IT security remains a major concern for UK companies as data breaches continue at an alarming rate.
The bad news is that such breaches have not reduced in recent years, despite improved security techniques and greater risk awareness. This suggests that many companies still don’t take the risks seriously enough to introduce preventative measures.
Research in the US, published by the ID Theft Center, reveals that reported data breaches were on a par for 2014 and 2015 – 783 compared to 781 whilst the average consolidated total cost of such breaches has increased 23 per cent since 2013 to US$3.8m.
Gary Jowett, from Computer & Network Consultants in Brighton, says: “All companies should ensure their IT security is robust and there are no weak links where breaches can happen. To provide such protection, two factor authentication and firewalls with deep packet inspection should be implemented. Penetration testing every six months – or at least once a year – to examine all areas of your system is also recommended.”
Penetration testing is just one way to ensure an organisation’s security is not compromised. Another is ensuring everyone has the same diligent attitude to security so that high standards are always maintained.
One threat often overlooked is the enemy within. Microsoft’s report – 5 Questions Executives Should Be Asking Their Security Teams – highlights the threat from insiders and says one way of reducing the risks is by conducting strong background checks when new employees or contractors are recruited.
Watch out for rogue clouds
Another key question the report asks is: ‘how often do you see non-sanctioned cloud services in use?’ This is an important question because while Dropbox, Google Drive and similar internet-based services may be fine for employees to use at home for their personal use, these services may come to represent “rogue clouds” that compromise your own cloud services.
“Many companies still only take security seriously when a breach happens which is far too late,” says Gary. “The reputation of your business is already damaged, its operations are disrupted and large public and private sector organisations won’t ask you to bid for major contracts. So ask yourself this simple question: would you leave home or your office with doors unlocked and windows left open? The answer’s ‘no’ because you realise burglars could walk in and steal valuable items. The attitude to your company’s IT security should be exactly the same.”