Once More Unto the Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.smeweb.com/technology/features/5415-once-more-unto-the-breach

Data security and why you need to protect your physical as well as digital
documents.

When Shakespeare wrote “Once more unto the breach, dear friends” in Henry
V, he had no indication what the word ‘breach’ would come to mean.
Fast-forward 400 years and it is a word that casts fear into the heart of
every CTO, IT manager and compliance professional. Headlines are dominated
by high-profile security breaches, and the risks these pose to individuals
and their personal information.  From small businesses to global banks,
hospitals and social networks, every operation which interacts with the
public is taking steps to protect their customers, employees and
stakeholders from these breaches.

As well as a moral obligation to protect their customers’ private
information, organisations must meet stringent regulatory obligations.  The
1998 Data Protection Act gives individuals the right to know what
information organisations hold about them, and sets out rules for companies
on how they manage personal information.  The stakes are high if these
rules are not adhered to, with fines being handed out and reputations at
risk. For small businesses, these regulations can be daunting, and can add
time, cost and complexity to businesses already restricted by red tape.

Many businesses have protective measures in place to meet these
regulations, and safeguard their digital data, from robust firewalls,
encryption techniques and password-protection to VPNs and cloud storage.
But what about the protection of physical documentation? Data in both
digital and physical form need to be managed, maintained and protected.
Data held in paper-based form is equally as high a security risk -in fact,
almost a quarter of security breaches relate to paper-based documents1 -
but requires an entirely different strategic approach to its management.
With many organisations responsible for sending out high volumes of
transactional and information-based communications, safeguarding processes
are essential.

There are secure methods of storing physical documentation such as bank
safety boxes and off-premise archiving, but when a business is constantly
creating new documents and generating high-volume physical communications
such as customer mailings, these storage methods are not appropriate. The
data on these documents is still highly sensitive and open to risk,
however. Consider the UK’s Driver and Vehicle Licensing Agency (DVLA),
which was found to have breached data protection rules when sending out
confidential documents to the wrong motorists. It mailed 1,215
questionnaires which included such personal details as dates of birth and
motoring offences. Around 100 were sent to incorrect addresses.

To address this and maintain data security and compliance, small businesses
are building safeguards into the earliest stages of a document’s creation
by rolling out watertight Document Integrity processes and systems. The
objective of Document Integrity is to ensure the document creation and
change processes generate sound, correct and valid documents. From document
creation through to print output and mail, every stage is specifically
designed to ensure accuracy and precision, to protect data and to achieve
compliance.  It enables businesses to provide evidence that appropriate
best practices, processes and controls are in place.

Document Integrity ensures a high degree of data protection. With mailings,
private information is inserted into the envelope without risk of being
compromised by human handling; and inaccurate information, duplication of
paperwork and missing content is eliminated.  There are also financial
advantages from implementing Document Integrity such as:

- Reduced costs previously generated by manual handling

- Eliminated costs of returned and undelivered communications

- Minimised risk of penalties for non-compliance

For small and medium businesses that rely on transactional and
information-based communications, document integrity is key to compliance,
security, customer relationships, and reputation. Organisations have a duty
to protect their customers’ data. Document Integrity ensures the duty
doesn’t become a burden.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!