|
|
Total Number of Subscribers: 1626 |
|
|
|
|
|
|
|
Date: 9th April 2010 |
Compiled by: M Sathya Kumar |
|
New legislation is
forcing companies to examine their data security procedures more closely.
However, it is relatively simple to implement. Companies
could soon be charged up to £500,000 for failing to safeguard against
personal data security breaches. Under soon-to-be granted powers, the
Information Commissioner’s Office (ICO) will be able to impose hefty
fines on firms that fail to adequately implement robust security measures.
Taking effect as of 6 April 2010, the measures will prompt organisations to
consider more seriously the consequences of failing to implement compliance
procedures to secure the data they hold. When
serving penalties, the ICO will consider the circumstances, including the
seriousness of the data breach, likelihood of substantial damage and distress
to individuals, whether the breach was deliberate or negligent, and what
reasonable steps the organisation has taken to prevent such incidences. The
benchmark from which any shortfall will be viewed is the Data Protection Act,
which aims to strike a balance between the rights of individuals and the
interests of those with legitimate reasons for using personal information.
Although the maximum fine threshold stands at £500,000, according to the ICO,
the Commissioner will take into account an organisation’s financial
resources, sector, size and the severity of the data breach, to ensure that
undue financial hardship is not imposed on an organisation. Potential Penalties
Although
other regulatory bodies, such as the Financial Services Authority (FSA), have
issued penalties well in excess of £500,000, prior to the introduction of the
impending powers, the ICO has been unable to levy financial punishments
against organisations that fail to adhere to the Data Protection Act. These
penalties should be seen as a catalyst to improve data security and protect
against the serious disruption that such breaches cause, both for businesses
and individuals alike. However, for the penalties to be successful in
reducing data breaches and their impact, organisations must first be mindful
of situations that could allow for such incidents to take place. One
of the most easily exploited data security risk is remote working. The
ability to work remotely, away from central systems, is a significant benefit
of the increasing sophistication of IT networks and allows companies a
greater degree of flexibility. One key advantage of remote working is cost
savings, both from freeing up office space and reducing the time and money
spent by workers travelling to a central location. Another key driver is
increased productivity from a more motivated team. Recent research from the
Cochrane Library highlighted that employees who are able to choose their own
working hours enjoy better physical and mental health. Additionally,
remote working can support business continuity in times of unavoidable
disruption. One recent example that garnered significant media coverage was
the chaos caused by the extreme winter weather conditions earlier this year.
According to a Federation of Small Businesses and ICM report, 40% of
organisations saw a disruption to operations due to snow-covered roads and a
mere 42% had flexible working policies in place to ensure business
continuity. If businesses were primed to implement remote working strategies,
disruption would have been kept to a minimum and output would have remained
largely unaffected. Yet
despite obvious benefits, remote working raises questions about the security
of data being accessed and transferred and of the integrity of IT systems in
general. Both parties need to be confident that they are communicating with
each other securely and safely. In recent years, a number of high profile
cases where data losses have been exposed - including the loss of millions of
child benefit records and sensitive security dossiers by Ministry of Defence
staff - have shed light on how vulnerable personal data is to breaches,
caused either by human error or a systems failure. Cases of memory sticks,
discs and documents being lost after physically being taken away from office
premises are all too common. Moreover, data transfer between a remote worker and
a central IT hub is often of a highly sensitive nature and both parties need
to be certain that they are communicating with each other securely. Taking Steps
Although
for many organisations, updating and future-proofing IT security against
increasingly sophisticated threats may seem like a daunting task, an advanced
level of control can actually be implemented very easily, is simple to
enforce and can avoid embarrassments and legal liabilities. One solution that
has already been successfully deployed in the financial sector, and is also
of relevance when verifying remote workers, is two-factor authentication
(2FA). 2FA
is a security measure based on something a user knows, such as a password,
and something they possess which is hard to counterfeit or steal. If a remote
worker wishes to gain access to a shared server or file using 2FA, they would
be required to input a unique, randomly-generated, one-time password (OTP).
Unlike traditional security measures, with 2FA, the OTP would be transmitted
via a different medium to the one being used to access the system - a good
example would be a password being sent as an SMS message to a mobile phone. Using
a mobile phone in 2FA is becoming increasingly popular and has many
advantages, primarily that the technology is familiar to most users and the
prevalence of mobile phones in everyday life means the user’s phone is
nearly always to hand. Another key advantage is that no additional hardware
needs to be purchased or deployed, reducing both the cost of 2FA implementation
and also its environmental impact. In addition, 2FA expands upon the
password-protected protocol that has become commonplace in IT security,
without making the issue more complex for users. Cost Considerations
If
the potential to incur a £500,000 fine for security breaches isn’t
enough motivation for companies to take every preventative measure possible,
further cost implications must surely add fuel to the fire. A 2009 study
carried out by the Ponemon Institute discovered that Article by Michael Robertson is founding partner and
managing director of Commerce Media, a software solutions provider with
specialist information security expertise, founded in 1999. Prior to Commerce
Media, Robertson was chief executive at analytical software solution firms
The ISM Partnership and Visibility Systems. Preceding these appointments, he
was employed by IT solutions provider Microcentre. He has a degree from |
|
|
|
|
|
|
|
|
Rewards
waiting for feedback at |
|
|
|
|
|
Disclaimer: We believe that the information contained in this e-zine is true. If you do not wish to receive Smart Trainee please click here. |
|
|
|
|
|
Click here to contact us, if you are unable to view the content properly |
|
|
|
|
|
|
|
