As we see more and more news headlines reporting on the heavy fines from the Information Commissioners Office (ICO) for organizations that have lost data or who are perceived to have mishandled information*, there is a growing culture of fear and concern as we all wonder, "who will be next to drop the ball?"
This is at a time when IT and security budgets are being cut and organizations are struggling to identify where to prioritize their efforts and how to find the money to invest.
I recently attended an NHS event where one delegate actually said that some Trusts would almost welcome an ICO fine because it would mean that budget would be found to invest in the correct security technology! How sad a situation we find ourselves in!
At Egress we constantly work with our clients and partners to understand the challenges they face when sending information and data securely. It ensures we are providing solutions that solve these problems.
In June we decided to take this one step further and in partnership with the SC Magazine Website ran a survey entitled "Data on the move - How do you share your information?"
The objective was to look in detail at some of these issues, to try and understand how they are being managed by organizations across multiple sectors and where the systems are failing.
The results were startling! There is a full write up in the latest issue of SC Magazine, but here are some of the key points;
- 94.5% of those surveyed thought that data security systems are often overlooked when sharing confidential information because they are too complicated for the recipient or both the sender and recipient to use.
- Over 10% of firms still rely on fax or registered post to send sensitive data to third party suppliers or clients... whilst 67.9% rely on unsecured email to send this information!
- 71.6% use either FTP sites or unsecured transfer sites (Yousendit, Dropbox, etc) to send files that are otherwise too large to email.
- 74.5% said they have received an Outlook recall request – suggesting a huge number of incorrectly sent emails!!
- And finally 92.6% of surveyed confirmed that the ability to prevent an email recipient forwarding on an email was important, something traditional email can't do!
Having looked in detail at these stats there are a number of conclusions;
- Clearly the systems are not currently in place to enable users to effectively send information securely.
- The systems that are in place are often so complicated that they actually prevent users from doing their work efficiently and therefore are more often than not overlooked.
- There doesn't seem to be enough emphasis on education. Do end users really understand when they are sending something securely and when they are not? Do they know what information needs to be sent securely and what information doesn't?
And the one that gets me every time - 10% of firms still rely on fax and registered post to send sensitive information… there was me thinking we worked in the 21st century?!
So where does all that leave us?
- Well I think we can confidently predict that the number of ICO fines will continue to rise both in the Public and Private sectors.
- Organizations will continue still struggle to implement best practice solutions that ensure they comply with the Data Protection Act.
- And most important of all, sensitive information that may include yours or my details may be lost or fall into the wrong hands!!
Until organizations and end users understand the true security threat and are educated both on the right technology systems to use and how to use them, then this is a story that just won't go away!