Tag Archives: Bob Tarzey

Business smartphones suffer from data encryption deficit

A new study has found worrying evidence that a majority of smartphones used by businesses do not have any kind of encryption protecting the sensitive data which they store, leaving the door open for malicious parties to steal and corrupt corporate details and private information.

Seventy per cent of respondents to a survey carried out by security firm Check Point, said that the smartphones issued by their employers had no kind of encryption in place, while 87 per cent said that this extends across other portable storage solutions such as USB memory sticks.

The analysts claim that the study shows just how difficult it can be for IT departments to keep on top of device security, consequently making it much more difficult to counteract data loss, portable storage theft and unwarranted third party network access.

Two hundred and twenty people took part in the study and vulnerabilities were exposed in almost all of the businesses which they represent. The results are said to show that as workers move into operating more regularly in a mobile environment, the threats posed to data increase.

Many are attempting to step up efforts to stem the growth of potential data loss flaws by implementing the usage of secure VPNs on laptops, which was suggested by 52 per cent of respondents. Meanwhile, only 23 per cent said that they would be encrypting portable hard drives and a fifth said USB memory sticks would be getting encryption over the next 12 months.

Check Point’s Nick Lowe, said that because many businesses are going to increase the number of devices capable of storing data, the problems facing the security teams are becoming greater.

There is a general debate over who should be held responsible for the protection of data stored on a portable, mobile device, according to Mr Lowe.

Industry analyst Bob Tarzey, believes that with greater restrictions on personal device usage, many businesses will actually increase the number of employees who break regulations and so urges firms to employ sensible, inclusive practices, so that security can be assured without alienating the average employee.

Businesses ensuring data loss prevention compliance

The latest figures show that organisations and firms based in the UK are far better equipped to protect personal information and sensitive data than their European or American counterparts.

The number of firms achieving accreditation under the ISO 27001 data loss prevention standards in the UK is higher than in many other global markets, showing that there is a positive approach towards meeting recognised rules relating to data protection policies.

444 businesses and organisations in the UK have attained accreditation under the ISO 27001 standards, which places the country second in the world, with only Japan’s business community demonstrating greater compliance. Two of the world’s largest economies, Germany and America, have just 137 and 96 firms meeting the ISO 27001 requirements respectively.

Data storage and security experts believe that there is a disparity between the number of UK firms that have clearly shown support for the ISO 27001 standards in creating data protection policies which stand up under its scrutiny and the volume of reports which suggest that the uptake of compliance measures is inadequate and slow.

ISO 27001 has its origins in the UK and the figures for UK firms in compliance are perhaps lower than the real numbers because firms are failing to notify the authorities once they meet the requirements, according to data security consultant Stuart Bonell.

ISO 27001 accreditation is not managed centrally, but rather by third party firms that carry out the process on behalf of the ISO. The differing levels of compliance and the varying stages of the conformity process can also lead to significant differences in the real level of security between two different firms, according to analyst Bob Tarzey.

Some believe that security vendors are creating an atmosphere of suspicion and unnecessary fear within the UK industry in order to sell their products. It is thought that pushing for tougher and tougher regulations will always leave some firms behind and will render previously respected regulations worthless in the longer term.

It is believed that about 40 per cent of UK firms are attempting to achieve compliance with ISO 27001 standards, with regulatory bodies such as the Financial Services Authority (FSA) drawing upon it as a reference in their own work.

Report shows attacks on business data integrity still high

A new study has shown that in Europe around 28 per cent of businesses have experienced attacks against the integrity of their data. A total of 420 firms were questioned as part of the study carried out by InfoSecurity, highlighting the persistent threat posed to inadequately protected data.

Although the frequency of the attacks is high, only six per cent of the affected firms said that they had been seriously affected by the assaults and as a result had strengthened their data protection systems.

Any attack on the integrity of an organisation’s data that succeeds could have a negative effect on the firm involved. Everything from credit ratings to public perception can be damaged and thus the financial burden can be felt long after the event has been detected and new measures have been put in place.

The study also found that 14 per cent of firms cannot actually identify an attack and 50 per cent say that although they have yet to detect any direct attack, if such an event were to occur, it could prove to be serious.

Of the hundreds of organisations questioned, only three per cent said that they were confident that attacks against the integrity of their data would never be a significant issue.

Data protection expert Bob Tarzey said that growing data volumes within businesses would only heighten the problem of integrity attacks and the nervousness of businesses in relation to this matter was understandable.

Mr Tarzey said that he was surprised by the number of respondents who said that their businesses had been hit by attacks in the recent past. He believes that the inability of businesses to detect these attacks could lead to a mounting issue surrounding data integrity in the future.

InfoSecurity’s Claire Sellick added that the confidentiality and availability of data within businesses needs to be addressed in the same way in which the integrity of that data is handled. Many experts are calling for businesses to disclose information about the incidents that they do manage to detect, rather than withholding it for fear of the ramifications.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal