March 02, 2020

Making Information Security Part of Employee Culture

Digitisation is increasing the amount of personal data being transmitted at a faster rate, which in turn is growing the risk of security lapses or breaches.
Educated, reliable employees who channel the information flow play an important role in this data management process.
With this being said, each member of an organisation needs to be kept in the loop of the latest developments in information security and data protection.

The Need to Educate on Data Protection 

Several headlines in the past year have made it clear that many data breaches occurred due to a combination of malicious social engineering and human error.
In December 2019, ST Logistics, a vendor contracted by Singapore’s Ministry of Defence (MINDEF) and the Singapore Armed Forces (SAF), suffered a catastrophic data breach1 which led to personal details belonging to 2,400 service personnel being leaked. Investigations later found that the breach was caused by successful phishing attacks, involving malware on the email accounts of ST Logistics employees.

Making Security Part of Employee Culture

Regulation bodies such as Singapore’s Personal Data Protection Act (PDPA) and the EU’s General Data Protection Regulation both regulate how organisations manage data.
Leaks in personal data can have adverse consequences for organisations ranging from severe financial penalties to reputational damage and related losses. It is therefore vital that organisations take steps to educate their employees on information security and data protection in order to safeguard their company’s interests. 
As a result, data protection is something that employees should treat as a not only a series of legal obligations that need to be adhered to, but as a personal responsibility.
This requires organisations to adopt a holistic approach to data protection and not simply leaving the task to the appointed Data Protection Officer (DPO).
More needs to be done; in addition to formalising company policies and data security processes, regular training programmes should be executed to help employees familiarise themselves with their responsibilities towards safeguarding personal data.
Additionally, businesses can go that extra mile by educating employees to spot phishing mails, and how to secure confidential material stored on physical mediums such as hard disks or written down on paper.

Protect Your Business Today

Everyone in an organisation plays a part in protecting their customers’ data and ensuring the organisation is in compliance with the PDPA and GDPR. Learn more about how Shred-it can be a part of your organisation’s data protection measures and secure your documents and hard-drives by contacting us for a free quote and a security risk assessment.

This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.


1 TODAY Online. (2019). Personal data of 2,400 Mindef, SAF personnel potentially affected by data breach [ONLINE] Available at: [Accessed 3 Jan 2020]