Ignorance with regard to encryption technologies means many businesses are mishandling sensitive information. - See more at: http://www.storetec.net/news-blog/firms-are-not-adequately-protecting-their-data
1. Firms ‘Are Not Adequately Protecting Their Data’
Facebook.com/storetec
Storetec Services Limited
@StoretecHull www.storetec.net
Ignorance with regard to encryption technologies means many
businesses are mishandling sensitive information.
That is according to Simon Rice, group manager at the Information
Commissioner's Office, who wrote in a blog post that many
organisations are failing to adequately protect the data they hold on
people, with a lack of knowledge about encryption services the crux of
the matter.
2. He stated that it is a relatively straightforward way of protecting
sensitive information and urged forms to follow this route if the loss of
data were to have an adverse effect on the individuals involved.
Mr Rice suggested that many firms believe the basic level of protection
will suffice in the majority of incidents, something which is not true.
"A common misconception is that just requiring users to log in to a
device or service with a username and password provides an
equivalent level of protection to encryption. This isn't the case," he
wrote on the blog.
3. He went on to point out that passwords and PINs are not equal
alternatives to encryption, adding that these can easily be bypassed by
those with adequate knowledge.
The writer then went on to discuss exactly what encryption is, revealing
that it uses complicated mathematical algorithms to protect sensitive
data.
"This hides the underlying data and prevents any inadvertent access
to, or unauthorised disclosure of, the information," Mr Rice wrote.
4. Businesses have a number of encryption software solutions available
to them, including full disk encryption and individual file encryption, the
expert noted.
Mr Rice concluded by stating that fines totalling £700,000 have been
issued in three recent cases where encryption was not employed.
The ICO stated in an update last year that in cases where laptops
containing personal information that have been stolen or left in
inappropriate places without adequate encryption software, regulatory
action is one of the options on the table.
5. As well as encryption software, personal information also needs to be
managed in line with the organisation's security management
procedures.
Storetec News/Blogs. "
http://www.storetec.net/news-blog/firms-are-not-adequately-protecting-
" Firms ‘Are Not Adequately Protecting Their Data’. Aug 30, 2012.
Storetec.
6. As well as encryption software, personal information also needs to be
managed in line with the organisation's security management
procedures.
Storetec News/Blogs. "
http://www.storetec.net/news-blog/firms-are-not-adequately-protecting-
" Firms ‘Are Not Adequately Protecting Their Data’. Aug 30, 2012.
Storetec.