in place by companies, they are more likely to fall victim to cyberattacks.
Unfortunately, 60% of companies don’t have methods to catch or block shadow IT.
So, most employers won’t be able to detect who or how often it’s being done.
The biggest risk with employees using these methods is that it can expose the company to hacking.
And like Calgary, Canada, the company could face lawsuits and penalties.
There will always be some employees who ignore the rules. But being educated on the risks to yourself, your coworkers, and your company is vital.
And if your employer doesn’t have protocols in place to catch or mitigate shadow IT use, it’s worth suggesting it to them, if for nothing else than your own personal data security.