DCN June 2017 - Page 33

information security year, for example, the Information Commissioner’s Office fined Royal & Sun Alliance Insurance PLC (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers. The ICO report states that ‘a portable “network attached storage” device was taken offline and stolen by a member of staff or contractor who was permitted to access the data server room at the RSA’s premises in West Sussex’, and that ‘RSA did not have in place appropriate technical and organisational measures for ensuring so far as possible that such an incident would not occur’. Sadly, cyber security and information security breaches like this are not far and few between, we see them in the news more times than we’d like to admit. Legal rights It’s no longer the case that you can toss old paperwork into the bin and forget about it; the DPA made it so that anything containing ‘sensitive information’ – be that invoices, customer receipts, business financials, insurance policies, contracts or documents containing PIN numbers or passwords – must be shredded at the very least. The issue with most bog standard office shredders, however, is that they often only cut in vertical strips which could be reassembled with a bit of patience. What’s more, businesses aren’t protecting themselves enough against fraud and theft that may occur internally, putting themselves in danger of breaching the DPA. Earlier this The DPA is just one example of where new regulations have come into force to control the way information is handled and to give legal rights to people who have information stored about them. The Safe Harbor agreement is another, and one which has changed over the years since it was established in 2000. The introduction of the CRB check in 2002 (or DBS check as it’s now known) has also strengthened the position of our industry as it allows firms like ours – those who work with sensitive documents and data on a day-to-day basis – to look at a prospective employee’s criminal history. You really have to be on the ball at all times to keep up with the constant evolution of regulations that govern the information security sector, while ensuring that you’re fully compliant with all industry standards, many of which have been introduced over the last 20 or so years. There are currently standards for a wide range of topics including the ISO27001, ‘The estimated annual cost of fraud in the UK was £193bn last year.’ an international standard that describes best practice for an information security management system (in simple terms, being able to show that your customer data is as secure as possible). Essentially, if you work in the information security sector you have to ensure your businesses is watertight – with your software, your hardware, your staff and your security measures (such as CCTV cameras and ID cards or fingerprint entry systems). Imagine how damaging it would be if we were subject to a security breach ourselves? A long way to go While we have yet to fully understand the impact that Brexit will have on our industry, we do know this; there will always be a need to educate individuals and businesses on the very real possibility of theft, fraud and cyber security breaches in the 21st century. We’re getting there but we still have a long way to go, evidenced by PwC’s Global State of Information Security Survey 2017 which states that 18 per cent of UK organisations don’t know how many cyber attacks they suffered last year. At Shredall SDS Group we’re looking forward to seeing what the future of the information security sector brings, and are ready to adapt. We’ ve seen our business change over the last 20 years as the industry evolves, which has led us to exploit a number of new markets. We predict much of the same over the next two decades; there will be no doubt be new regulations in force – which put even tighter control on how we manage sensitive data – new standards to comply with and perhaps even different threats to those we face today – which will need solutions we haven’t even thought of yet. June 2017 | 33