New legislation has just come into force which empowers the Information Commissioners Office (ICO) to levy fines on businesses of up to 500,000 for serious breaches of the Data Protection Act (DPA), Symantec has cautioned that fines are avoidable provided adequate security best practice is adhered to.
Jason Ellis, EMEA Channel VP, Symantec, said: The ICO is getting tough on data loss following some high profile cases where sensitive information has been stolen or lost. However, by educating businesses about IT security best practice, the channel can ensure businesses avoid the burden of some potentially devastating fines. For a data breach to attract a monetary penalty, the ICO must be satisfied that a serious breach is likely to cause damage or distress and that it was either deliberate or negligent and that the organisation failed to take reasonable steps to prevent it.
Develop and enforce a robust security policy which includes:
Tight governance regarding use of customer data it should not physically leave the premises unless absolutely necessary
Use advanced encryption appropriately for data that does has to leave the premises
Restrict access to customer data only to those staff for whom it is critical
Ensure that confidential data cannot be copied on to portable media such as USB sticks or CDs
Monitor information leaving via email and websites for appropriateness
Protect and manage all PCs, laptops and servers
Maintain active, up-to-date antivirus, spyware and firewall protection
Create strong passwords for all systems and hardware
Use at least eight characters with a combination of numbers, letters and punctuation marks and dont use the same password which is active on other accounts
Dont forget non-electronic security
Shred any documents that contain identifying information before disposing of them
Dont leave financial documents and sensitive information in an unsecure environment
Regular education of employees can help improve awareness of appropriate behaviour