Why are organisations failing to learn from the increasing numbers of highly publicised data security breaches that cause so much damage to company reputations?
With an ever increasing number of individuals working outside the office environment, there are continuing failures to provide a suitably secure vehicle for people to do what they need to do while at the same time ensuring that the critical information they use is properly protected.
In 2008 alone, and it’s increasing year on year, there were over 277 separate incidents of public data loss reported in the UK. More than 29 million personal records reported lost by Government departments, including:
8,000 children’s records stored on a laptop taken from a council contractor’s car
18,000 NHS staff records were ‘lost in the post’ when unencrypted CDs were sent by normal surface mail between offices
150,000 railway worker’s pension and other personal details held on a laptop stolen from the handbag of a financial auditor
1.7 million armed forces personnel had their personal data go missing when a portable hard drive disappeared from the Ministry of Defence’s main IT contractor
A survey of 250 senior IT staff in private businesses larger than 1,000 employees, found that 79% of UK businesses were losing data at least once a month, and more than a quarter suffered data loss on a weekly or more frequent basis:
1000 bank customer records were lost by an employee who mislaid an unencrypted memory stick
1 million more bank customer records held by an archival firm turned up on a second-hand laptop sold through eBay
A well-known national retail company lost 26,000 employee records when a laptop was stolen from the home of a personnel contractor
In the present climate, national press keeps a close lookout for this type of incident; a company may see its hard-earned professional reputation lost almost overnight. Added to this, there is the potential fiscal impact of a data security breach. A 2008 Ponemon Institute benchmark study examined the costs incurred by thirty UK organisations after experiencing a data breach. Breaches included in the survey ranged from less than 4,100 records to more than 92,000 records from 10 different industry sectors. The key findings included:
The total average costs of a data breach is around £60 per record compromised, an increase of 28 percent since 2007 (£47 per record).
The average total cost per reporting company was more than £1.73 million per breach and ranged from £160,000 to over £4.8 million.
The cost of lost business continued to be the most costly effect of a breach averaging £920,000 or £32 per record compromised (58% of the cost of data breach).
The survey shows that lost or stolen laptops represent 28 percent of the breaches identified, with a cost per record of £71 against £55 for other data breach incidents.
Confidential information is going missing and this can impact your business significantlyThe issues of remote data access and secure data transfer are really not difficult to solve. However, you have to do more that just set up a VPN, give staff a token and an encrypted USB memory stick and hope everything will be OK. Companies must engage with organisations that do more than sell a product – it’s important to look at the workflow elements that constitute an individuals remote working needs and then implement a solution based on these requirements.
Companies should consider, highly secure solutions that address these issues. Among the products available are:
A secure remote access solution that keeps the data in the organisation while allowing the remote user to work as if they were in the office. With no data cached on the remote device, its loss or theft is simply a minor inconvenience and not the next front-page news article
A data transfer product that allows an organisation to send securely files of any type or size between individuals or organisations while retaining full audit and organisation control with built-in workflow. This product eliminates the need for USB memory sticks or CD’s sent via post, courier or (worse still) e-mail.
Online Cloud based products and services where local staff and external partners can share, communicate and collaborate in a safe, secure and stable environment.
If a company gives data security the consideration it deserves these losses can be prevented and people can work as they need to without having to resort to bad practice. Who after all wants to be the next big data security breach story?
If you think your company can benefit from these technologies or new ways of working, please get in touch with Magikos IT and we can discuss how to improve the way your company and staff communicate and collaborate online before you end up front page news… Contact us today by clicking the button below, Call on 0843 289 2272 or Email at firstname.lastname@example.org. Alternatively take a look at our ‘Contact Us‘ page for more details.