News

BYOD policy ‘must be up to date’

Published on 17 May 2012.

Companies have been urged to assess their BYOD policy regularly.

Businesses have been encouraged to assess their bring-your-own-device (BYOD) policy regularly in order to avoid any data security issues.

Mike Geide, senior researcher at Zscaler ThreatlabZ, warned Computerworld UK that the nature of BYOD makes it important to review how companies deal with it on a quarterly basis.

This is because of the fluctuating nature of consumer trends, meaning employees may be making use of a certain newly-released or updated device which is not accounted for in existing security procedures, explained Mr Geide.

“It’s not only good to go ahead and set a policy for their organisations, but you have to enforce policy and that means more than just a firewall,” added the researcher.

He added that mistakes from workers are one of the commonest causes of data security breaches in the business world.

Dominic Jones, managing director at Barton Technology, recently warned that the difficulty of setting usage boundaries with personal devices makes BYOD a complicated business policy.

Posted by Clive Notting

Good data security ‘dependent on people’

Published on 15 May 2012.

Businesses that wish to keep their data safe should train their staff accordingly.

Companies attempting to improve their data security processes should focus on training people within their organisation, it has been claimed.

The latest Business IT report from Computer World UK argued that firms could learn from the political doctrine of nudge theory, which attempts to create small behavioural changes in the population in a bid to improve its health.

Rather than forcing people to adopt a certain behaviour, governments encourage them to do so by offering them information on the choices available.

In the IT world, this is translated into encouraging workers to carry out small but effective tasks which can help shore up a company’s security processes, such as changing their passwords regularly or not opening emails from unknown addresses.

“Where possible it is worth considering persuading people to make the right choice by better framing the options they are presented with,” argued Intel.

A recent documentary by Channel 4 revealed that personal errors are by far the biggest factor in the loss of personal data.

by Otto Greenberg

Personal data ‘can be easily obtained’

Published on 11 May 2012.

An investigation has shown the UK faces a thriving black market in personal information.

Companies which do not carry out the appropriate degree of data destruction when recycling waste electrical and electronic equipment could find themselves at risk of data theft, according to a new report from Channel 4.

A Dispatches documentary, Watching the Detectives, is set to show how private investigators can easily gain access to personal information through a network of contacts, reports the Independent.

It finds that personal errors are by far the biggest factor in companies accidently losing or giving away personal data, indicating the importance of training staff in data security techniques.

Tony Imossi, president of the Association of British Investigators, criticised those who use methods of dubious illegality to obtain information.

“What we have at the moment is untamed predatory individuals masquerading as professional investigators,” he argued.

Technology expert and author Michael Fey recently urged companies to carry out sufficient training to ensure their employees are capable of keeping important data secure.

by Otto Greenberg

Expert: Training key for data security

Published on 10 May 2012.

Companies need to train executives on IT security, an expert has claimed.

Companies who handle any amount of valuable electronic information should focus on ensuring all of their employees and executives are aware of the importance of data security, an expert has claimed.

Technology expert and author Michael Fey, the writer of Security Battleground: An Executive Field Manual, pointed out that the majority of companies currently focus on the “end point” when it comes to training people in their organisation.

However, many executives are not sufficiently aware of the necessary security processes.

These staff members have been “trained in finances, and sales but they have this huge area of threat to their business that they have never had the luxury of understanding”, argued Mr Fey.

This is an area in which many companies should attempt to improve their performance, he concluded.

Campaigners have recently criticised the controversial Communications Data Bill put forward by the coalition government, raising the profile of data security issues in the UK.

by Michael Fay

Businesses ‘should design for extended life’

Published on 6 May 2012.

Industries need to prepare for environmental waste legislation, an expert has claimed.

Businesses dealing with electrical recycling need to consider waste electrical and electronic equipment (WEEE) regulations before throwing away any goods which fall into this category, an expert has warned.

Gerrard Fisher, the Waste Resources Action Programme’s (WRAP’s) special advisor on WEEE, told New Electronics that the fundamental aim of the directive is to track the life of electronic equipment and ensure it is properly disposed of.

For businesses, this includes items like personal computers, laptops, mobile phones and other devices.

“Much of the work we do at WRAP is around encouraging businesses to design for extended life,” noted Mr Fisher.

This entails purchasing or designing electronic equipment which is likely to last for longer, thus avoiding the issues faced by companies with a great deal of WEEE on their hands.

A recent survey by Devoteam found that many companies are still facing issues with WEEE recycling despite making efforts to become greener across their business.

Posted by Salma Davidson

Poor data security can be costly, expert claims

Published on 5 May 2012.

A lack of data security can end up costing firms a lot of money, according to an expert.

An insufficient focus on data security can end up costing companies a lot of money, according to technology expert and author Michael Fey.

Mr Fey, the writer of Security Battleground: An Executive Field Manual, argued that the situation has worsened in recent years as an increasing number of companies begin to rely heavily on electronically-stored information.

“Organisations are starting to see real meaningful loss, not just annoyances,” warned the author.

He cited figures showing that companies have lost some £1 trillion in damages to illegal cyber activities already, with that number expected to jump to £5 trillion over the next five years.

“The missing formula really derives from the lack of a strategic plan executed by the executive team,” explained Mr Fey.

A data security breach recently led to the Information Commissioner’s Office fining a Welsh health board £70,000, making it the first NHS organisation to be hit with a fine from the regulatory body.

Posted by James Rendell

Green challenges remain for companies

Published on 4 May 2012.

A new survey has revealed that European IT companies are making good strides to become greener, but challenges nevertheless remain.

IT companies are becoming greener but still face issues with waste electrical and electronic (WEEE) recycling, according to the new survey from Devoteam.

The company’s third annual survey found that 82 per cent of large companies have already initiated a green IT programme, a positive sign indicating the increasing focus placed on environmental issues by major businesses.

However, only 44 per cent of small-to-medium enterprises had a similar system in place.

Furthermore, 69 per cent of the organisations surveyed admitted they are unsure how much waste they generate in total.

Claire Allain, a consultant for Devoteam, warned that green projects are too often organised from the top down without policies being fully explained to employees.

“The challenge is to expand its scope, its ambition and to make the workforce aware of it,” said Ms Allain.

This follows a recent statement from the Environment Agency redefining the criteria for WEEE recycling, ensuring that businesses carry out their responsibilities in full.

Posted by Otto Greenberg

Irish DPC record busiest ever year

Published on 3 May 2012.

The Data Protection Commissioner’s Office in Ireland received a record number of complaints in 2011.

A record number of data security complaints were made to the Irish Data Protection Commissioner’s Office over the course of 2011, according to the latest report from the governmental watchdog.

Over the course of the year it received a total of 1,161 complaints for investigation and dealt with 1,176 data security breach incidents – a rise from only 410 in 2010.

The commissioner, Billy Hawkes, stressed that he saw this as an increased awareness of the need to report such incidents rather than a dramatic rise in the number of actual problems faced by businesses across the country.

Mr Hawkes stressed the need for his office to be fully resourced in order to cope with the increased demands made on it by companies and the public.

The regulator was established in 1988 under the terms of the Data Protection Act but has recently taken a more central role in public life, something the commissioner attributed to the country’s increasing take-up of new technology.

Posted by Otto Greenberg

Irish DPC record busiest ever year

Published on 2 May 2012.

A record number of data security complaints were made to the Irish Data Protection Commissioner’s Office over the course of 2011, according to the latest report from the governmental watchdog.

Over the course of the year it received a total of 1,161 complaints for investigation and dealt with 1,176 data security breach incidents – a rise from only 410 in 2010.

The commissioner, Billy Hawkes, stressed that he saw this as an increased awareness of the need to report such incidents rather than a dramatic rise in the number of actual problems faced by businesses across the country.

Mr Hawkes stressed the need for his office to be fully resourced in order to cope with the increased demands made on it by companies and the public.

The regulator was established in 1988 under the terms of the Data Protection Act but has recently taken a more central role in public life, something the commissioner attributed to the country’s increasing take-up of new technology.

Posted by Otto Greenberg

ICO fines Welsh health board for data security breach

Published on 1 May 2012.

The ICO has fined a Welsh health board for breaching the data protection act.

The Aneurin Bevan Health Board (ABHB) has become the first NHS organisation to be fined for a data security problem, after an email containing sensitive information was sent to the wrong person.

It was issued with a penalty of £70,000 for the mistake, while the Information Commissioner’s Office warned none of the staff involved in the incident has sufficient data protection training.

Stephen Eckersley, ICO head of enforcement, took the opportunity to remind health services in UK of their responsibility when handling personal or sensitive information.

“Organisations across the health service must stand up and take notice of this decision if they want to avoid future enforcement action from the ICO,” said Mr Eckersley.

The ABHB has committed to attempting to deal with this problem and ensure no further issues are met with in the future.

IT security consultant Kevin Wharram recently argued that the key to good data security is to maintain a commitment to training staff about the various problems involved in keeping information safe.

Posted by James Rendell