Data breach: Keeping sensitive data secure


It was revealed last week that the names, telephone numbers and security questions for at least 500 million Yahoo users were stolen in one of the largest online breaches ever.

However, Yahoo is not the first company to be at the centre of such a scandal and they certainly won’t be the last. In the past year alone, cyber security incidents have cost UK companies an anticipated £34.1 billion.

Dominic Johnstone, Head of Information Management Services at Crown Records Management, says: “The two main risks a company faces as a result of a breach are, damage to its reputation and company valuation.”

A company which suffers a data breach could also receive a hefty fine due to its negligence. Dominic continues: “The Information Commissioner’s Office can now impose a substantial £500,000 fine and, when the General Data Protection Regulation comes into play, this could increase to anything between £10,000,000, £20,000,000 or 4 per cent of company’s global turnover.”

Dominic suggests the key things companies should consider to help reduce the risk of a cyber security breach are:

Educate staff:

Much of the risk can be mitigated by having a developed training and awareness program within an organisation as well as a clear communications plan on new risks and methods and repeated reminders to be safe.

Set protocols:

Build your IT infrastructure, protocols and training regime around a system such as ISO27001. Have a clear information governance program and understand your risks with a clear data map. Plus, use behavioural tracking to see out of the ordinary actions by users.

Make sure you have reliable insurance:

Cyber insurance is a consideration that also forces organisations to secure their company’s assets so should be encouraged where appropriate.

Be proactive:

Advanced defences, behavioural tracking and robust testing of the defences is vital to ensure your organisation isn’t the next one in the news.