Tag Archives: USBs

70% of financial companies suffer cyber security incident in last 12 months

New research conducted by data security company Clearswift reveals that 70% of financial companies have experienced a cyber security incident in the past year, highlighting the serious threat that both data breaches and malicious attacks pose to the UK’s financial sector.

The research, which surveyed senior business decision-makers within enterprise financial organisations in the UK, found that almost half of the incidents reported over the past 12 months originated from employees failing to follow security protocol or data protection policies. This threat was biggest in mid-sized financial companies (with 3,000-4,999 employees) with 52% of respondents citing employee failure to follow corporate data protection policies as their biggest issue.

In addition to this, it was found that further causes of cyber security incidents within the financial sector included the introduction of malware and viruses via third party devices, including USBs and Bring Your Own Device (32%), file and image downloads (25%) and employees sharing data with unintended recipients (24%).

UKFinanceCyber

“The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s Critical National Infrastructure, so it’s alarming to see such high numbers of security incidents within financial organisations,” said Dr Guy Bunker, CTO at Clearswift. “Unfortunately, in this day and age it’s a case of ‘when’ not ‘if’ a firm is breached so the financial sector needs to shift gears and speed up the innovation and deployment of effective data protection and threat mitigation strategies.”

The numbers associated with security incidents are in stark contrast with further findings from the survey which revealed less than a quarter (23%) of respondents had an adequate level of budget allocated to cyber security within the firm. Unsurprisingly, 73% of respondents would like to see some – if not a significant – increase in their organisation’s cyber security spending.

Bunker added: “Whether it’s an inadvertent mistake, a malicious insider or an external threat actor that causes a security incident, the ramifications of data loss are extremely serious for any organisation. For those organisations who hold citizen data and their financial information, there’s a need for extra vigilance to protect that data no matter where it’s stored, how it’s processed or what digital collaboration channels it flows through. Understanding the latest threats and the potential consequences from next generation attacks will help drive the business case for investment in new technology to mitigate the risks.”

He continued: “Cyber security needs to rapidly evolve and the budgeting process should take this into account. The threat which can bring down a company may not have existed three months ago. Financial organisations need to be able to respond immediately in order to protect their reputation. While many areas of securing a company’s data can be improved by educating employees and developing clear policies and processes, technology plays a key role in mitigating today’s biggest threats through automating and enforcing security protocols. This requires investment. Great information security is a positive business differentiator and a driver of growth.”

Leave a comment

Filed under Risk Xtra

“Remote working places business data at risk” reveals Imation Corporation Survey

According to new research initiated by global data storage and information security company Imation Corporation, poor security and impugned responsibility are placing business data at risk for those working remotely. Staff are taking confidential information away from the office, often without the knowledge of their employer, and losing unsecured and unencrypted business data in places such as pubs, on trains and in hotels.

According to the survey of 1,000 office workers* from the UK and Germany, nearly two-in-five of respondents (or someone they know personally) have lost or had a device stolen in a public place. Three quarters of these devices – among them laptops, mobile phones and USB sticks – contained work-related data. This included confidential e-mails (37%), confidential files (34%) and customer data (21%).

Around one-in-ten interviewees had lost financial data or access details such as login and password information, potentially exposing even more confidential information to the risk of a data breach.

What makes these findings even more concerning is that a large proportion of data removed from the workplace isn’t adequately secured. As many as three quarters of respondents said they had taken digital files with them outside of work, yet many do not use standard security measures such as encryption, password protection or remote wiping to protect that data from unauthorised access.

One-in-four employees interviewed for the Imation Corporation’s survey admitted breaking security policies to work remotely while the majority were not concerned about losing confidential business data

One-in-four employees interviewed for the Imation Corporation’s survey admitted breaking security policies to work remotely while the majority were not concerned about losing confidential business data

Nearly half (44%) of respondents said that data is never encrypted when taken out of the office. Three out of every ten respondents admitted they don’t protect their data with passwords, while nearly one-in-ten workers who take digital files outside of the office do not secure them at all.

Office workers, it seems, are not losing any sleep over losing confidential business data when they take work home, with only one-in-16 worrying about this massively important issue.

Lack of understanding around corporate data security

“Companies may not be aware of the amount of data that’s leaving offices unsecured,” said Nick Banks, vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions. “In addition, half of respondents said that, at least some of the time, nobody would notice if they were to take data away from the office and lose it. It’s obvious that poor security and lack of understanding of what happens to corporate data are placing organisations at risk of a data breach.”

Even though eight-in-ten of the employees interviewed read or write work e-mails on the move, and around seven-in-ten work on electronic documents away from the office, businesses are failing to provide their employees with secure tools for remote working and not putting the right security policies in place.

Fewer than six out of every ten respondents said their organisation had a remote working policy in place. Of those employees working for companies that do have a policy, more than a quarter of interviewees admitted they’d broken that policy in order to work remotely. Of those staff questioned, 8% had knowingly broken the policy and a further 18% say they’d unknowingly broken it.

Equally, of those individuals who do secure data that they take outside of the office, just over half said that their employer or a third party supplier provides the remote working security measures. One-in-five respondents reported that just they themselves provide the security measures.

“These figures emphasise the urgent need for businesses to ensure that their employees have the necessary systems in place to work flexibly and securely without further hindering productivity,” asserted Banks. “The reality is that people are working in cafes, on aeroplanes, in their GP’s waiting room and even while they take their children to the park. Organisations are tasked with a monumental challenge of providing secure access to corporate networks and data. Data protection is now a huge concern for employers who are battling to manage security and privacy for employees on the move.”

Nearly half (44%) of survey respondents said that data is never encrypted when taken out of the office

Nearly half (44%) of survey respondents said that data is never encrypted when taken out of the office

Key highlights of the research

Other research highlights are as follows:
• As many as 41% of interviewees suggested that they either do not have the right tools available to work remotely or that their solutions for doing so could be improved
• Three-in-five respondents would tell their boss if they lost a storage device with company data on it. However, nearly one-in-ten would do nothing. Less than one third of survey respondents said they have policies that dictate who should be notified depending upon the type and sensitivity of the data lost
• Almost a quarter of respondents have looked over the shoulder of someone working on a laptop/tablet in a public place or noticed someone looking over their shoulder while 6% would let someone else use their work laptop, tablet or smart phone outside of the office
• Around half (48%) of respondents that take digital files with them outside of the office do not fully separate their work and personal data, in turn placing their personal data at risk of being wiped when business data is compromised
• Only 70% of respondents report that they protect their data with passwords and only 36% encrypt their data. A small proportion of respondents are using biometric technology (14%) or remote wiping (7%) to secure their data
• Public areas such as pubs, cafes and restaurants (22%) and public transport (29%) are some of the most common locations for respondents to read or write work e-mails when outside of their home

Nick Banks: vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions

Nick Banks: vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions

*The research consisted of 1,000 online interviews carried out this summer and involving office workers in businesses of at least 250 employees and covering a range of industry sectors. 500 respondents emanate from the UK and 500 respondents work in Germany. 80% of respondents were required to work remotely for at least part of their working week. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate

Leave a comment

Filed under Risk UK News