Monday, 26 April 2010

Detica warns UK businesses that one of the greatest threats to their data is actually inside their own four walls from careless and ill-trained employees. The financial penalty for breaching the Data Protection Act (1998) recently increased a hundred fold, so businesses, now more than ever, need to take their data security seriously. Detica believes there is a three-pronged threat to personal data held by businesses from both outside and inside the organisation " maliciously entrepreneurial insiders are as much a threat as organised criminals where valuable personal data is concerned, not forgetting employees who work with this data everyday and have developed lax data management habits by sharing information too freely on-line.

Steve Daniels, Head of cyber security and information assurance at Detica explains how IT staff and system users who have access to the data everyday need to ensure it is looked after properly: "The real threat to a business's data comes from the "online generation' who grew up with the wild frontiers of the internet and social networking. They have seen an increasing acceptability in sharing personal information via social networking, blogging and online gaming sites that fits less well at work".

"This ethos of openness in which we increasingly operate is not necessarily a bad thing; however, it can lead to some people finding it hard to cross the cultural divide into a suitable rigorous personal data handling environment. This in turn can spell bad news for organisations if these employees do not grasp the importance of securing personal data."

Daniels comments: "If someone steals or loses personal data from the business it can not only mean a fine of up to 500,000 for breaching the Data Protection Act, but also lasting public damage for the company with customer desertion." With human error the greatest risk of all, it is vital for businesses to make changes to their data security processes quickly and effectively. Daniels believes that this doesn't necessarily mean huge extra costs to businesses but can in fact be as simple as ensuring that all IT and system users have dedicated training and guidance.

This training and guidance can only result in business data being secured if a lean approach to information assurance is adopted. Lean means that a rigorous focus is maintained on managing security, which can only be realised if the systems are simple for users to work with. Product-based solutions typically fail when people and physical considerations are then overlooked and complex new hardware or software are installed without considering who will be using them and how. Information security must not be seen as simply a "bolt-on' or a "hygiene factor' to the risks, as a look at the complete picture " as well as its individual components " is necessary to ensure maximised protection.

With Information Security Awareness Week taking place this week (26൦ April 2010), Detica is warning businesses to look at protecting their data by focussing on the internal threat, as well as the external threats, when building its security improvement and compliance programmes. Detica has issued two white papers " the first, Data protection compliance: fix your roof while the sun is shining, helps to shed light on the ways firms are falling foul of data security and provides invaluable solutions that will also generate benefits beyond simply complying with the Act. The second, Cyber security and information assurance: time for a lean approach, considers the necessity of shaping the approach to information security in line with the business importance of, and risk to, the business.

Detica will be exhibiting at Infosecurity Europe at Earls Court, London this week, 27൥ April on stand J102.