In recent years, there have been a number of embarrassing, high profile data breach blunders. We all heard about the secret government documents detailing the UK’s policies for fighting global terrorist funding, drugs trafficking and money laundering, which were found on a London-bound train in June 2008. More recently, in 2011, Oliver Letwin faced fierce criticism after dumping documents on terrorism and national security into a bin in St. James Park in London, on no less than five occasions.
Whilst these extreme, high profile cases are rare, there are thousands of companies who have been found to mishandle confidential information relating to their customers. Indeed nearly half of the 500+ senior IT professionals surveyed for some recent research into data security admitted they had experienced a data breach.
Not only is it hugely embarrassing and damaging to the brand, but businesses also face harsh penalties if they fall foul of a data breach. Under the terms of the UK Data Protection Act, the Information Commissioner’s Office (ICO) has been taking a tougher approach to handing out penalties for information breaches in recent years, collecting a total of £2 million in fines from companies found to be in breach of data security since 2012.
In this growing information economy, an organisation’s biggest asset is the information it holds. But if private information is made public, or gets into the wrong hands, it can also be its biggest downfall. Business development, movement into new territories, and M&A activity all make the issue of protecting swathes of data increasingly complex. So what do security professionals need to do to ensure they’re spotting the gap in their company’s efforts to avoid the dangers?
1. Need to know – regulations
According to recent research, 65% of senior IT professionals find it difficult to comply with privacy and data protection regulations. With data privacy laws differing across the EU, it is not difficult to see why this is the case. IT security professionals therefore need to make sure they’re up to speed on every piece of legislation that gets passed and each regulation that is introduced so that they are empowered to react accordingly and mitigate the risk of data breach.
2. Stay on top of the security agenda
Simply put, security professionals need to make sure they are doing their homework. It is essential that security professions stay on top of what’s happening, who’s getting breached and how. For example, the most common data breach pitfalls amongst businesses have been found to be employees’ loss of a laptop or other mobile data-bearing devices. Are security professionals aware that this is the case, and if so, what are they doing to address the problem?
The onus is on the business to take an active interest in reading around the subject, attending relevant conferences and learning from their industry peers about how criminals, or indeed, well-meaning or malicious insiders, breach security and what can be done to mitigate the risk.
3. Communicate, communicate, communicate
Security professionals must ensure that they are communicating not only to their peers, but crucially, also the CXOs of the organisation in order to make sure that the right stops are being taken to protect the business from a data breach. The non-IT focused members of the board, such as the CEO and the CFO, also need to be kept in the loop if security professionals want to prove their worth and build a business case for investing in the technology or service needed to protect the organisation against damaging breaches.
4. Ensure the bottom line is protected
Security professional needs to ensure they are always thinking about the bottom line. There’s a fine line between dedicating huge amounts of resource to deploying security technologies or services, versus the risk of a potential threat to the organisation’s data occurring. The onus lies with the security professional to strike the right balance.
When an organisation’s biggest asset is the information it holds, it needs to ensure it’s doing everything it can to protect this asset to the best of its ability. This will help it avoid the pitfalls of a data breach. By following these simple tips, security professionals can make sure they are not leaving themselves open to attack.