Are you at risk of data breach?
The simple answer is - probably, yes.
It is an undisputable fact that the risk of data breach is increasing, both in the UK and around the world. Cybercrime is a low-risk, high-return option for organised crime which creates real problems for the police as; it often protects the perpetrator's anonymity, can be achieved at speed, is difficult to evidence, and frequently spans continents.
In an age where compiling and mining vast amounts of personal data is vital to the operation of a wide range of organisations, protecting this information from inappropriate access, whether accidental or malicious, has become an organisational imperative. This is particularly the case for organisations employing flexible working practices involving remote data access and sharing.
What are the consequences of data breach?
The facts speak for themselves. Ponemon Institute's 2009 Data Security report suggests that seven out of ten companies were impacted by data breach during the year, an increase of 10% over 2008. Moreover, the report estimates that data breaches currently cost UK companies around £60 per record, or an average of £1.7m per company.
In nearly all cases, data theft is a multi-victim crime.
Firstly, the company or organisation entrusted with the exposed data suffers on numerous fronts - through eroded trust, reduced brand equity, loss of business, and in some cases, civil and even criminal penalties. With the UK Information Commissioner's Office (ICO) given the power to issue large fines for data-protection offences as from 6th April 2010, and other privacy compliance standards and regulations (e.g. Sarbanes Oxley, HIPAA, Basel II etc.) presenting consequences in the form of penalties ranging from contract termination to fines to jail terms, the cost associated with data breach for organisations looks set to rise.
Secondly, often the lost data also "belongs to" other entities and individuals who suffer the loss of their banking, pension, health and credit card details.
Data is valuable property, and the diverse holders of data property rights are rapidly losing patience for any entity that treats these rights lightly, or gives the appearance of doing so.
Impact of increased remote and flexible working practices
In parallel, remote and flexible working practices are also on the increase - currently 15% of the UK workforce does some work from home, with 90% of these workers being in managerial, professional and skilled professions. Remote working helps organisations to increase responsiveness, enables virtual-teams, supports operations over an extended time period or geography, and cuts the cost of real-estate associated with office space.
"Work is something you do, not a place you go to."
Today's organisations must constantly balance the need to provide flexible, remote access to IT systems enabling remote staff to meet their objectives, with the need to secure the data held on those systems.
Forward thinking organisations are now realising that investing in a solution that addresses remote security issues makes profound business sense.
Flexible working - threats to data security
There are a wide variety of threats to organisational data security, but here we focus on a few particular issues that impact organisations with remote workers and distributed teams.
Threats from remote access
In recent years, virtual private network (VPN) technologies have been implemented to provide site-to-site connectivity and remote access. While providing significant business benefits and cost savings, VPN technologies (SSL VPN included) come with a number of security issues:
Threats from distributing and sharing information
Up to now, organisations have used File Transfer Protocol (FTP) applications as a way of transferring documents and larger files from one site to another. However, even with today's Secure FTP, risk of data breach remains.
Learn more about ISEEU Global solutions. To discuss how ISEEU Global can help you address your data security concerns, please contact us today.
The simple answer is - probably, yes.
It is an undisputable fact that the risk of data breach is increasing, both in the UK and around the world. Cybercrime is a low-risk, high-return option for organised crime which creates real problems for the police as; it often protects the perpetrator's anonymity, can be achieved at speed, is difficult to evidence, and frequently spans continents.
In an age where compiling and mining vast amounts of personal data is vital to the operation of a wide range of organisations, protecting this information from inappropriate access, whether accidental or malicious, has become an organisational imperative. This is particularly the case for organisations employing flexible working practices involving remote data access and sharing.
What are the consequences of data breach?
The facts speak for themselves. Ponemon Institute's 2009 Data Security report suggests that seven out of ten companies were impacted by data breach during the year, an increase of 10% over 2008. Moreover, the report estimates that data breaches currently cost UK companies around £60 per record, or an average of £1.7m per company.
In nearly all cases, data theft is a multi-victim crime.
Firstly, the company or organisation entrusted with the exposed data suffers on numerous fronts - through eroded trust, reduced brand equity, loss of business, and in some cases, civil and even criminal penalties. With the UK Information Commissioner's Office (ICO) given the power to issue large fines for data-protection offences as from 6th April 2010, and other privacy compliance standards and regulations (e.g. Sarbanes Oxley, HIPAA, Basel II etc.) presenting consequences in the form of penalties ranging from contract termination to fines to jail terms, the cost associated with data breach for organisations looks set to rise.
Secondly, often the lost data also "belongs to" other entities and individuals who suffer the loss of their banking, pension, health and credit card details.
Data is valuable property, and the diverse holders of data property rights are rapidly losing patience for any entity that treats these rights lightly, or gives the appearance of doing so.
Impact of increased remote and flexible working practices
In parallel, remote and flexible working practices are also on the increase - currently 15% of the UK workforce does some work from home, with 90% of these workers being in managerial, professional and skilled professions. Remote working helps organisations to increase responsiveness, enables virtual-teams, supports operations over an extended time period or geography, and cuts the cost of real-estate associated with office space.
"Work is something you do, not a place you go to."
Today's organisations must constantly balance the need to provide flexible, remote access to IT systems enabling remote staff to meet their objectives, with the need to secure the data held on those systems.
Forward thinking organisations are now realising that investing in a solution that addresses remote security issues makes profound business sense.
Flexible working - threats to data security
There are a wide variety of threats to organisational data security, but here we focus on a few particular issues that impact organisations with remote workers and distributed teams.
Threats from remote access
In recent years, virtual private network (VPN) technologies have been implemented to provide site-to-site connectivity and remote access. While providing significant business benefits and cost savings, VPN technologies (SSL VPN included) come with a number of security issues:
- Unauthorised entry - the security of your system is only as strong as the methods used to authenticate remote user access. With ISEEU™ Global Access you are provided with 2-factor authentication as standard, meeting Government and industry access guidelines.
- Loss or theft of laptops or remote devices - storing sensitive information locally on a laptop or other remote device is highly susceptible to data breach. ISEEU Global Access means that remote users log in and use central applications and data, without physically transferring information to their remote device.
Even when accessing central data, there is a possibility for security breach as the data is cached on the remote device. ISEEU Global Access removes all trace of data from the device following a remote login session. - Ability to control access by individuals - ISEEU Global Access allows Systems Managers the ability to set access protocols, down to the individual user level and delivers the ability to monitor and audit access.
Threats from distributing and sharing information
Up to now, organisations have used File Transfer Protocol (FTP) applications as a way of transferring documents and larger files from one site to another. However, even with today's Secure FTP, risk of data breach remains.
- Unauthorised receipt of files - because FTP sends files in an unencrypted form, there's always a risk of the file being intercepted and disclosed. ISEEU™ Global Courier software includes two-factor authentication and highest level of encryption to ensure that only the intended recipients can download and access the file.
- Unauthorised access to information on the FTP server - using FTP file transfer, files are generally sent to an account, rather than an individual, where the information is pre-staged ready for download and access. Using ISEEU Global Courier, information is only downloaded from the central server to the remote user when two-factor authentication has been completed by an individual.
- Controlling what is sent - IT Managers or Security Administrators often face the issue of having no control over what information is sent out from the organisation. However, the workflow component within ISEEU Global Courier can restrict what is sent out of the organisation at an individual user level. Furthermore, the software retains a full record of transactions and provides notification of download.
Learn more about ISEEU Global solutions. To discuss how ISEEU Global can help you address your data security concerns, please contact us today.
