London, UK: British cyber security specialist, Becrypt, has announced the publication of a whitepaper examining the impact of Intellectual Property (IP) loss to UK business through malicious attack or human error. The whitepaper from Becrypt explores some of the common mistakes that are leaving businesses unnecessarily exposed and suggests a set of best practice recommendations that all businesses should be following to protect themselves from the risk of IP theft.
Theft of data from devices may fall into the category of human error, such as a briefcase left on a train or a laptop carelessly disposed of, or may be a deliberate, malicious act – the work of a disgruntled employee or a corporate spy.
Cath Hackett, VP of Product Portfolio at Becrypt commented: “Many businesses assume that because their laptops are password-protected, and have some security software installed, their data is secure. It’s not. If someone has actually got hold of the physical device, or copied data on to removable media, then all of the firm’s valuable data could still be exposed.”
Data security incidents are a major concern for organisations and a key area of action for the Information Commissionaires Office (ICO). The ICO has the power to serve a monetary penalty notice requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act occurring on or after 6 April 2010.
Furthermore, when the European General Data Protection Regulation (EU GDPR) comes into force in the near future, the potential cost to businesses from the loss or theft of valuable data will increase even further. The EU GDPR will introduce severe penalties for compliance failures, with potential fines of up to 5% of worldwide turnover.
Recent findings published by the ICO showed that in the most recent quarter (Q1 2015/16) there was a 22% increase in data breach incidents resulting from loss or theft or unencrypted devices[i].
Hackett continued: “Businesses are increasingly aware of the risks of IP theft, but many have glaring holes in their security strategy when it comes to securing data-at-rest. Using industry-certified encryption across the organisations devices significantly reduces the risks of valuable IP being compromised via a lost or stolen device. It also helps to limit the impact of a breach if one does occur. By taking a holistic view of their entire device estate, organisations can identify the solution that best suits their business needs. With the risk of data breaches an increasingly hot topic on board agendas, and the increasing tendency to store sensitive data on laptops and mobile devices, IT leaders must take action on this issue now.”