BreachExchange mailing list archives
Once More Unto the Breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 9 Sep 2015 19:44:46 -0600
http://www.smeweb.com/technology/features/5415-once-more-unto-the-breach Data security and why you need to protect your physical as well as digital documents. When Shakespeare wrote “Once more unto the breach, dear friends” in Henry V, he had no indication what the word ‘breach’ would come to mean. Fast-forward 400 years and it is a word that casts fear into the heart of every CTO, IT manager and compliance professional. Headlines are dominated by high-profile security breaches, and the risks these pose to individuals and their personal information. From small businesses to global banks, hospitals and social networks, every operation which interacts with the public is taking steps to protect their customers, employees and stakeholders from these breaches. As well as a moral obligation to protect their customers’ private information, organisations must meet stringent regulatory obligations. The 1998 Data Protection Act gives individuals the right to know what information organisations hold about them, and sets out rules for companies on how they manage personal information. The stakes are high if these rules are not adhered to, with fines being handed out and reputations at risk. For small businesses, these regulations can be daunting, and can add time, cost and complexity to businesses already restricted by red tape. Many businesses have protective measures in place to meet these regulations, and safeguard their digital data, from robust firewalls, encryption techniques and password-protection to VPNs and cloud storage. But what about the protection of physical documentation? Data in both digital and physical form need to be managed, maintained and protected. Data held in paper-based form is equally as high a security risk -in fact, almost a quarter of security breaches relate to paper-based documents1 - but requires an entirely different strategic approach to its management. With many organisations responsible for sending out high volumes of transactional and information-based communications, safeguarding processes are essential. There are secure methods of storing physical documentation such as bank safety boxes and off-premise archiving, but when a business is constantly creating new documents and generating high-volume physical communications such as customer mailings, these storage methods are not appropriate. The data on these documents is still highly sensitive and open to risk, however. Consider the UK’s Driver and Vehicle Licensing Agency (DVLA), which was found to have breached data protection rules when sending out confidential documents to the wrong motorists. It mailed 1,215 questionnaires which included such personal details as dates of birth and motoring offences. Around 100 were sent to incorrect addresses. To address this and maintain data security and compliance, small businesses are building safeguards into the earliest stages of a document’s creation by rolling out watertight Document Integrity processes and systems. The objective of Document Integrity is to ensure the document creation and change processes generate sound, correct and valid documents. From document creation through to print output and mail, every stage is specifically designed to ensure accuracy and precision, to protect data and to achieve compliance. It enables businesses to provide evidence that appropriate best practices, processes and controls are in place. Document Integrity ensures a high degree of data protection. With mailings, private information is inserted into the envelope without risk of being compromised by human handling; and inaccurate information, duplication of paperwork and missing content is eliminated. There are also financial advantages from implementing Document Integrity such as: - Reduced costs previously generated by manual handling - Eliminated costs of returned and undelivered communications - Minimised risk of penalties for non-compliance For small and medium businesses that rely on transactional and information-based communications, document integrity is key to compliance, security, customer relationships, and reputation. Organisations have a duty to protect their customers’ data. Document Integrity ensures the duty doesn’t become a burden.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Once More Unto the Breach Audrey McNeil (Sep 10)