Global Secure Systems - Minimising Security Breaches - Monthly Newsletter December 2007

Home

Affiliated Sites and Services

• Team Mermaid
• GSS Ireland

Other newsletter stories

• Peapod and GSS
• Who's using Facebook?
• GTA release GB Commander 2.0
• Revamping Remote Access
• AirMagnet Enterprise 8.0 announced
• Team Mermaid news
• Minimising Security Breaches
• AppGate introduce smart USB client

Monthly Newsletter December 2007

Minimising Security Breaches

The recent HMRC data loss highlights the importance of security. But as GSS knows, HMRC are not the first, or the last, to lose data. 

The HMRC have a massive duty of care, which has been breached, but then so do lots of organisations. Whilst it is not acceptable to be losing data of this nature, HMRC are not the only large organisation to lose client data.  There have been other high profile losses – like Nationwide Building Society and TKMax.  But what can we learn from the incident and how do we stop this data loss happening?

GSS has been working in the IT Security arena for over 10 years. During this time we have provided indispensable advice to organisations on how to protect sensitive data, from personal customer records to sensitive business plans and confidential financial results.  “It’s pointless everyone pointing fingers and placing the blame on a junior clerk,” says Robin Hollington, Director of Consulting at GSS.  “So let’s not jump on the bandwagon and throw mud at HMRC for the sake of it.  We need to learn from the incident.”

"Information leakage from within and low-tech unauthorised disclosures are two major causes for concern, as are lack of management awareness, staff education relating to the use of removable media, working outside of the secure office environment etc., the list goes on.  There really is a lot to look at.”

“I’m sure HMRC has policies in place that should have prevented this crisis in confidence but if these policies are not communicated to every member of staff, or are enforced, then they are not worth the time they took to write. Additionally, there are simple, cost effective solutions available that could have encrypted this data as soon as it was passed outside the secure environment, in this instance downloaded to a CD.”

“By adopting a sound organisational security policy that is effectively communicated to every member of staff, ensuring compliance is embedded in operational processes, implementing a regular audit programme and insisting on technical compliance testing of your internal and internet facing IT infrastructure, as well as testing staff are adhering to these processes and policies, all aspects covered by the ISO 27001 standard, you stand the best chance of minimising the likelihood of a security breach."

Information security assurance can no longer be dismissed by business leaders as an afterthought, but must be treated as a cornerstone of any organisational strategy by any enterprise serious about remaining in business as a going concern in the 21st century.  The marketplace has long moved on from just security - organisations need to implement a holistic unified corporate governance. This covers all aspects of information security and assurance, regulatory and legal compliance, business continuity and privacy.

GSS is in a perfect position to help all types of organisation achieve a secure holistic corporate governance.  Through the deployment of technology, frameworks or independent consulting advice and services through its Consulting services, GSS help its clients meet the evolving challenges of today.

If you are concerned about issues within your own organisation GSS have a range of consultancy services to address the topics discussed.  Email info@gss.co.uk to find out more.

This story was originally featured in the GSS Monthly Newsletter December 2007

Subscribe to the GSS Monthly Newsletter

Subscribe to the GSS Montly Newsletter and we'll keep you updated on the main developments in the world of computer security.