Am I going. To be in serious trouble?

[Whitewhite]

I started a new job this week and have been in training. I was given training documents which was emailed to my work account. I’m working from home and the training has been intense and technical.

I wanted to print the documents so I could sit and read them on the couch tonight. I couldn’t link my printer to my work laptop so tried to send the documents to my personal email to print this way.

The email was blocked and an automatic email sent from IT saying I’d breached rules. Now I’m so worried that I’m going to lose my job.

I work for a bank brand new job and was so looking forward to it. Now I’m worried I lose it.

I genuinely didn’t know I was breaching the rules. I just wanted to print the manual to try and read and study to get my head around it.

I also flat out refused to see a client because she was an absolute witch and made my cry once. I wouldn’t deal with her after that and told everyone why. If I seen her walking through the door, I would get up and walk away, as I wasn’t dealing with her. I refused. No one says a peep to me!

I don’t think this is a big deal. Easy mistake, very low risk content etc. Good you’ve emailed your line manager, but I really think it will be fine. Try not to worry

@gg12346

I did the same thing and I contacted my boss and explained him .Take a video or picture on phone instead :)

DO NOT DO THAT!! That would also be a security breach.

Don’t take videos or pictures! Honestly. Just ask for a paper copy to keep at work to go over in your break times .

Have you done your training on the companies IT policy and data protection? If not, use that as your excuse (totally legitimate). They can't fire you if they haven't given you the training or policy and you couldn't reasonably be expected to know something was against their rules and imo, sending something fairly generic to a personal email account is ok, so I may have done it too.

Printing may not be an issue.

The problem is definitely sending it to your personal email.

If you haven't done the compliance training yet they will most likely let you off.

Try not to worry.

Do not even login to your personal email on your work machine though either.

@NotFabulousDarling

In banking this is a major confidentiality error and they come down pretty heavily on that sort of thing. Sorry, I know that's not what you want to hear. If you explain they may let you off. When I worked in banking, we even had separate "confidential" rubbish bins for confidential waste so it didn't end up in landfill, that's how seriously they take this sort of thing.

You probably work for the same bank as me. We have information classification on every document. If the document is "public" you can in theory send it to your own email, but we were told within a week of starting that a breach of confidential or internal documents could mean instant dismissal. They always look at the detail and the impact, it's quite clear you've just made an error. It also makes a difference if you're a contractor particularly in IT, guy who got fired sent himself half the code base, which he can take straight to the competition. A training manual, not so much.

Your manager will also have got the notification. It’s good that you contacted them and explained? You won’t get the sack in this situation.

Don’t do it again though & pay attention to all the mandatory trainings.

Is this your first time working in a bank / regulated industry? I assume so. I hope so for your sake as it you're experienced in the industry, you did an incredibly stupid thing. Throw yourself on the mercy of your line manager. And at the same time, ask which mandatory training you should be prioritising but get through it all asap so you understand the implications of your employment and don't make any more silly mistakes.

Some posters are saying it's fine, no big deal. I disagree. Depending on the bank you work for, it can be a VERY big deal. I've been in banking for many many years and restrictions are far stricter now than they have ever been. But even years ago emailing work documents to a personal email was always a massive no-no. Where I work now, you would be in serious trouble. I'd suggest you check to make sure your contractual documents don't include anything about this as it may be that you have already signed that you understand the policy you just breached.

Finally, many banks will insist you don't have printed work documents at home. They stay in the office (in a locked drawer etc when you're not there/away from your desk). I know people who have a spouse / flatmate who work for a competitor and they have got into serious trouble for taking work documents home. You're new. You need to err on the side of caution at all times until you fully understand what you can / cannot do.

@HundredMilesAnHour

Is this your first time working in a bank / regulated industry? I assume so. I hope so for your sake as it you're experienced in the industry, you did an incredibly stupid thing. Throw yourself on the mercy of your line manager. And at the same time, ask which mandatory training you should be prioritising but get through it all asap so you understand the implications of your employment and don't make any more silly mistakes.

Some posters are saying it's fine, no big deal. I disagree. Depending on the bank you work for, it can be a VERY big deal. I've been in banking for many many years and restrictions are far stricter now than they have ever been. But even years ago emailing work documents to a personal email was always a massive no-no. Where I work now, you would be in serious trouble. I'd suggest you check to make sure your contractual documents don't include anything about this as it may be that you have already signed that you understand the policy you just breached.

Finally, many banks will insist you don't have printed work documents at home. They stay in the office (in a locked drawer etc when you're not there/away from your desk). I know people who have a spouse / flatmate who work for a competitor and they have got into serious trouble for taking work documents home. You're new. You need to err on the side of caution at all times until you fully understand what you can / cannot do.

Have you read the thread? I assume not.

Don’t worry , we have this at our work. Just explain and you will be fine x

You won't lose your job, you might need to talk to compliance.

Just tell your manager - you're training from home and it was easy to do and was blocked and no one had told you not to so no problem.

Not a big deal

@NotFabulousDarling

In banking this is a major confidentiality error and they come down pretty heavily on that sort of thing. Sorry, I know that's not what you want to hear. If you explain they may let you off. When I worked in banking, we even had separate "confidential" rubbish bins for confidential waste so it didn't end up in landfill, that's how seriously they take this sort of thing.

Most workplaces that any sort of user data or even just facts and figures or planning documents have as confidential waste bin.

On another note, the email was blocked so you're fine. You might get IT giving you a warning but I can't imagine it would be any worse than that.

Honestly, it's not something you are supposed to do but it will be an automatic email and they can see what is in the email which is training material. You might not have even got to the part of the training covering information security yet.

You won't be in trouble, but you now know you can't do it.

I also work in Financial Services and not InfoSec but similar role.

Please don't worry, you won't lose your job. If asked just apologise and move on. You could email your team leader and apologise in advance but I doubt it will even have been passed on to anyone.

Likely it's also flagged you attempting to connect a non work printer as well, so be prepared to be asked about that too. So I suggest, if you haven't, explaining that too.

I worked in IT in the NHS you wouldn't believe the number of times I had an email flag for people connecting unknown devices and contacting personal email accounts; all were blocked and I ended up sat in many meetings "defending a silly policy"

Do you work for a certain asia focussed bank? If so don’t worry the email is a prompt for IT to ask you if you need your settings changed.

It will be fine easily explained it is for security purposes.

Hehe this couldve been written by me.
About a month ago a was given emergency access to support a couple of residential care facilities outside my usuals.. needed to write up case notes..I couldnt do this from the office, tried to enter my newly obtained details and got an alert saying :denied access/various senstive info stuff..
Had to handwrite notes in coms book instead (oldschool-even screenshot it as I was worried!)and then attempted too login again from home couldnt even get past the initial username so completely frozen out with alert again. Let regional coordinator know. Told me to contact tech support and that i cant do sensitive work based CMS stuff from home(&laughed, reminding me of key company ethos of worklife balance).
Turned out Id be coded into into the wrong residences-so was rectified once further security checks had been verified..everyone was completely understanding and apologetic that id been inconvenienced-nice!
Different work to you but surely people will cut a newbie some slack!

It’s a training document. I Imagine it’s an automatic email. Try not to panic, I genuinely don’t think it will be a problem.

I work in a similar field and sending any docs from work to private email is a security breach. Because it's much much easier to hack into [email protected] than it is to hack into www.bank.com.

However it's to protect convidentisk and client data, I doubt they would be as concerned if internal training material was released into the public domain.

I'm a systems director who designs these rules.

Your action has triggered an automatic SOC alert, as your organisation disallows forwards and that is built into their information policies.

My company deals with a lot of highly sensitive information, so we have blanket policies in place that disallow forwarding, no matter the nature of the attachment.

The S&C admin will be able to see what you've tried to forward - clearly, as it's not a client's data file, you won't lose your job.

Just email your manager, explain what you did, and ask for advice on the IT policy, as working remotely has required a slight relaxation of rules in some instances.

And for those saying the manager will also have got the notification - unless they are part of the SOC monitoring distribution list, no, they won't.

These are IT policies that are generally triaged by IT - unless they are high-level alerts that need to be escalated to senior leadership, it would be vanishingly unlikely that anybody outwith IT would ever know anything about low/medium-level alerts.

Just to be clear OP. I worked in finance and there were certain files I would be in major shit if I did what you did. However there is no way I would have had access to those files straight away and by the time I did have access I would be very very aware of the security involved in handling them. If you've recieved no training in this kind of thing it's likely that you're not going to be handling anything sensitive in the near future. The files were low risk and no one is going to think this was a deliberate or negligant security risk.

It's an issue we've had to deal with more when the company has recruited managers and staff from non regulated environments. I once had to report when I was copied into something and noted half the addresses on the circulation were hot mail accounts. This was sensitive client and customer data. There was no indication that anyone was doing it maliciously in order to commit fraud etc but as PP says, the email accounts are not secure.

In that case, no-one lost their job OP and it was an actual breach. They just got told not to do it and why. Though the manager did argue about it as he couldn't see the problem and it was very convenient for staff who didn't have a company mobile and laptop...