How To Secure Your Data In A World Where Privacy Risks Are High

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.techweekeurope.co.uk/data-storage/secure-data-privacy-risks-high-178849

The financial impact of a data security breach on a business is
skyrocketing. For a large business in 2015 it is estimated to cost a
minimum of £1.46m, up from £600,000 in 2014. For small businesses, it is
estimated that it will cost up to £311,000 in 2015, almost three times that
of the estimate of £115,000 in 2014.

External and internal threats to a business are increasingly common, and
yet small businesses in particular are still falling short of the necessary
safeguards when it comes to protecting client data. More than 85 percent of
small businesses are not providing the baseline level of data privacy
protection for the transactional communications they send, such as cheques,
statements and patient records. These kinds of documents contain sensitive,
personal information, and clients have placed their trust in these
organisations, so businesses have a moral obligation to protect them.
Businesses must also comply with stringent regulatory obligations, and the
stakes are high if regulations are not adhered to.
The UK’s Driver and Vehicle Licensing Agency (DVLA) is just one
organisation found to have breached data protection rules when sending out
confidential documents to the wrong motorists. It mailed 1,215
questionnaires which included such personal details as dates of birth and
motoring offences, but around 100 were sent to incorrect addresses.

With businesses currently spending £42bn protecting themselves against data
theft – a figure forecast to almost double to £78bn by 2017 – and data
breaches snowballing
<http://www.techweekeurope.co.uk/security/cyberwar/data-breaches-identity-theft-176633>,
organisations must take steps to protect their transactional data, digital
or physical, and apply the high levels of privacy levels that it demands.

*Culture Club: foster a culture of transparency*

Businesses are liable to an average of four staff data breaches each year.
Morrisons’ supermarket recently hit the headlines in the UK, with an
employee accused of stealing 100,000 personal accounts from the staff
payroll database. For small businesses with high volumes of transactional
mail, such a breach could be devastating. Preventing this by creating a
culture of transparency, openness and accountability isn’t going to happen
overnight, but investment and time spent on employee engagement is very
wise.

*Education’s what you need: educate staff and brief the senior management
team*

Security awareness training and education is key: a simple video, even just
filmed on a smartphone, of an employee sharing tips on selecting robust
passwords – picking phrases not words, adding characters and numbers – can
make a real difference in safeguarding information. And don’t forget to
brief the senior management team on the impact of a breach, and what you’re
doing to address this.

*Easy does it: rollout usable technology to secure data*

Businesses need to make it easy for staff to protect the data they generate
and manage, with the right tools and technology. Robust firewalls,
encryption techniques and password-protection to providing VPNs and cloud
storage are standard practice for businesses of all sizes now. Consider
mobility: although it may not be top of your agenda now, there will come a
time when your staff want to work flexibly. Make sure your client data is
protected however staff are accessing it.

*100 percent Integrity Guaranteed: consider Document Integrity to protect
physical documents*

Data in both digital and physical form need to be managed, maintained and
protected. Data held in paper-based form is equally as high a security risk
-in fact, almost a quarter of security breaches relate to paper-based
documents. Businesses can build safeguards into the earliest stages of a
document’s creation by rolling out watertight Document Integrity processes
and systems. The objective of Document Integrity is to ensure the document
creation and change processes generate sound, correct and valid documents –
so from document creation through to print output and mail, every stage is
specifically designed to protect data and achieve compliance. It enables
businesses to provide evidence that appropriate best practices, processes
and controls are in place.

*Ground control: implement inserter control systems to protect physical
mailings*

When it comes to mailing physical documentation, inserter control systems
are at the heart of providing document integrity. Traditional inserter
control systems use Direct Scanning of each insert and technology such as
Optical Mark Recognition and barcodes. Now, File Based Processing,
previously used almost exclusively in high-volume production environments,
has become more accessible for smaller businesses thanks to advances in
technology. With File Based Processing, a mail run data file (MRDF)
containing all records and instructions for a given job is first sent to
the inserter PC. As the inserter reads a barcode, it matches that code to a
record in the file. This verifies the accuracy of every page as it is
processed. The MRDF contains all instructions, so the inserter knows
precisely what to do with each page. Finally, every page in the end-to-end
process is tracked, providing a complete audit trail for the mailing.

*Under lock and key: protect a document throughout its lifecycle*

Consider the lifecycle of a document from creation to printing, to
transporting home for proofing, to filing on the desk in the office. Secure
printing requires users to use a swipe card to print physical documents.
Consider files with pockets, if staff must take physical documents home.
You can also introduce a clear desk policy, and encourage staff to lock
away documents and laptops overnight. With historical documents, rather
than filing older physical documentation on-site, businesses now have a
diversity of cost-effective options for document archiving, which ensure
clients’ historical transactional documents are housed in a far safer
environment than in a filing cabinet in the office. There are bank safety
boxes, and off-premise archiving, and for those with high volumes of
historical documentation, an access-restricted document viewing room is
worth considering.

Combining high-performance technology with best practices and employee
education creates a robust protective environment for client data, whether
physical or digital. Get this right, and your business will have a secure
platform on which you can grow your business, generate client trust and
foster employee engagement.

Read more at
http://www.techweekeurope.co.uk/data-storage/secure-data-privacy-risks-high-178849#hSiE2LZquhhPZWkE.99

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!