BSI: Learn from Phone Hacking Scandal

The lesson for chief executives and managers from the News Corp. phone hacking scandal is that information security is an absolute necessity for any enterprise, according to the British Standards Institution (BSI). The organization warns that the scandal, which has toppled senior leaders at both Rupert Murdoch's company and Scotland Yard, "is just the tip of the iceberg when it comes to keeping company information secure."

Companies must take responsibility for data security if they want to stay profitable and protect their reputations, and they should be aware that most high-profile data breaches result from "bad business processes and policies," not hacking or theft, BSI says.

BSI listed five good practices to utilize and five pitfalls to avoid.

BSI's 5 "must do's":

  • Recognize the importance of all information in your organization.
  • Strike a balance between accessibility, availability, integrity, and security of your information.
  • Assess the real risks associated with information in your business (e.g., loss of customer data during transfers; unhappy staff sharing intellectual property outside the organization; staff opening e-mails and releasing viruses into the network; staff printing out confidential information and losing it or leaving it exposed to loss; access by unauthorized persons).
  • Know your legal obligations (e.g., data protection).
  • Tackle the obvious small things -– locking screens when leaving the desk, displaying security passes, operating clear desk policy, passwords for mobile devices.

Top 5 pitfalls:

  • Assuming the more you spend on software, the safer you are
  • Leaving it all to the IT department
  • Lack of senior management buy-in
  • Staff awareness and competence
  • Believing there is nothing you can do to stop staff compromising the information, either accidentally or through deliberate acts

Data protection guides and training course information are available at its website.

Posted by Jerry Laws on Jul 19, 2011