User awareness is key to avoiding information security failures

By Laura Duffy

July 30, 2007

A prime example of the pressures placed on Compliance and Security managers today is the recent condemnation from the UK’s Information Commissioner’s Office (ICO) on the failure of government bodies and Britain’s largest companies to comply the Data Protection Act.  In the past year, there have been a number of incidents surrounding security breaches including Nationwide Building Society, Orange, Littlewoods and HBOS, to name a few. 

Information Commissioner Richard Thomas was quoted saying, “The roll call of banks, retailer, government departments, public bodies and other orgsanisations which have admitted serious security lapses is frankly horrifying”.  The ICO is now calling for stronger audit and inspections powers and is lobbying for the creation of a two year jail sentence for people deliberately abusing personal data. 

Speaking on the increasing trend in regulation, Robert O’Brien, Managing Director at Security Software Company Baronscourt said “Sustaining enthusiasm about information security and its importance amongst internal staff is a major issue. Even for senior management it is difficult to ensure that continuous profile is given to information control”. He commented that “the Information Commissioner has identified the problem and in absence of industry action, is likely to take a more draconian approach”

“One of the easiest ways to deal with this issue is to automate user awareness programs and enforce user participation in the promotion of Information Security amongst staff. If you do have an Information Security failure it is critical to be able to demonstrate compliance and best practice to the Regulator” said O’Brien.

Baronscourt Technology has developed a suite of software that assists organisations to deal with internal security issues in a practical way. The Baronscourt philosophy is simple:
• Stop employees doing things on the computer that weaken security.
• Ensure communication and understanding of best practice.
• Demonstrate compliance and evidence of duty of care.
Its software has been designed to work with existing ICT infrastructures and to integrate with widely used applications and third party security products. We build our software to be as unobtrusive as possible and to have minimum demand on the current systems or IT staff.

Home     More Baronscourt Stories     Search News

More News