August 15, 2016
Does your organisation have the right data security in place?
Every year, there are data security trend forecasts to help workplaces understand what they’re up against. Run through your office security checklist regularly to make sure your information security plan keeps pace with evolving threats.
1. Health information is a huge target. According to the Information Commissioner’s Office (ICO), the health sector had the most data security incidents in the first quarter of 2016 – 184 incidents or 41% of all data security incidents. Local government was the second highest sector and sought-after health data played into the equation too: 21% of incidents affected social care data while 16% affected health or clinical data.
2. Paper chase. The legal sector had a 32% increase in the number of incidents. The ICO explained that legal information is often in the form of paper files, which are carried around and easily lost or stolen.
3. On-the-job mistakes. Employees are still to blame for many data breaches. For example, they post confidential data when they shouldn’t, or email information to the wrong person. The ICO reported that these kinds of employee mistakes topped the list of incidents by type – there were 128 incidents in total in the quarter.
4. Small business is vulnerable. Smaller workplaces have been slower than larger ones to adopt aggressive defences. At the same time, hacking tools are better than ever at finding openings in older, legacy products, said a security expert in a toptechnews.com post.
5. Still phishing. Phishing scams have proven to be an effective – and quick – way to steal a victim’s credentials. In 81.9% of incidents in the 2016 Verizon Data Breach Investigations Report, the initial compromise took just minutes, indicating phishing opened the door for criminals.
6. Wearable devices. The Internet of Things has introduced new wearable devices onto corporate networks. “Paired with compromised security or just poor privacy settings,” said an itbusinessedge.com article, “they create the perfect storm for personal data breaches.”
7. Held for ransom. A popular attack, ransomware infects a hard drive or network to encrypt files unless a ransom is paid.
8. Cloud storage. As organisations increasingly store business information this way, the cloud will become a bigger target for information thieves.
For preventing security incidents, the ICO suggested four key areas where safeguards and security policies will make a difference:
Management and organisational measures: Have regular information risk assessments, appoint a Chief Information Security Officer (CISO), create a culture of security, and provide security policies for in and out of the workplace.
Staff: Privacy laws require organisations to take reasonable steps to ensure the reliability of staff that has access to confidential data. On-going employee training is critical.
Computer security: Utilise the latest IT safeguards including email filtering and secure authentication procedures. Provide a guest network. The ICO warns that measures should match the nature of data and the harm that could result from a security breach.
Physical security: Safeguard the office with locks, alarms, etc. Control access to information, put safeguards in place for portable equipment, and arrange for the secure disposal of paper and digital waste.
Partnering with a leading document destruction company for information security and complete workplace data protection can go a long way in preventing security incidents.