information security
year, for example, the Information
Commissioner’s Office fined Royal
& Sun Alliance Insurance PLC (RSA)
£150,000 following the loss of the
personal information of nearly
60,000 customers. The ICO report
states that ‘a portable “network
attached storage” device was taken
offline and stolen by a member
of staff or contractor who was
permitted to access the data server
room at the RSA’s premises in West
Sussex’, and that ‘RSA did not have
in place appropriate technical
and organisational measures
for ensuring so far as possible
that such an incident would not
occur’. Sadly, cyber security and
information security breaches like
this are not far and few between,
we see them in the news more
times than we’d like to admit.
Legal rights
It’s no longer the case that you
can toss old paperwork into the
bin and forget about it; the DPA
made it so that anything containing
‘sensitive information’ – be that
invoices, customer receipts,
business financials, insurance
policies, contracts or documents
containing PIN numbers or
passwords – must be shredded at
the very least. The issue with most
bog standard office shredders,
however, is that they often only cut
in vertical strips which could be
reassembled with a bit of patience.
What’s more, businesses
aren’t protecting themselves
enough against fraud and theft
that may occur internally,
putting themselves in danger of
breaching the DPA. Earlier this
The DPA is just one example
of where new regulations have
come into force to control the
way information is handled and
to give legal rights to people who
have information stored about
them. The Safe Harbor agreement
is another, and one which has
changed over the years since it
was established in 2000. The
introduction of the CRB check in
2002 (or DBS check as it’s now
known) has also strengthened
the position of our industry as it
allows firms like ours – those who
work with sensitive documents
and data on a day-to-day basis – to
look at a prospective employee’s
criminal history.
You really have to be on the
ball at all times to keep up with the
constant evolution of regulations
that govern the information
security sector, while ensuring
that you’re fully compliant with all
industry standards, many of which
have been introduced over the last
20 or so years. There are currently
standards for a wide range of
topics including the ISO27001,
‘The
estimated
annual cost
of fraud in
the UK was
£193bn last
year.’
an international standard that
describes best practice for an
information security management
system (in simple terms, being able
to show that your customer data is
as secure as possible).
Essentially, if you work in the
information security sector you
have to ensure your businesses is
watertight – with your software,
your hardware, your staff and
your security measures (such
as CCTV cameras and ID cards
or fingerprint entry systems).
Imagine how damaging it would
be if we were subject to a security
breach ourselves?
A long way to go
While we have yet to fully
understand the impact that Brexit
will have on our industry, we do
know this; there will always be
a need to educate individuals
and businesses on the very real
possibility of theft, fraud and
cyber security breaches in the
21st century. We’re getting there
but we still have a long way to go,
evidenced by PwC’s Global State of
Information Security Survey 2017
which states that 18 per cent of
UK organisations don’t know how
many cyber attacks they suffered
last year.
At Shredall SDS Group we’re
looking forward to seeing what the
future of the information security
sector brings, and are ready to
adapt. We’ ve seen our business
change over the last 20 years as
the industry evolves, which has
led us to exploit a number of new
markets. We predict much of the
same over the next two decades;
there will be no doubt be new
regulations in force – which put
even tighter control on how we
manage sensitive data – new
standards to comply with and
perhaps even different threats to
those we face today – which will
need solutions we haven’t even
thought of yet.
June 2017 | 33