Posted on Tue, May 15, 2012
Worldwide approximately $3.4 trillion is spent by governments and other organisations on IT security, with the majority of this money allocated for firewalls and other anti-intrusion software.
While these systems are essential as part of any IT security system, they do not address the security concerns that arise from data in transit. Organisations need to consider how they protect data when it is sent from person-to-person.
What are the issues with data in transit?
When files are sent between organisations using an unsecure system, such as email or fax, it is easy for these files to be misdirected or intercepted. Once data is sent outside of a secure network, it is no longer protected. This is a cause for concern, as it leaves sensitive information exposed and can potentially lead to a data breach.
Why is securing data in transit a particular concern?
IT security, which is implemented correctly, is efficient at protecting networks and keeping the information stored in these systems secure. However changes to working patterns and structures means organisations need to consider if their IT security is still providing them with adequate protection.
For example, many organisations, including NHS Trusts, collaborate with external partnersto increase their capacity to provide services. As part of this process, sensitive data has to be shared. In this situation, any data transferred between the two organisations using an unsecure system is at risk because it is not protected by the network security. It can be made even more problematic if it is unclear who is responsible for data in transit.
What can be done to protect data?
By establishing a system for securing data in transit, organisations can be assured their sensitive information is protected. Using a solution, for example iSEEU Global Courier, ensures your sensitive data is protected when it is being transferred. It uses a two-factor authentication system, which prevents the data from being misdirected or accessed by the wrong person. It gives you full control over your data security, even when it is sent outside your network.
Discover actionable strategies for securing data in transit by downloading our free whitepaper now
Posted on Thu, May 10, 2012
Telehealth is going mobile. NHS Somerset is planning to issue 4,000 patients with compact touchscreen mobiles, allowing patients to self-monitor long-term health conditions. This follows on from previous pilot schemes, which have shown telehealth benefits could include lower mortality and fewer hospital admissions.
How is the telehealth system being implemented?
Across NHS Somerset, patients are receiving mobile telehealth equipment through which they are can record their vital health signs. It is part of a three year contract, which will supply patients who have chronic obstructive pulmonary disease (COPD), heart disease or diabetes with telehealth equipment to monitor their condition. While some devices have already been issued by NHS Somerset, the scheme will be fully released after 28 May 2012, following information sessions to educate patients about the mobile telehealth system.
How will the scheme work?
The project will utilise mobile technology to give patients more control over their health. Every patient in the scheme will be issued with a touchscreen mobile that has a customised healthcare plan pre-installed. Patients will use the phones to input details of their health on a daily basis, by answering questions related to their condition. This will automatically generate a full picture of their long-term health and enable remote monitoring of their condition. The scheme aims to use technology to increase independence, while also improving healthcare provision.
Importantly, for any telehealth scheme to work, it will be necessary for healthcare providers, working across separate departments to coordinate their work, whether this is through multidisciplinary team meetings or other service forums, to ensure the best patient outcomes.
The benefits of a mobile telehealth system
The compact size of the mobile device means patients can take it with them on leaving the house. It is possible for them to go out shopping or even go away for the weekend because the mobile is light and easy to transport. Dr Sarah Pearce, a GP in Chard, says that some patients would rather use a mobile phone instead of earlier telehealth systems, such as having a monitoring box fitted in their living room, because "You have people round and they can see the box, whereas this just looks like a mobile phone and doesn't label them as having an illness."
The mobile telehealth system means they are able to fully monitor their condition, without this impacting on their independence.
Posted on Tue, May 01, 2012
Sensitive patient information was left exposed after a serious incident of data breach at a Welsh health board. The Aneurin Bevan Health Board was subject to an investigation by the Information Commissioner’s Office once details of the incident emerged. The board has been issued with a fine of £70,000, becoming one of the first NHS body penalised by the ICO for breaking the Data Protection Act.
What caused the data breach?
The data breach costs occurred after confidential patient files were sent out to the wrong person. A doctor gave insubstantial patient information to a secretary, including misspelling the patient’s name, which meant the secretary was unable to correctly identify the right patient. The secretary then sent the files to the wrong patient, who had a similar name. As part of the ICO investigation, it emerged that neither member of staff had received adequate data protection training. In addition, it became apparent ABHB had insubstantial checks in place to ensure they sufficiently protected sensitive data.
How did the ICO react?
After the breach emerged, the incident was fully investigated by the ICO. Their findings resulted in a £70,000 fine for ABHB. Plus, ABHB must now improve their data handling practices after signing an agreement to tackle the ICO’s chief concerns. Stephen Eckersley, who is head of enforcement at the ICO, said of the case: "The damage and distress caused by the loss of a patient's medical record is obvious, therefore it is vital that organisations across this sector make sure their data protection practices are adequate.” Importantly, securing data is part of NHS Information Governance compliance and, as this case highlights, failing to comply results in fines. The ICO has also confirmed it is currently investigating three other NHS bodies, with the possibility of further fines on the way.
How could the data breach costs have been prevented?
While ABHB is now implementing new procedures to prevent any future data protection breach, the incident is one that could have been averted. By using a secure file sharing method, such as iSEEU Global Courier, then it removes the risk of sensitive files being accessed by the wrong people. Even if the files are misdirected, the two-factor authentication system ensures that they cannot be accessed by an unauthorised person, keeping the data secure.
Ensure that your sensitive data is not left exposed by downloading our free guide on secure data today.
Posted on Mon, Apr 23, 2012
With less than 100 days to go the start of the London 2012 Olympics, many organisations are likely to find themselves undertaking a very hurried, real-world test of their ability to support significant levels of remote working. It's going to be especially challenging for those in London and South East.
Remote working during London 2012
Research undertaken by Interactive Intelligence highlights that 23 per cent of senior managers and executives at large companies in London and the South believe that they are fully prepared for the disruption that the Olympics will cause. That, of course, suggests that the vast majority of them don't believe they're organisation is ready for the challenge.
Of course, there are also Olympic events being hosted in other major UK cities. Just getting into the office will be challenging for many. Coordinating project meetings, client meetings and so forth, will be an even bigger challenge.
Remote working and security - the challenges
Remote working provides a efficient and effective solution to the challenges of getting staff into the office during the Olympics as well as a way to improve employee flexibility. However, for those that need to work with sensitive data away from the corporate network, the bigger obstacle may be that, suddenly, more of their sensitive documents are being emailed, FTP-ed or shared over webinars and virtual conferencing systems.
Our white paper on remote working and security outlines the key challenges and provides a framework to start planning your remote working strategy.
Posted on Mon, Apr 23, 2012
Sharing data with external partners is a normal working practice for many organisations. It's typically essential for collaborative working and delivering services on time.
However, data in transit is also more at risk that data at rest within an organisation. While on the move, data is more likely to be intercepted or misdirected. This problem is further compounded when it is unclear who is responsible for the data.
Why is data in transit a problem for organisations?
Data is often most vulnerable when in transit between applications and organisations, as it isn’t always clear who is responsible for maintaining data security. While many organisations have developed effective security systems for protecting data inside their network, these aren’t necessarily followed through to data in transit. On top of this, many popular methods for sharing data are unsecure. It is easy, for example, to send an email to the wrong person. Data is left unprotected and organisation face an increased risk of data breach.
Attackers target organisational weaknesses
According to a report from Trustwave, 66% of all attacks made by cybercriminals in 2011 targeted data in transit. The security uncertainties surrounding data in transit means it is seen as a weak link. Attackers are able to take advantage of gaps in data security and gain access to sensitive information. With this in mind, organisations need find a system to protect themselves from potential threats and improve their ability to securely work with new partners.
What organisations need to do to protect data in transit?
Organisations should take a proactive approach towards protecting data in transit. By assuming responsibility for data and ensuring it is transmitted through the safest possible method, they are protecting themselves against data breaches.
A practical solution, such as iSEEU Global Courier, means sensitive data remains protected when in transit. The two-factor authentication prevents misdirection and also means it is easy to monitor who gains access, providing control over data security.
Want to find out more about maintaining data in transit security? Download our free whitepaper today.
Posted on Thu, Apr 12, 2012
IT systems are being placed at risk by the attitudes of younger workers. According to a recent survey by Cisco Systems Inc, 70% of young employees regularly break corporate IT policies. This is a worrying trend, which reveals the cracks in IT security and leaves organisations with a greater risk of data breach.
What's behind the trend?
A closer look at the statistics suggests a combination of poor rule enforcement and the casual outlook many employees is behind the alarming frequency of company IT policy infringements.
While two-thirds of young workers believe IT policies need to be updated, 61% also believe responsibilities for IT security rests with their employer or device makers. At the same time, nearly one fifth of young workers who have broken corporate IT rules have done so because their company does not enforce their policies and another 14% admit to breaking the rules because their bosses are not watching them. There is both an unwillingness to accept responsibility for IT security and a willingness to break company rules because they are not effectively monitored.
Why this is a worrying trend?
Failing to uphold company IT policies means employees are making it harder for organisations to control their data security and maintain their information governance audit trail. Therefore, companies are increasingly exposed to the threat of data breaches. Not only does this mean sensitive data is more likely to be compromised, it also brings the threat of fines. The Information Commissioner can apply fines of up to £500,000 to organisations who’ve committed a serious data breach.
The Cisco report also reveals that 25% of those surveyed were victims of identify fraud before the age of 30, which the authors of the study attributed in part to the casual attitude towards IT policies and data security.
How can you protect your sensitive data?
Organisations need to look for practical solutions, which make it as easy for employees to comply with IT policies as it is to break the rules. Encouraging employees to make the right decision by making the proper systems intuitive and simple to use will reduce incidents of IT policy infringement. By using a secure data system that compliments your corporate IT policy, then it will also become easier for you to maintain it.
Find out more about how secure data transfer can help you uphold your IT policies and prevent incidents of data breach - download our free whitepaper now.
Posted on Thu, Apr 05, 2012
The nature of modern law practice means that case notes, client information and other sensitive data regularly need to be transferred quickly between multiple parties. While this is imperative to a case, it increases the risk of data breaches at law firms.
It is essential for law firms to have secure data solutions. Data sent through unsecure channels can be misdirected or intercepted, resulting in sensitive information being viewed by people who shouldn’t be seeing it. This can have serious implications for data protection.
Why should data protection a concern for law firms?
Data protection compliance is compulsory for all law firms. First, and foremost, it’s a legal requirement. Firms found to be in breach of the Data Protection Act (DPA) can now face fines of up to £500,000 from the Information Commissioner.
Secondly, stringent DPA procedures are increasingly a prerequisite from clients, who want to ensure their vital data is secure.
Finally, abiding by data protection regulations is the most effective way to avoid any negative publicity associated with a data breach.
Lawyers and law firms falling foul of DPA
Failing to comply with DPA has serious concequences for law firms and lawyers. Last November, a senior lawyer was found in breach of DPA for failing to encrypt her laptop, which contained sensitive client data and was subsequently stolen. In this case, the lawyer in question wasn’t fined because the incident occurred before the Information Commissioner was granted that power. Yet, this example makes it clear that lawyers in possession of personal data are viewed as ‘data controllers’ under DPA and, as such, have a responsibility to abide by all data protection requirements.
In a separate incident, ACS:Law was fined after a data breach which resulted in the personal information of 6000 client being published on the internet. The fine itself was £1000, but the Information Commissioner made it clear that if the firm had not already folded, the fine imposed fine would have been in the region of £200,000.
Protecting sensitive data in transit
The most effective way to ensure that data in transit doesn’t become a data protection risk for law firms is to use secure systems. iSEEU Global Courier is an ideal solution for protecting sensitive data. All the data is encrypted and only accessible through two-factor authentication, making it easy to manage who can view the sensitive data.
Find out how secure data in motion keeps sensitive data secure and support an effective information governance strategy
Posted on Wed, Apr 04, 2012
Transfers of sensitive data need to be fully accountable. A complete audit trail is necessary to ensure that personal information can be shared easily and securely. Without this being in place, it becomes difficult for NHS Trusts to fulfil their information governance responsibilities.
The current situation for sharing information
The need to share information quickly is now essential for may within the NHS and healthcare. Communicating with other organisations, often urgently, to plan and manage care. However, the most commonly used methods for sharing sensitive data can make it difficult to maintain a comprehensive audit trail. Relying on faxing or courier services cannot give the NHS the control necessary to ensure the security of the information.
No matter how carefully you track records on their journey, you can’t always guarantee what will happen once they arrive. When sending a fax or courier, it is impossible to ensure information is not intercepted or misdirected. This leaves sensitive data exposed and creates a problematic situation with regards to information governance.
Why the need for information governance audit trail?
Having a thorough audit trail protects the integrity of sensitive information. It means that NHS Trusts can be fully accountable to their information governance responsibilities.
NHS Trusts need a system for transferring files that ensures that data arrives without interception and is only seen by the intended recipient. In addition, they need to be able to track precisely who accesses this information, when they accessed it and whether they actually have accessed it.
How can you protect your sensitive data?
Ensure sensitive data remains secure through using ISEEU Global Courier. It's simple to implement the solutions required for your information governance audit trail. Before any data is shared, you can set up workflows that ensure each user has the necessary approvals. It is also possible to require all staff to complete a risk assessment form before any sensitive data is transferred. Additionally, using the two-factor authentication, which works through a mobile phone or grid card, provides the necessary control to protect data security. It makes it easy to monitor all activity, through a complete audit trail.
Protecting your information governance audit trail is just one of the benefits of secure data transfer. Find out another 6 by downloading our free whitepaper today
Posted on Thu, Mar 29, 2012
The nature of the modern healthcare planning and delivery, means that NHS Trusts are increasingly collaborating with external agencies and partners to provide services and care.
Patients are being offered more flexibility in terms of when and where they receive their treatment from the NHS. As part of this, sharing information with third-parties, including non-NHS organisations, is becoming more frequent. It is an essential part of maintaining excellent care levels, yet it increases the potential for misdirection and interception of sensitive patient data.
Changing structure to healthcare provision
The NHS is utilising external partners for the delivery of services such as MRI and CT scans, as well as working more closely with agencies, such as social services. Consequently, patient data needs to be shared with those operating outside of NHS-specific networks. This is vital to ensure patients receive the right treatment at the right time. But, to be effective, this approach needs to be combined with a system which protects sensitive data.
Risk of data breach when working with new partners
The need to share sensitive patient data is vital when working with new organisations. New service partners need to be able to receive patient notes, care plans or other information quickly so that they can begin delivering care. However, this needs to be balanced with the security requirements associated with handling sensitive patient data. Any incident of data breach can prove to be costly and incur heavy fines.
How can this be resolved?
The time and inconvenience of integrating complex IT systems is inefficient and wasteful. Therefore, to work securely with new organisations, any solution needs to be easy to implement and effective to use.
Global Courier from iSEEU means sensitive data can be shared safely and securely with new organisations with minimal disruption. All that is required is standard web browser. Working with a two-factor authentication through a mobile phone or grid card ensures data remains secure and means all activity is easy to monitor.
For more information on the advantages of secure data transfer, download our whitepaper 'More Than Just Data Protection: 7 Additional Benefits of Secure Data Transfer in Healthcare'
Posted on Fri, Mar 23, 2012
The Olympics are almost here. In a matter of months, a predicted 5.5m visitors will arrive in the UK capital for the beginning of London 2012.
For some, the games present an excellent opportunity for increased growth and productivity. However, to take advantage of London 2012, many businesses and organisations will need to look ahead and make preparations to keep things running smoothly during the games.
45% of managers in London intend to offer employees flexible working options
Businesses are looking to plan for the inevitable disruption that London 2012 will cause. With all the extra visitors in London, delays in journey times seem inevitable. To counteract this, employers are looking at the possibilities of allowing employees to have a more flexible working pattern. Additionally, 41% of London employers are planning to allow staff to work from home during the games and avoid the travel disruption altogether.
Considerations for mobile working
Remote and mobile working can be supported through solutions such remote access to email, video and web conferencing and cloud-based file storage as well as emailing themselves documents and more ad hoc tools.
These solutions certainly allow businesses to work around the pressures created by the Olympics but flexible working can cause new problems. Mobile working solutions can become a risk when dealing with sensitive data creating potential challenges around data loss and data breach. With employees no longer operating from the office, file sharing becomes essential. Businesses need to be evaluating secure data solutions to ensure sensitive data is properly protected.
Keeping data safe while enjoying the games
Businesses need solutions that do not create any additional burdens, especially at a time when they will be putting their London 2012 secure business plans into place.
iSEEU Global Meeting Centre allows organisations to hold virtual meetings, which are efficient and secure. Undertake real-time data sharing and remote consultations, with the knowledge that all sensitive information remains protected. Additionally, iSEEU Global Courier means that businesses can easily send sensitive data without the threat of this information being misdirected or intercepted. Organisations can plan to work around London 2012, confident in the knowledge that their vital information remains safe.
Want to find out more about keeping your sensitive data secure? Download our free data security and information governance whitepaper today.