Are you liable?
As things stand today, if you were to lose, misplace, or have personal information stolen or misdirected your company will be liable to potential regulatory action. This could include fines, as well as the naming and shaming of your company on the Information Commissioner’s Office website.
Think about that for a second. A fine significant enough to put your business in jeopardy and your reputation as a credible business going up in flames as you are publicly named as being incapable of protecting personal and sensitive data – information that your clients and suppliers have entrusted to you. Imagine having to ring those clients and suppliers to tell them that you have lost that information.
Do you think that it won’t happen to you? That’s what these 180 organisations thought.
Your hard work up in smoke
There’s also the risk of commercially sensitive information getting into the wrong hands. What would be the impact if someone walked out of your business with all of your client details, pricing and costing models?
We’ve seen a growing trend towards attacks motivated by the desire to get hold of a company’s tender responses, bid pricing and delivery or implementation models. Just think: all of that hard work undone in a matter of minutes because your network isn’t sufficiently secure.
The simple truth is that more than 65% of companies in the UK haven’t even begun to look at protecting their company data. Nor do they understand the severity of the consequences they face if they were to lose that information.
The Information Commissioner’s Office takes security breaches extremely seriously. Their stance is that if a company fails to encrypt its personal and sensitive information, that company is liable to face regulatory action. No exceptions.
Here’s a link to the ICO data security incident trends report; a comprehensive account of business sectors that are failing to address security issues against a backdrop of a rising number of data security related incidents. Because the reporting of a breach (a loss of information) is now mandatory, this trend will continue to rise until it reaches its peak, bringing with it fines and associated reputational damage for businesses.
The case for encryption
Investigating and implementing an encryption policy or plan is – if you don’t already have one – a must for your business. Simply ‘misplacing’ an email or sending it to the wrong person can now have as much of an impact on your business as the familiar scenario of leaving a government database on a train.
We specialise in developing and implementing comprehensive encryption policies, working with you to cover all aspects of your business. From on-site data storage, cloud-based storage, USB and CD/ROM use and restrictions to proximity encryption for ease of transportation, remote data destruction capabilities if sensitive data is lost or stolen and mobile encryption – we can help. We can also develop full history reporting if required to prove compliance with ICO regulations.
Making it easy for you
Many businesses see encryption policies as – in the words of many business owners I’ve spoken to – a ‘royal pain’. As such, they often put off implementing them until it’s too late. We can help you develop and implement a robust encryption policy for your organisation that strikes the right balance between keeping data secure from would-be hackers and giving your employees the free rein they need to work productively.
Companies that do dip a toe in the water often start by protecting their most sensitive data, an approach that sounds sensible at first glance. However, this is not always the best approach. And here’s why: if you only encrypt your sensitive data, how easy would it be for a criminal to work out what to look for?