...I find it hard to put into words just how much I appreciated your concern for my wellbeing and your willingness to fit me into your busy schedule, when I walked into your offices distressed and without an appointment!.......
Client thank you email to Lara Colgan of the Employment Department
Legal News Update
02 August 2011
Businesses must tighten up against security risks
As Brits and the rest of the world continue to stare open-mouthed at the crisis engulfing News International, the British Standards Institute (BSI) has called on all UK companies to “wake up and take responsibility for information security” if they want to remain profitable and protect their reputations.
“Most high-profile data breaches are not caused by hackers or thieves, but by bad business processes and policies,” a BSI spokesman warned this week. “The key to mitigating such risks is to ensure that the security of data and information is firmly aligned and embedded within the goals and objectives of an organisation, from the boardroom through to the switchboard.
To assist British businesses in their efforts to tighten security, the BSI has released five ‘must do’s’ to avoid security breaches. They are:
- Recognise the importance of all information in your organisation.
- Strike a balance between accessibility, availability, integrity and security of your information.
- Assess the real risks associated with information in your business (e.g. loss of customer data during transfers; unhappy staff sharing intellectual property outside the organisation; staff opening emails and releasing viruses into the network; staff printing out confidential information and losing it or leaving it exposed to loss; access by unauthorised persons).
- Know your legal obligations (e.g. data protection).
- Tackle the obvious small things – locking screens when leaving the desk, displaying security passes, operating clear desk policy, passwords for mobile devices.
In addition, the BSI has also highlighted the top five pitfalls currently surrounding information security in the UK, including:
- Assuming the more you spend on software the safer you are.
- Leaving it all to the IT department.
- Lack of senior management buy-in.
- Staff awareness and competence.
- Believing there is nothing you can do to stop staff compromising the information either accidentally, or through deliberate acts.
“Those companies that seek knowledge and put in place effective processes and robust information security frameworks are more likely to protect their assets, reduce downtime and gain new business,” added the spokesperson.