April 21, 2015

Information security on the manifesto

Only two weeks to go until voters make their voices heard in the General Election 2015. There’s one topic that isn’t getting as much air time as the others, but it’s a subject that affects all of us, as individuals and as business owners, employees, customers and clients - and that’s information security.

Our 2014 Information Security Tracker found that one in three small and medium sized business owners say that the Government’s commitment to information security needs improvement. And even more worryingly, despite the average data breach costing over £2 million, nearly half of which is accounted for by lost business, almost a third of UK SMEs (30%) do not have an existing protocol for the storing or disposing of confidential data, or know if one exists. Parliamentary hopefuls therefore need to put information security at the top of the agenda if they are elected in May so that all all organisations in the UK put the sensitive information of their customers, clients and employees to the forefront of doing business. 

Shred-it’s Executive Vice President, EMEA, Robert Guice has also called for the new Government to give greater powers to the ICO, which is responsible for enforcing the Data Protection Act, to ensure that information security remains a priority for business owners.

“The repercussions from a data breach can be devastating from a reputational, financial and legal perspective. But small business owners need help and it’s clear that the Government could be doing more – not only to educate but also to enforce the law,” he said.

But in the run up to the election, we also have some words of warning for the wannabe MPs themselves. Some of their predecessors have made embarrassing slipups by not taking better care of confidential information. Last year, fifty-two phones were misplaced in the House of Commons, alongside six laptops and ten iPads, according to a report by CBS Butler. Imagine all the sensitive data such as personal details, meeting notes or payroll information, that could have been exposed!

That’s why we’ve developed these tips to ensure our parliamentary hopefuls avoid any scandals or security breaches!

  • Do not commute with your head in the clouds!: Leaving behind a laptop or files while travelling is a potential risk for MPs while commuting. In 2008, a senior intelligence officer left confidential documents on the train. To avoid this mistake, keep an eye on your belongings – and if the worst should happen, make sure you have security measures in place, such as protecting your laptop and other mobile devices with a password. Think about bringing any sensitive documents back to your workplace where they can be securely stored or shredded.
  • Shred all confidential waste paper: If you think that throwing your memos and meeting notes in the recycling bin, or filing election data in a forgotten cabinet will keep them safe – think again. To avoid a dangerous data breach, make sure you shred or securely dispose of no longer needed paperwork in line with your organisation’s data retention policies
  • Bought a new laptop? Think twice before you throw your old one away:  It’s not just paperwork that you need to be cautious about. Selling your old laptop before safely destroying the hard drive, like one MP did, could end up with confidential information being leaked to the general public.
  • Active on Twitter or Facebook? Beware of social media slip-ups: Make sure that the content of your post does not contain confidential or embarrassing information. Leaking results of postal votes via Twitter like one MP did, certainly did not work to her advantage. Not only was the message retweeted 5,835 times, but she could have also faced a £5,000 fine or 6 months of imprisonment. Instead, it ended with a police caution.
  • Implement a clean desk policy: It’s easy to lose track of confidential documents if they are left sprawled across a cluttered desk. Keep a clean desk at all times to prevent paper documents falling victim to snoopers and fraudsters. If left out in the open, they could be easily accessed by other employees or external staff.