Time to take security seriously
Yahoo, TalkTalk, Tesco Bank, M&S, Three, Sage, Moonpig… all are household names and all have experienced high-profile data breaches in recent times. And they’re not alone; government research into cyber security discovered that two thirds of businesses experienced a cyber breach or attack in the past year.
Another research project, this time from NTT Com Security, says that the majority of businesses in the UK (57%) nowadays expect to be breached, and anticipate it would cost them £1.2m on average for investigation, remediation, notification, business disruption, fines, asset recovery and lost sales. For SME’s that figure is apparently anywhere up to £311k – a sizeable sum for any business.
More than financial damage
While the financial harm can be large, a security breach has numerous other damaging consequences. Brand erosion and reputational damage are just two examples.
While it’s unclear just how detrimental they can be to bottom line, a 2015 Information Security Breaches Survey, conducted by PwC, stated that, when asked what made a particular incident ‘the worst’, 16 out of the 39 organisations that responded cited that it was the damage to their reputation which had the greatest impact.
Warren Buffet once said: “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently”.
More to be done
Amazingly, many organisations are failing to adequately protect themselves from security breaches. The government survey mentioned earlier found that only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.
Happily, it’s becoming easier and easier to protect all areas of business. For example, in the print and document management arena, security has moved on in leaps and bounds in recent years. SSL encryption, secure document release, biometric identification and automatic deletion of documents on print devices have all become commonplace – and should be an integral part of an overall security policy.
For most organisations, this starts with a comprehensive security risk assessment to identify areas that may be at risk – including working practices inside and out an organisation given the proliferation of mobile working and remote access. Naturally any unprotected weaknesses in IT infrastructure and network security should be addressed immediately. Clear communication, training and regular security awareness activities should all be part of ongoing cyber security measures. Plans should also be put in place to manage breaches if they occur. This should include incident response, disaster recovery and business continuity plans.
Wide business benefits
Plenty of tools are available to help with security and it’s worth bearing in mind that introducing strong security can benefit other areas of business.
Just one example is KYOCERA Net Manager, a server-based application that streamlines and secures document processes, not only controls sensitive documents but can also reduce document processing costs. Printing, copying and scanning starts only after the user has logged in at a selected device, using different authentication methods according to security requirements. In addition, the app records detailed statistics about print costs generated per project, user or department, which helps to raise awareness about and reduce cost, as well as making accounting easier. Fast, one-click operations and user-based scanning and faxing profiles also boost efficiency.
The government says the most common cyber security attacks detected involve viruses, spyware or malware, which can be prevented. The government’s cyber security arm has published extensive guidance on how organisations can protect themselves in cyberspace, which can be found here.
Beware of the fines
Finally, there has never been a better time to get security policies in order. In 2018, the European Union’s General Data Protection Regulation (GDPR) will introduce fines for groups of companies of up to €20m or 4% of annual worldwide turnover, whichever is greater – far exceeding the current maximum of £500,000. That’s something nobody can afford to ignore.