Whether it’s your friend standing a little bit too close to a sparkler (OK, that was me), or any of the celebrities on Geordie Shore doing just about anything, it’s important to learn from the mistakes of others. And this is true when it comes to security too. The Information Commissioners Office (ICO) released a report on Monday, saying: “If you’re responsible for the security of your organisation’s information and you think salt is just something you put on your chips, rather than a method for protecting your passwords, then our report is for you.”
The report highlights the top eight reasons why orgs have failed to keep personal data secure, and recommends ways to avoid doing the same (warning for any intrepid readers: it’s a very thorough 45 pages long!). Simon Rice, ICO Group Manager for Technology said: “The report has been developed in line with industry best practice and reflects the views and feedback provided by a range of key stakeholders within the IT security industry.”
The word on the street is that whilst there are organisations taking security threats seriously, many are failing at the basic safeguards; so the report is aimed at offering an introduction to established industry practices that might save financial – but possibly more importantly, reputational – damage. It follows an earlier guide on practical IT security for small businesses.
The ICO is also in charge of fining companies that fail to keep their data sufficiently protected. For example, the British Pregnancy Association recently got hit up to the tune of £200,000 because it failed to realise its website was storing the name, address, date of birth and telephone number of anyone who had requested a call back for pregnancy advice. The total of the penalties the ICO have collected from breaches that could have been avoided, or at least minimised, is about a million pounds so far; so it really is in your best interests to secure your data.
Here are the ICO’s top eight computer security vulnerabilities:
· A failure to keep software security up to date;
· A lack of protection from SQL injection;
· The use of unnecessary services;
· Poor decommissioning of old software and services;
· The insecure storage of passwords;
· Failure to encrypt online communications;
· Poorly designed networks processing data in inappropriate areas; and
· The continued use of default credentials including passwords.
So, stay away from open flames, never take advice from MTV celebrities; and thank the people who have bravely messed up so you don’t have to, by taking heed of where your strategy might also fall short.
If you have any concerns about the security of your solution at UKFast call 0208 045 4945 or drop your account manager a call; and if you’re looking for more advice on keeping safe we have four top tips to get you started.