26 Apr 2010 | Ref. 082/2010
In Information Security Awareness Week, Detica warns businesses to protect their data by focussing on the internal threat as well as the external
London, United Kingdom: Detica, the business and technology consultancy, warns UK businesses that one of the greatest threats to their data is actually inside their own four walls from careless and ill-trained employees. The financial penalty for breaching the Data Protection Act (1998) recently increased a hundred fold, so businesses, now more than ever, need to take their data security seriously. Detica believes there is a three-pronged threat to personal data held by businesses from both outside and inside the organisation; maliciously entrepreneurial insiders are as much a threat as organised criminals where valuable personal data is concerned, not forgetting employees who work with this data everyday and have developed lax data management habits by sharing information too freely on-line.
Steve Daniels, Head of cyber security and information assurance at Detica explains how IT staff and system users who have access to the data everyday need to ensure it is looked after properly: “The real threat to a business’s data comes from the ‘online generation’ who grew up with the wild frontiers of the internet and social networking. They have seen an increasing acceptability in sharing personal information via social networking, blogging and online gaming sites that fits less well at work”.
“This ethos of openness in which we increasingly operate is not necessarily a bad thing; however, it can lead to some people finding it hard to cross the cultural divide into a suitable rigorous personal data handling environment. This in turn can spell bad news for organisations if these employees do not grasp the importance of securing personal data.”
Daniels comments: “If someone steals or loses personal data from the business it cannot only mean a fine of up to £500,000 for breaching the Data Protection Act but also the lasting public damage for the company with customer desertion.” With human error the greatest risk of all, it is vital for businesses to make changes to their data security processes quickly and effectively. Daniels believes that this doesn’t necessarily mean huge extra costs to businesses but can in fact be as simple as ensuring that all IT and system users have dedicated training and guidance.
This training and guidance can only result in business data being secured, if a lean approach to information assurance is adopted. Lean means that a rigorous focus is maintained on managing security, which can only be realised if the systems are simple for users to work with. Product-based solutions typically fail when people and physical considerations are then overlooked and complex new hardware or software are installed without considering who will be using them and how. Information security must not be seen as simply a ‘bolt-on’ or a ‘hygiene factor’ to the risks, as a look at the complete picture - as well as its individual components - is necessary to ensure maximised protection.
With Information Security Awareness Week taking place this week (26th – 30th April 2010) Detica is warning businesses to look at protecting their data by focussing on the internal threat, as well as the external threats, when building its security improvement and compliance programmes. Detica has issued two white papers, the first, Data protection compliance: fix your roof while the sun is shining, helps to shed light on the ways firms are falling foul of data security and provides invaluable solutions that will also generate benefits beyond simply complying with the Act. The second, Cyber security and information assurance: time for a lean approach, considers the necessity of shaping the approach to information security in line with the business importance of, and risk to, the business.
Detica will be exhibiting at Infosecurity Europe at Earls Court, London this week, 27th – 29th April on stand J102.
About Detica
Detica specialises in collecting, managing and exploiting information to reveal actionable intelligence. We use this capability to help government and commercial clients reveal intelligence, maintain security and strengthen resilience in today's complex operating environment. We also use our skills to assist clients with other information-intensive problems such as achieving regulatory compliance and understanding customer behaviour. Detica is a BAE Systems company.
Detica and Detica Limited product names are registered trademarks or trademarks of Detica Limited in the UK and in other countries. Other brand and product names are registered trademarks or trademarks of their respective companies. Detica Limited is registered in England under number 1337451 and has its registered office at Surrey Research Park, Guildford, England, GU2 7YP.
For more information:
Rachel Ringstead:
020 7853 2289
rachel.ringstead@porternovelli.co.uk
Nick Scargill:
020 7853 2308
Nick.scargill@porternovelli.co.uk
