Record Data Breaches: Is Your Team Secure?

Concept of hacker. Man steals personal data, Internet security.

Employee data breaches have hit a six-year high, revealing urgent security challenges for organisations navigating hybrid and remote work

CREDIT: This is an edited version of an article that originally appeared in Personnel Today

Breaches involving employee data surged dramatically in 2024, reaching the highest level in at least six years. According to a new analysis by law firm Nockolds, reports to the Information Commissioner’s Office (ICO) increased by 14% year-on-year, climbing from 3,208 incidents in 2023 to 3,679 in 2024.

This alarming trend highlights a growing challenge for employers: how to protect sensitive employee information in a world where hybrid and remote work are now the norm.

What’s Driving the Rise in Breaches?

Nockolds attributes the increase largely to the sustained shift toward remote and hybrid working models, which, while offering flexibility, have created significant gaps in data protection protocols. Inconsistent security measures across personal and corporate devices, combined with a rise in device mobility, have made it easier for both cyber and physical breaches to occur.

Key challenges include:

  • Weakened device security in remote setups
  • Lack of consistent access controls across personal and professional environments
  • Increased risk of physical loss or theft of devices while commuting or working from public spaces

Phishing Attacks on the Rise

One of the most concerning developments is the sharp spike in phishing attacks aimed specifically at employee data. The report shows that phishing-related incidents increased by 56%, from 486 cases in 2023 to 758 in 2024. These attacks often come in the form of fake emails or messages impersonating HR, IT, or other trusted departments. The goal? To trick employees into revealing login credentials, payroll data, or other sensitive information.

For people leaders, HR professionals and operational managers, these findings are a call to action. Employee data breaches don’t just damage your organisation’s reputation – they can lead to regulatory fines, loss of employee trust and significant legal and financial consequences.

Reassess Your Remote Security Policies
Ensure all devices – whether company-issued or personal – have appropriate cybersecurity protection. This includes up-to-date antivirus software, firewalls and VPN access. Encourage employees to avoid using unsecured public Wi-Fi for work purposes.

Protect Devices in Transit
Remind staff to keep work devices secure when commuting. Encourage the use of device tracking tools and encrypted hard drives to protect against physical loss or theft.

Prepare for the Worst
Have a clear breach response plan in place, including a communication protocol for informing affected employees and reporting to the ICO. Regularly test this plan with simulated scenarios.

The increasing sophistication of phishing attacks, paired with the challenges of a mobile and remote workforce, means managers must take an active role in safeguarding both their people and their information. It’s no longer just an IT or HR issue. It’s a leadership one.

Don’t forget to follow us on Twitter like us on Facebook or connect with us on LinkedIn!

Be the first to comment

Leave a Reply