A new survey has revealed security breaches can cost small businesses £115,000. Don't underestimate the importance of managing information security risks
There is a perception that information security issues caused by hacking, viruses or even rogue employees are somehow a ‘big business' problem. However, latest research commissioned by the Department for Business, Innovation and Skills (BIS) shows this isn't the case.
1. 33% of small businesses were attacked by an unauthorised outsider in the last year
2. 45% of small businesses suffered from infection from viruses or malicious software in the last year
3. 22% of small businesses suffered staff-related security breaches
4. 31% of the worst security breaches in the year were caused by inadvertent human error
5. £65k-£115k is the average cost to a small business of its worst security breach of the year
DID YOU KNOW? The Information Commissioner's Office can fine up to £500,000 to anyone who fails to handle "personal data" in accordance with the Data Protection Act (1998).
Can you trust to luck?
A survey from Lieberman Software Corporation is perhaps even more worrying. Surveying IT professionals, 68% of those asked believed that they have more access to sensitive information than colleagues in other departments, leaving businesses wide open to data breaches from the inside.
The survey found that 39% of IT staff can get unauthorised access to their organisation's most sensitive information - including the CEO's private documents - and one in five has already accessed data they shouldn't.
Sadly, we hear all too often from clients left in a difficult position where ex-employees have taken away valuable documentation and client information that has caused a huge amount of disruption.
What's the solution?
Management must step up to the plate and take charge by establishing systems and procedures to lock down data. Fortunately, there's already a best practice tool to help - it's called ISO 27001.
Think C-I-A!
- Confidentiality - Protecting information from unauthorised access
- Integrity - Ensuring information is accurate and protected by unauthorised modifications, damage or accidents
- Availability - Allowing levels of access to information to appropriate people
ISO 27001 sets out requirements to develop what is known as an Information Security Management System. This helps you to establish the risks your organisations faces and what steps you will be taking to minimise them. The idea behind ISO 27001 is that you become proactive, not reactive.
DID YOU KNOW? Ofcom research shows that more than half (55%) of adult internet users admit they use the same password for most, if not all, websites.
Understandably, people now question how safe their information really is. Who has access to it? Is it backed up? What would the consequences be of it getting into the wrong hands? As a result, ISO 27001 is increasingly being asked for by the public sector. For those who apply for their contracts through tendering, ISO 27001 is therefore a way of not only mitigating risk but increasing competitiveness also.
For free advice, contact the British Assessment Bureau winning team on Tel 0800 404 7007. Visit the website at www.british-assessment.co.uk, or read the British Assessment Bureau's ISO 27001 Beginner's Guide
