Daily Insurance Industry News
Daily Insurance Industry News
Saturday 20th of October 2018
December 16, 2011

RBS highlights data security weaknesses

by Gill Montia

Story link: RBS highlights data security weaknesses

RBS highlights data security weaknesses

New research from Royal Bank of Scotland (RBS) has found that nearly one in five technology firms surveyed in the Thames Valley area have suffered a data security breach in the past 12 months.

While just over half of respondents had a crisis strategy in place in case of a serious security breach, a quarter had no such procedure.

RBS’s corporate & institutional banking unit is currently running a series of events across the country on IT security in conjunction with Sophos, and the partners have drawn up ten board-level tips for firms as follows:

1. Implement a multi-disciplinary security review board to make sure you are considering all aspects of security risk – the board should have representatives from the legal, compliance, IT, marketing and executive teams.

2. Define the incident response plan and practise it before it is too late – actions in the early moments of a breach make the difference between being seen as responsible or being vilified.

3. Security is more than a Microsoft issue – mobile devices, tablets and alternative operating systems like Mac OS X can be the target of attacks or data loss too.

4. Think about your web presence – many of the embarrassing breaches of the last year have been data loss or “hacktivist modification” of enterprise web sites.

5. Hack yourself before they do – auditing your people, processes and technology security capabilities before the bad guys do will help you identify areas of weakness.

6. “All the right things in the world, but no paper” – you can have excellent security controls, but if you don’t have a legally compliant security policy framework document, you may find yourself in hot water.

7. Don’t get hung up on being targeted by the bad guys – make sure you conduct a risk assessment exercise for your business to understand what could really hurt you.

8. Consider new computing and business models – while traditional computing may be relatively under control, the risk of casual adoption of the cloud, mobile and virtual systems may warrant user awareness training.

9. Partners might not be your best friends – make sure you implement contractual checks in standard agreements requiring third parties ensure they meet compliance obligations.

10. Finally, round out security controls without buying a billion new shiny toys – modern security suites should enable you to adopt new controls like HIPS, DLP, patch, web security and device control capabilities (to name a few) without radically changing your investment profile.


News posted:

Related stories to RBS highlights data security weaknesses: