Home Resource Centre Security Data Security Breaches

Data Security Breaches

Data Protection Act 1998

"The Data Protection Act 1998 defines the legal basis for the handling of people’s information
and is the main legislation governing the protection of personal data. All businesses handling customer data must comply with the act and recent amendments have made losing data a criminal offence, which carries a prison term of up to two years.”

The Impact of Data Security Breaches

“45 percent of small businesses have experienced a security incident in the past year”

Many people are unaware of how a data security breach can happen and the impact it can  have on their business.
 
The Information Security Breaches Survey, carried out by consultancy firm  PricewaterhouseCoopers, was released at the InfoSecurity Europe 2008 event in April. They  surveyed 1000 UK businesses and highlighted that while the number of security attacks  are decreasing, less than three quarters of businesses had procedures to comply with the  Data Protection Act 1998. Only 40 percent had ongoing security awareness training and just 55 percent had a security policy in place.

It also found that 21 percent spent less than 1 percent of the I.T. budget on security, 13 percent had detected unauthorised users on their network and 45 percent of small businesses have experienced a security incident in the past year. Despite these figures, many businesses do not understand why data breaches occur. They do not have suitable procedures in place and do not realise the affect poor data security management can have on their business.

How do data breaches occur?

  • Losing or I.T. Equipment being stolen (e.g. laptops and storage devices) that do not have the appropriate security restrictions, such as passwords and encryption.
  • The poor management of personal data during postage or transit, failing to record its dispatch and delivery.
  • Internal malicious attacks from disgruntled employees or people stealing customer information for personal gain.
  • Employees accessing unauthorised websites, such as social networking, that may make the system perceptible to attacks
  • External attacks through wireless broadband internet connections and networks, which is more common with the increased use of mobile devices
  • Opening unusual emails and attachments, clicking on unfamiliar links, and downloading files that can open the system up to attacks
  • Leaving user accounts logged on, computers unlocked, sharing passwords and having private data on show
  • Allowing employees to access all areas of the network, regardless of if they need the access to do their job.

“There have been several well published incidents of data security breaches in the past year. Personal data has gone missing for a variety of reasons, from stolen I.T. equipment to the data disappearing in transit.”

What are the effects of data breaches?

  • Sensitive customer information falling into the wrong hands and being used for fraudulent purposes, such as identity theft.
  • Disgruntled employees stealing customer and supplier information to use for personal reasons or to sell, which can lead to the loss of customers.
    If there are no backup measures, customer and supplier contact details, and other important data is lost forever.
  • A loss of sales and, as a result, profit, as customers will lose trust in your business.
  • A damaged reputation and brand image, again leading to a loss of sales and profit.
  • Legal implications, such as hefty fines and court cases that can put you out of business – see information box about the Data Protection Act 1998

How can you prevent data breaches?

  • Implement company-wide security policies to ensure consistent best practice throughout the business.
  • Ensuring users log off their accounts, turn of computers and don’t share passwords with others to prevent people accessing data.
  • Educating employees on company policies and security precautions, so they are aware of how data breaches can happen and the implications.
  • Limit user access to sensitive areasof the network, so employees can only access specified areas as required by their job.
  • Ensure employees have the correct hardware, resources and software in place to protect them against data breaches.

 We recommend the following products for extra security:

SYMNAV65
Norton Antivirus 2009 Bundle with Ghost 14.0 CD

  • Rapid pulse updates for up-to-the-minute protection
  • Intelligence-driven technology for faster, fewer, shorter scans
  • Safeguards against online identity theft, viruses, spyware, bots and more
  • Includes Norton Ghost 14.0, ideal for back-ups, remote backup management,
    encryption and compression features

A0437891
Symantec BackUp E Windows Servers V12.5

  • Market leading data protection for physical and virtual server environments.
  • Scalable heterogeneous support through remote Agents and Options.
  • Innovative multi-product integration with market leading technologies

A0396068
Symantec Backup Exec System Recovery Windows Small Business Server Edition Business Pack V8

  • Complete Windows Small Business Server recovery in minutes to same hardware, dissimilar hardware or virtual environments with the Restore Anyware technology
  • Comprehensive virtual conversion capabilities directly to VMDK or VHD files with the ability to schedule virtual conversions
  • Offsite backup copy to FTP location or secondary disk drive for enhanced disaster recovery capabilities
  • Rapid, granular recovery of Exchange, SharePoint or files and folders from a single, multi-interface                                           

“In October 2007, HM Revenue and Customs lost the details of 25m people, affecting 7.25m families in the UK that claim child benefits, on two discs that contained their names, addresses, dates of birth, national insurance numbers and bank and building society account details! A junior official sent the encrypted discs, which were only password protected, to the National Audit Office but failed to follow the correct procedures to record and register the discs, and they never turned up! Fortunately it appears the data did not fall into the wrong hands as no fraudulent activities have been reported.

Nationwide Building Society was fined £980,000 when a laptop containing 11m customer details was stolen from an employee’s house. Although it didn’t contain any pin numbers or passwords, the laptop did have their names, addresses and account numbers.

Nine NHS Trusts lost patient records stored on a CD, including the names and addresses of 160,000 children and 244 cancer patients.  The Dudley NHS Trust lost records of 5,000 patients when a laptop was stolen from a hospital in January 2007, although they did insist it required multiple passwords to access the information.”

last updated: 05 Feb 2009

Rated 2.5

Add your comment

We take your privacy seriously. We will not publish your e-mail address, and only collect this information for verification purposes and so we can contact you if need be. Please see our privacy policy for more information regarding how your personal data is handled.

Related

Share this page:

What are these?
If you found this page interesting and think others would benefit from reading it, you can submit it to the social websites of which you are a member. Share the deals, articles and offers you've found!
HACKER SAFE certified sites prevent over 99.9% of hacker crime.
 

PC World Business, 60,000+ Products at your fingertips from Laptops to Office Supplies and more...

Home Resource Centre Security Data Security Breaches