Information Security Breaches: Are you prepared?
It is public knowledge that breaches of information security are on the increase. You only have to tune into the news to hear daily stories about lost or stolen personal and private information. This affects us all. With the increased use of technology to communicate and transport our personal details, it is inevitable that breaches are going to occur, accidentally or by design. The technology that helps us also makes us incredibly vulnerable. Our personal information is out there in cyberspace whether we like it or not.
The Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights in the public interest, follows closely the trends in statistics for data breaches reported to them. Its latest figures show that 25% more incidents are being reported to its office, a trend revealing that breaches are occurring more frequently.
Certain sectors continue to report more incidents than any others: the health sector has the highest number of breaches, followed by local government.
With Shred-it’s latest Security Tracker survey revealing that less than half of SME business owners are ‘very aware’ of legal requirements surrounding confidential data, it is well worth taking a look at the ICO website to brush up on any knowledge gaps.
The ICO website has comprehensive and detailed information on what security measures an individual or organisation should take to protect personal data they hold. There is an excellent guide on security breach management, and what you should do if you lose personal data. The ICO’s Data Sharing Code of Practice (the statutory code approved by the Secretary of State) also gives a full explanation on how the Data Protection Act applies to sharing of personal data.
As a starter, here are just some of the simple actions you can take to protect personal and confidential data in your business:
- Keep only the information that you need for your business
- Only collect essential data and always obtain consent for any information collected
- Limit access to all sensitive information (paper or electronic)
- Ensure ALL data is stored in a secure and confidential place
- Have a workable document management system in place and make sure staff know how to use this
- Encrypt data stored on your networks, staff laptops and remote access devices
- Train all staff in your company’s security measures and systems, and e-mail etiquette
- Don’t allow staff to share passwords
- Install a firewall, anti-spyware tool and virus-checking on all your computers/laptops
- Take regular back-ups of the information stored on your computer system, and keep this in a separate, secure place
- Have a plan in place on how to deal with a security breach if one does occur
- Shred all confidential paper documentation when you have finished with it or use a reputable shredding company to dispose of all your information safely
- Remove all personal and confidential information before disposing of old computers – the safest method is to physically destroy the hard drive
- When e-mailing, always check the names of the recipients before sending, especially if using a group e-mail address
- If you want to send an e-mail to a recipient without showing their address use blind carbon copy (bcc) not carbon copy (cc)
- Sensitive information should never be sent via fax – use a courier service or secure e-mail instead
For more advice and information you can download our comprehensive guide to information security management and compliance.