55% of Irish organisations have seen company data stolen, hacked or otherwise compromised largely due to “negligent employees”. Are you protecting your data?
In Ireland data breaches is now a serious threat for Irish businesses with two in five now rating external hacking as one of their top three IT threats, according to a survey by Irish Computer Society. A third of Irish firms say they have seen sensitive data slip out once in 2015, while a further 22% say it has happened multiple times in the same time period.
A big issue which Irish organisations have is that they are simply unaware if they have been hacked. According to the survey a quarter are unaware if they have let sensitive data slip out. A common reason for this is down to a lack of training and policies being implemented within an organisation. Based on this survey, 41% of those who are made responsible for data protection issues within companies have had insufficient or no training. Furthermore, over 25% of Irish companies have taken no measures to protect against external data breach threats or are "not sure" whether they have done so.
The survey also revealed that companies are unclear about who is liable if a breach occurred. 41% of Irish company executives say that they would face official sanctions in the case of a data breach, while 58% say there would be no sanction or they were unaware of such sanctions.
This should now become more clear with the introduction of new EU legislation called General Data Protection Regulation (GDPR). This will be the first legislation that will apply to all countries that process data of EU residents. The GDPR states by May 2018 any organisation that holds EU client’s data and do not acknowledge a breach will face fines up to 20 million euro.
Currently, just 65% of Irish executives say that their firm had an official data breach policy. Meanwhile, over a third of Irish companies are "not confident" that staff know what procedures to follow in the event of a data protection incident. This means that organisations based in Ireland across Europe need to begin implementing information security policies that show they’re actively protecting their client’s data.
Based on the statistics it is clear human error plays a factor when data is compromised. To prevent data breaches from occurring organisations are now implementing information security frameworks that will allow transparency for all staff to ensure best practices are maintained resulting in a secure system for data.
One such system is ISO 27001 Information Security Management System. This is a globally recognised best industry standard, which provides organisations with a framework to ensure best practices are being incorporated and maintained. This can be adapted to any organisation regardless of size, or number of locations. The standard also provides a framework on how best to manage a data breach if it occurs.
From our experience of working with client’s that implement systems like ISO 27001 and go for certification, having a management system in place provides confidence assurance and certainty to clients, employees and stakeholders alike that you are managing the risk of future security breaches to the highest industry standards.
Also, with the newly introduced GDPR coming into effect, ISO 27001 certification will help your business comply, plus any further Information security legislation.
If you would like to learn more about ISO 27001 and how it can be adapted to suit your company’s needs, speak to one of our advisors.