Every week seems to bring brings new revelations of the large-scale loss or mismanagement of personal data and records. And each incident seems to trigger the same response – ‘we’ll investigate and improve our systems and processes.’ But is this really acceptable in a 24/7 globally-connected world?

Whether it’s 25 million child benefit claimants’ details, or 160,000 children’s health records that go missing, and whether it’s an unauthorised download, a disk lost in the post, a laptop stolen from a car, or illicit dumping in a wheelie bin, the public has had enough. "The trend is clear," said Gordon Cannon, BT Wholesale’s Market Development Manager, "companies are being mandated by increasingly strict rules, regulations and standards to protect their customers and their personal information against data fraud, phishing and unauthorised access."

Organisations that collect, hold and use valuable data are increasingly derided when they fail to protect it. The media, recognising the public mood, leaps gleefully on each incident, heaping embarrassment and damage to brand and reputation on top of operational failure.
 
FAILING TO PLAN – PLANNING TO FAIL

In many cases, some poor individual is held to be ‘responsible’ for each failure but, in truth, the crux of the problem is that formal security programmes with goals, objectives and deliverables simply don’t exist in many organisations.

The risk of attack from both internal and external sources is significant and increasing, and the end-to-end security of any network is only as strong as its weakest link. As Gordon remarks, "Often there is no clear overview of the network  – no individual has effective overall control of all data and how it is used – and so there is no appreciation of the real vulnerabilities, and no coherent security plan to address them."

THE CONSEQUENCES OF FAILURE

Changes to legislative and regulatory requirements may, in future, reflect a new reality. Planned changes could make executives and managers personally liable for the protection of sensitive data.
 
Organisations must monitor and protect:

• Their networks against intrusion with firewalls to block unauthorised access at the perimeter
• Legitimate access to networks and to sensitive applications and data to ensure  business efficiency and effectiveness
• Networks and systems from abuse by viruses and malicious software
• Customers against data fraud, loss and mismanagement

With criminal penalties in the offing, every business must now ensure it has a planned and coherent security strategy that encompasses access to and use of all its networks, systems and procedures. Tight risk management, secure communications, rigorous identity management, tried and tested business continuity arrangements, and full regulatory and legislative compliance are now – effectively – mandatory. "Organisations really have no choice now but to take all necessary steps to protect the data they hold and use," Gordon explained.

No organisation wants to face the public humiliation that inevitably follows a major data security failure. No business can afford the damage to its brand and reputation, nor the possibly catastrophic commercial consequences of a severe loss of sensitive customer, supplier or product information. 

 
READ BETWEEN THE LINES
 
BT has special insight and expertise into secure networking, drawn from our own experience in managing more than 900 mission-critical systems on 13 mainframes, and over 12,000 mid-range services. We block 5 million spam messages every day, clean up 2 million virus messages each month, and deny 14 million unauthorised connection attempts with our firewalls. We collect, hold and manage personal and commercially-sensitive data from more than 20 million consumers, staff and organisations.
 
BT can help you take a comprehensive view of your own security by identifying and understanding the risks to you and your customers. We can design, install and configure appropriate measures, and help you implement effective policies and procedures. And we can help with costs too – the real costs of managing security in-house are easily underestimated and usually unbudgeted. You can remain in full control of your security policy and outsource the routine tasks – monitoring network vulnerabilities, managing access control, penetration and performance testing, firewall management and risk analysis – to highly qualified, experienced BT professionals, gaining a lower total cost of ownership.
 
We understand that every organisation is different, and we’ll be happy to discuss your specific security needs. Speak to your BT Wholesale Account Manager or log on to btwholesale.com for more information.