Jonny Harrison is sailing to Australia from the UK via the Panama Canal before he starts work in Sydney on a secondment at his firm PricewaterhouseCoopers »
Andrew Hebden is Assistant Editor (Business) of The Journal »
Katie Pringle has started her own business, Rock, Paper, Scissors »
Andrew Mernin is the Digital Journalist for nebusiness »
Matthew Rippon is an IP lawyer for BHP Law »
Formerly editor of a national business lifestyle magazine, Jez Davison is a business writer for the Evening Gazette in Teesside »
Ross Smith, Head of Policy and Research at the North-East Chamber of Commerce »
Julian Christopher from Footprint Public Relations, on media and marketing »
Norma Foster from the North East Regional Portal writes about e-business »
Ian Brown, Northumberland farmer and businessman writes about the agricultural industry »
Accessibilty Champion Steve Wilkinson on the importance of inclusion »
Andrea Wilkinson of Shared Interest is visiting Rwanda to deliver business training »
Jonathan Wheatley from Stokesley-based MC Ware writes about IT matters »
Paul Williamson from Deloitte »Waterstons' executive consultant, John Prescott talks about the recent information security blunders...
It has been widely reported that it has cost the taxpayer £2.25 million just to send a letter of apology to everyone who’s affected by the loss of two HMRC CDs containing 25 million child benefit records. The potential long term cost is yet to be confirmed especially if the data gets into the hands of organised criminals and we may not see the impact of this for years. It isn’t just limited to government agencies as we hear about banks that have lost laptops containing customer details on the hard disks, yet we still see a large percentage of businesses not setting measures to protect sensitive data from leaving an organisation into an unsecured environment. This can include: clients personal information, intellectual property documents and precious client relationship information that forms the lifeblood of any business.
I would ask anyone that reads this how easy it would be for an employee of your business to leave an organisation to a competitor taking with them a copy of your CRM data. The embarrassment for any organisation that loses data in this manner seriously affects its credibility as a business. Would you bank with an organisation that lost your personal data?
Many, if not most businesses think that protecting the desktop with the latest anti-virus or malware application and file permissions are enough to prevent data leakage. The mistake with that assumption is that you are not considering the human element. How many of us have sent a print job to the wrong network printer realising it was sensitive data and had make a run for it before anyone sees it? or copied company data to a USB memory stick without thinking it could be easily lost or stolen? How many of us have sent sensitive information to external organisations via e-mail forgetting that e-mail is unsecured?
Businesses should start to think long and hard about the measures they can take to prevent data loss through poor human judgement. With the latest modern technology there are so many easy ways to transport data such as e-mail, webmail, Peer 2 Peer applications such as Bit Torrents, Instant Messaging, Internet File Transfer, Wi-Fi, USB, CD, DVD, printers, fax, and removable storage such as memory sticks but how secure is the transportation?
There are extrusion prevention systems that can prevent unsecured data transfer. These systems can track unauthorised data movement automatically alerting higher management when attempts have been made to do so. Volume copies of data can be alerted on, so for example if an employee is tries to copy all of the server's shared folders onto his/her laptop the activity is completely recorded and reported.
Clearly the key with any security system is that it should not affect staff from performing their normal job function, however the system should help prevent them from making poor judgements that can potentially be catastrophic to a business. The extrusion prevention systems are a positive step towards addressing this whole issue and if implemented within the context of an information security framework such as ISO 27001:2005 then disasters such as the HMRC affair can be avoided and tangible benefits can be realised such as enhanced business profile and information security assurance.
- Post to:
del.icio.us
Digg
Newsvine
Nowpublic
Reddit
« Previous | Home | Next »