The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Failure to Encrypt Let Thieves Rip

05 February 2016 | Updated 01 January 1970

A worrying report reveals that 26% of organisations have suffered loss or exposure of customer data in the last 12 months and with failing to encrypt sensitive information.

 The report by AIIM reveals that 26% of organisations have suffered loss or exposure of customer data in the last 12 months but 25% of organisations do not encrypt sensitive data and struggle to address data privacy
It becomes puzzling therefore that while 38% of organisations are highly dependent on sensitive personal content to as part of their business processes, they struggle to address data privacy.
The report – Data Privacy – Living by New Rules – revealed that in the last 12 months, 26% of organisations suffered loss or exposure of customer data with 18% losing employee data. As a consequence, 10% received action or fines from a regulator, 25% saw a disruption to business and 18% a loss of customer trust.
Data breaches are much more likely to be due to internal staff than external hackers with 47% of organisations surveyed having suffered a data breach, exposure or incident in the past 12 months due to staff intent (19%) or staff negligence (28%). 13% suffered data loss from external hackers. Despite this, around a 25% of respondents feel that senior management does not take the issue of data privacy breaches seriously.
The research also revealed a lack of familiarity with forthcoming General Data Protection Regulations (GDPR) which are now heading for the statute books across the EU. 37% of those storing Europeans’ data are not familiar with GDPR, including 11% who (mistakenly) think it will not apply to them.
Furthermore, 11% consider the recent European Court ruling that largely negates the Safe Harbour arrangement for US companies storing Europeans’ data to be a ‘disaster’ – 67% are placing increased reliance on other measures and 33% are waiting for a renegotiation of Safe Harbour, or clarification through the GDPR.
“If an organisation holds data on European citizens, they have to be aware of the need to ensure that European data protection standards apply wherever that information is stored and ensure their organisation is taking steps to ensure compliance,” explained Bob Larrivee, Chief Analyst, AIIM. “GDPR means that both data processors and the organisation whose data is being processed are joint data controllers so the organisation needs to positively audit the processor, including cloud service providers, to ensure that compliance is being met.”
Organisations are taking some steps, however, to ensure the privacy and security of the data they hold. 64% of respondents claim to encrypt all Personally Identifiable Information (PII) they hold, rising to 75% for sensitive personal data.
Nevertheless, only 38% encrypt email addresses and an ‘astonishing’ 25% of those storing credit card details do not encrypt them – which is likely to be an immediate contravention of the PCI-DSS standard. 20% rely on metadata and content types to drive security but half of respondents admit to poor metadata standards – a situation that can be improved with the latest metadata correction and data cleaning products.
The survey was taken using a web-based tool by 202 individual members of the AIIM community between 23 October 2015, and 16 November 2015. Invitations to take the survey were sent via e-mail to a selection of the 160,000 AIIM community members.

Picture: The AIIM report finds a worrying 25% of organisations do not encrypt sensitive data

Article written by Mike Gannon | Published 05 February 2016


Related Articles

Officers of Distinction

The British Security Industry Association's Security Personnel Awards has seen Securitas staff recognised in three categories. Meanwhile, three Axis Security Officers...

 Read Full Article
On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article
Top 10 IT Security Predictions for 2018

As the headline fact, blatantly states, we have the top ten IT security predictions - courtesy of Ian Kilpatrick.   1. Security blossoms in the...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
Action Fraud Helpline Goes Live For Live Cyber Attacks

Action Fraud, the national fraud and cyber crime reporting centre, has launched a 24/7 live cyber-attack helpline. During its pilot since October 2016, Action...

 Read Full Article
NHS Seeks Friendly Fire Power In Cyber War

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage...

 Read Full Article
Uber And The Cyber Nightmare Ride

In an unprecedented move, the National Cyber Security Centre has commented specifically on the Uber data breach - with a coded reference to the fact that Uber tried to...

 Read Full Article
If Dolly Can Be Hacked, What About The Hand Dryer?

  Connected toys with Bluetooth, wi-fi and mobile apps may seem like the perfect gift for Christmas. But Which? has found that, without appropriate safety...

 Read Full Article
Yahoo Cyber Breach Was Bigger

Yahoo has announced (week ending Oct 6) that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company...

 Read Full Article
FTSE 350 - General Data Protection Awareness Good

The Government will soon be introducing its new Data Protection Bill to Parliament. With this almost certain to come into effect next May, implementing the General Data...

 Read Full Article