According to recent data, the private sector lags behind with regards to data protection, while public sector organisations lead the way. David Cowan explains how firms can improve their IT security and avoid losing money, clients and reputation.
A recent survey commissioned by the Information Commissioner's Office (ICO) revealed that there is a remarkable difference between the public and private sector's approach to Information Security. The data contained in the research carried out by Social and Market Strategic Research (SMSR) showed that, in fact, the public sector was much more awar...
Just one. But this is not a joke.
A simple mistake caused by the recipient auto-complete function within an email client resulted in Gwent Police committing what has been referred to as the first major UK data security breach since the new regulations introduced by the Information Commissioner's Office came into force in April this year. What is of particular interest about this case is that a breach of this scale (10,000 records) and gravity (the data leaked involved personal and sensitive information) occurred within a police environment which allegedly had strict policies and procedures...
As the Treasury announce cuts amounting to £6.25bn, £95m of which deriving from a reduction in IT spending, attention is once more directed towards outsourcing as a means to reduce IT expenditure. But Information Technology stores and processes large amounts of personal, sensitive and confidential data, and when it comes to the public sector it can have a very high level of sensitivity, hence a lot of trust is bestowed upon personnel that have access to it. It is already difficult to place confidence in in-house staff, due to the high number of data breaches that are perpetrated...
It looks like NHS trusts are starting to realise that Information Security is not just a matter of using complex passwords, locking drawers at the end of the day and installing the latest firewall and antivirus solutions. The Information Commissioner has been particularly critical of the NHS in the past due to a high proportion of security breaches as a result of inadequate Information Security controls and staff awareness programmes. The result has been an NHS wide initiative to ensure all removable media including laptops and USB drives are encrypted. However, this may not be enough. As r...
Every so often a multinational corporation with an image to protect or a public sector organisation that the public are supposed to trust find their lackadaisical approach to information security horribly exposed. The media kick up a stink, various experts are wheeled out to pass comment and we all gasp in horror at the weighty fine imposed - or in the case of the public sector, look on disapprovingly as they humbly promise never to do it again.
Then, after they stump up the cash, all is quickly forgotten until the next time. The question we have to ask, given the propensity for carbon cop...
Most will know what has befallen HSBC in recent weeks, for those who don't, the bank's seemingly wanton data loss culminated in a £3.2 million fine, along with a well deserved hammering in the press.
Of course, it could have been a lot worse. The fine itself was reduced from £4.5 million by the FSA as HSBC did not contest the ruling and in all honesty, either amount is small change to an organisation of the size of HSBC. In fact, for HSBC a data loss like this is not quite the catastrophe the media might be making it out to be. Talk of their customer base deserting them in drov...
Windows 7 came firmly onto the radar last week as Microsoft made Release Candidate 1 available for general download. In doing so, they're following a new path - firstly by making a Release Candidate so publicly available and secondly allowing people to use it unfettered until 1st March 2010. That's a long time for a free (albeit non release) operating system. Many IT departments will view the release with mixed feelings. On the one hand, it gives even less reason to consider a move to Windows Vista, but on the other reinforces the fact that Windows XP is mortal and entering its twilig...
An interesting article on the BBC website today which shows how critical a good security culture is to an organisation. An external consultant, through social engineering techniques and bags of confidence managed to gain unauthorised physical access to a company's premises and from there, very quickly, access to sensitive documents. He then repeated the feat at the BBC's request, and this time gained access to user accounts and passwords just by pretending to be an IT support engineer.
The episode is enlightening. Everyone assumes the Internet is full of bad people, and therefore the...
The problem with most security companies is they are very product driven - you name your security problem, and they can sell you a product to fix it. Whilst it's always tempting to think that you can fix a problem by buying something from a catalogue, the reality is often very different. Take the current hot potato of regulatory compliance, e.g. Sarbanes Oxley. If you believe the marketing, you can identify any number of products which will solve your SOX problems for you, which completely ignores the fact that compliance is all about opinions - specifically, convincing the relevant auditor...
