Information Security Breaches: Are you prepared?

Posted  July 14, 2014  by  Jenny Green

It is public knowledge that breaches of information security are on the increase. You only have to tune into the news to hear daily stories about lost or stolen personal and private information. This affects us all. With the increased use of technology to communicate and transport our personal details, it is inevitable that breaches are going to occur, accidentally or by design. The technology that helps us also makes us incredibly vulnerable. Our personal information is out there in cyberspace whether we like it or not.

The Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights in the public interest, follows closely the trends in statistics for data breaches reported to them. Its latest figures show that 25% more incidents are being reported to its office, a trend revealing that breaches are occurring more frequently.

Certain sectors continue to report more incidents than any others: the health sector has the highest number of breaches, followed by local government.

With Shred-it’s latest Security Tracker survey revealing that less than half of SME business owners are ‘very aware’ of legal requirements surrounding confidential data, it is well worth taking a look at the ICO website to brush up on any knowledge gaps.

The ICO website has comprehensive and detailed information on what security measures an individual or organisation should take to protect personal data they hold. There is an excellent guide on security breach management, and what you should do if you lose personal data.  The ICO’s Data Sharing Code of Practice (the statutory code approved by the Secretary of State) also gives a full explanation on how the Data Protection Act applies to sharing of personal data.

As a starter, here are just some of the simple actions you can take to protect personal and confidential data in your business:

  1. Keep only the information that you need for your business
  2. Only collect essential data and always obtain consent for any information collected
  3. Limit access to all sensitive information (paper or electronic)
  4. Ensure ALL data is stored in a secure and confidential place
  5. Have a workable document management system in place and make sure staff know how to use this
  6. Encrypt data stored on your networks, staff laptops and remote access devices
  7. Train all staff in your company’s security measures and systems, and e-mail etiquette
  8. Don’t allow staff to share passwords
  9. Install a firewall, anti-spyware tool and virus-checking on all your computers/laptops
  10. Take regular back-ups of the information stored on your computer system, and keep this in a separate, secure place
  11. Have a plan in place on how to deal with a security breach if one does occur
  12. Shred all confidential paper documentation when you have finished with it or use a reputable shredding company to dispose of all your information safely
  13. Remove all personal and confidential information before disposing of old computers – the safest method is to physically destroy the hard drive
  14. When e-mailing, always check the names of the recipients before sending, especially if using a group e-mail address
  15. If you want to send an e-mail to a recipient without showing their address use blind carbon copy (bcc) not carbon copy (cc)
  16. Sensitive information should never be sent via fax – use a courier service or secure e-mail instead

For more advice and information you can download our comprehensive guide to information security management and compliance.

Request a Quote

Fill out the form or call 0800 197 1164 to start protecting your business today!

Select Service

Company info

Your info

Additional Info