With the recent Dispatches documentary on Channel 4 once
again fanning the flames of anxiety around data theft, firms would
do well to use the publicity as a wake-up call and turn the
security spotlight on themselves.
Research from the Department of Trade & Industry (see
UK firms get data security wake-up call) has shown that half of
all UK retailers and utilities companies do not have any formal
procedures in place to comply with data protection laws. It is an
amazing statistic, and one that illustrates only too clearly the
scale of the challenge the UK faces.
And it is not only an issue for the banks to worry about, but
for all businesses, since the data at risk includes the sensitive
commercial information that is the lifeblood of so many
operations.
Much of that data might not be covered by the Data Protection
Act, but it should still be something that your business takes all
possible steps to protect.
The DTI sees information security standards such as BS7799 or
its equivalent international ISO standard as the best way for
businesses to address data security systematically. That advice
also sits well with the many legal and technical experts, most of
whom will start by telling firms to undertake a full risk
assessment in order to put a value on their various assets and have
a clear idea of which data needs to be protected from prying
eyes.
Whichever tactic you adopt, putting your approach to security on
a more formal footing is the key.
Intrusion detection software has been superseded by intrusion
prevention technology. Now is the time for businesses to make the
same leap and get their data security right from the top down,
before an undercover reporter - or someone much worse - pays them a
visit.