Almost 100 HMRC staff disciplined over computer misuse, FOI reveals

Staff dismissed over misuse of emails, computer equipment and social media

HMRC

HMRC has issued 92 disciplinary notices to members of staff as a result of computer misuse over the last two years, according to data released as part of a Freedom of Information request.

Covering the years 2017-18 and 2018-19, the results of a Parliament Street think tank (FOI) request showed that the number of disciplinary actions had increased with time, with the most common offence being that of "misuse of email".

Figures specifically detailed the number of first warnings, final warnings and dismissals given to employees relating to misuse of email, computer equipment, telecommunications, social media and other internet services.

The offence that led to the most dismissals was the misuse of computer equipment, resulting in eight dismissals in 17-18 and between one and five in 18-19.

Advertisement
Advertisement - Article continues below

Where results amounted to less than five, the exact figure wasn't issued due to fears that the individual may be identified, an eventuality that could breach GDPR and therefore ommitted under section 40(2) of the Freedom of Information Act 2000.

The most common offence committed over the two financial years was 'misuse of email', resulting in 25 written warnings, including both first and final, being issued by the UK's tax collector to its employees.

There was a sharp rise in social media offences in 18-19, leading to nine written warnings compared to zero in the previous year.

What constitutes "misuse" isn't clearly defined in HMRC's reply to the FOI request, nor is it clear what the specific offences were to warrant each type of disciplinary action.

What's encouraging is that in nearly all areas, except for social media, the number of disciplined offences appeared to decrease or stay the same which indicates that employees might be becoming more aware of how their actions could lead to damaging data breaches.

"Tackling employee misuse of IT systems should be a top priority for all public sector organisations, particularly those which handle the financial data of millions of people," said Christy Wyatt, CEO at Absolute Software.

"This kind of activity often involves individuals abusing access to personal information and in some cases sharing it, leading to a potential data breach. Organisations like HMRC need to adopt an enterprise resilience mindset not only around potential bad employee behaviour, but fortifying their overall security posture and risk management profile."

It also appears that HMRC doesn't have to issue warnings before ordering the dismissal of staff. Taken from the 17-18 figures, the number of written first warnings given to staff was less than the number of issued dismissals for the same offence in the same year.

According to a 2017 report, 74% of enterprise cyber security incidents can be attributed to insider threats such as employees, so having a robust disciplinary framework for public sector IT misuse is in HMRC's best interests.

The threat of data incidents from rogue employees is still as high today as it was in 2017. A report from Deep Secure indicated that more than half of UK employees would be willing to steal and sell company data on to third-parties. A quarter of respondents said they could be swayed for as little as 1,000.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019