To install Flash 9 plugin please click here.
If you are sure that Flash 9 plugin is installed, please check that Javascript is
enabled in your browser.
Why is data security such hot news at the moment?
I think data security is really kind of very hot news at the moment. It’s become a major issue. Obviously there have been lots of examples in the press of data that’s been lost all over the place, you know, the Government have been singly, hugely negligent in the amount of data that they’ve lost. But I think there is also a consumer backlash around, you know, what do people know about me, what information do they have about me? So I think there is much more concern in the current climate around data security.
Are companies starting to treat their data more securely?
I think there is, again, some evidence that companies are beginning to take data security a little bit more seriously. More organisations are asking to be assessed and audited, whether that’s against ISO 27001 which is the international standard for data security, or whether it’s against other private standards.
For instance the Direct Marketing Association have launched their own private data security standard which isn’t quite as onerous as the international standard. So I think companies are beginning to wake up to the fact that it’s an important issue. Organisations like Royal Mail, like BT are writing their own security guidelines for their data.
So these are organisations that have got large databases and datasets that they license to other organisations and third parties, and they are actually taking their responsibilities extremely seriously in saying, you know, that you’ve got to provide a level of data security that’s possibly over and above what you currently do.
How can organisations improve their data security?
I think the first point that we always say is, well, think about the data that you’ve got and the risk of that data, you know, being stolen or, you know, disappearing in some shape or form. And it’s really what can you do to address that risk and avoid that risk, you know, and accept that that risk might happen and what are you doing to mitigate that, and then is there any way that you can transfer that risk on to somebody else in some shape or form?
So it’s really about kind of starting with an assessment of what would happen if that data did disappear and have you put in place the necessary safeguards on that data.
How to implement a data security policy
So once you’ve got your security policy it’s then about disseminating that within the organisation and making sure that all of your other procedures that relate to data link to that security policy. So that’s things like the backup of your data, making sure you’ve got a clear policy on that.
It’s making sure that you’ve got a good policy on what happens if you breach data. It’s about making sure that you’ve got a clear policy for your employees, so for joiners and for leavers. And it’s generally about making sure that all your data and your network architecture is properly secured with things like firewalls and making sure you’ve got those kind of things also documented.
Quite often people think that data security is all about the IT aspects, and that’s not to say that’s not important, of course it is: you’ve got to make sure you’ve got the most up-to-date firewalls and patches and your backup policies are as they should be.
But from, you know, when we go and audit organisations we find it’s much more about the people who are, you know, quite frankly your weakest link and it’s about making sure that people are trained in, you know, the importance of their data and that they’re very clear about what their policies are.
It’s about making sure that passwords are accurate and you don’t stick them on your screen on little Post-it note, or that they’re not, you know, the name of your dog plus, you know, the month of the year. It’s about making sure that organisations really train their individuals and their employees on the value of their data.
And it’s also about making sure, I think one of the issues at the moment is about mobile devices, so, you know, the prevalence of iPhones and BlackBerrys. They are a huge data security risk, as are things like memory sticks, you know, that go into USB ports. So it’s about making sure that those kinds of technologies, endpoint technologies are secured and have got some good policies that go with them.
Where can companies find out more?
I suppose if you’ve been at all concerned about any of the things that I’ve been saying, you might ask, well, what can I do next? And I’d say there are, you know, a couple of areas where you can go to get some good advice and some help. The ICO, the Information Commissioner, has a very good website where there is lots of advice on how, you know, small businesses, medium-sized businesses can keep their data more secure.
There’s a site that we have called datameasures.com where you can go in and answer a series of questions, and there and then it will give you a score and a set of helpful hints as to how you might get through, keep your data more secure and more protected. If you just Google information security you’ll find that there are lots of very helpful white papers that you can download to get more information. We’ve got some on the DQM website. There are, you know, many ways that you can go and get help if you’re at all concerned about whether or not your data is secure.