Is your business at risk of sleep-walking into a reputational time bomb?
Press release - 15 July 2011
The current phone hacking scandal is just the tip of the iceberg when it comes to keeping company information secure.
Companies need to wake up and take responsibility for information security if they want to remain profitable and protect their reputations.
Most high-profile data breaches are not caused by hackers or thieves, but by bad business processes and policies. The key to mitigating such risks is to ensure that the security of data and information is firmly aligned and embedded within the goals and objectives of an organisation, from the boardroom through to the switchboard.
Those companies that seek knowledge and put in place effective processes and robust information security frameworks, are more likely protect their assets, reduce downtimes and gain new business.
As a global leader in information security management solutions, we have put together some basic tips for you:
BSI's 5 ‘must do’s’ for information security
- Recognise the importance of all information in your organisation
- Strike a balance between accessibility, availability, integrity and security of your information
- Assess the real risks associated with information in your business (e.g. loss of customer data during transfers; unhappy staff sharing intellectual property outside the organisation; staff opening emails and releasing viruses into the network; staff printing out confidential information and losing it or leaving it exposed to loss; access by unauthorised persons)
- Know your legal obligations (e.g. data protection)
- Tackle the obvious small things – locking screens when leaving the desk, displaying security passes, operating clear desk policy, passwords for mobile devices
Top 5 information security pitfalls:
- Assuming the more you spend on software the safer you are.
- Leaving it all to the IT department
- Lack of senior management buy in
- Staff awareness and competence
- Believing there is nothing you can do to stop staff compromising the information either accidently, or through deliberate acts
Is your business at risk?
If so, here are some practical solutions to help you get started:
- Data Protection Pocket Guide: Essential Facts at Your Fingertips - a user-friendly guide that brings to life the issues involved in data protection.
- A Manager's Guide to Data Security and ISO 27001/ISO 27002 - the complete Information Security Management System toolkit (CD-ROM and book).