Published 3rd of May 2017
Written by Nik Williams - Group Sales Director
Security is paramount, in every aspect of our lives. Businesses are constantly looking into new ways to make our homes, cars and shopping experience more safe and secure and banks are becoming savvier too, with sophisticated technology enabling them to detect fraud quicker. We’re growing wise to the methods and patterns of criminals and cyber-criminals and yet the estimated annual cost of fraud in the UK was £193 billion last year, according to The Annual Fraud Indicator 2016, equating to more than £6,000 lost per second every single day. Business fraud is estimated to account for £144 billion of that.
As a business that champions the safe disposal of sensitive information, it is shocking to read statistics like that - and yet at the same time we can believe that fraud is on the up. Why? Because, like us, criminals and cyber-criminals are growing even wiser; they’re finding new ways to operate and often in groups rather than individuals these days. And despite the introduction of the Data Protection Act 1998 (legislation that completely transformed the information security industry) there are so many businesses still unaware that there is a correct way to dispose of their confidential waste.
It’s no longer the case that you can toss old paperwork into the bin and forget about it; the DPA made it so that anything containing ‘sensitive information’ - be that invoices, customer receipts, business financials, insurance policies, contracts or documents containing PIN numbers or passwords - must be shredded at the very least. The issue with most bog standard office shredders, however, is that they often only cut in vertical strips which could be reassembled with a bit of patience.
What’s more, businesses aren’t protecting themselves enough against fraud and theft that may occur internally, putting themselves in danger of breaching the DPA. Earlier this year, for example, the Information Commissioner’s Office fined Royal & Sun Alliance Insurance PLC (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers. The ICO report states that “a portable ‘network attached storage’ device was taken offline and stolen by a member of staff or contractor who was permitted to access the data server room at the RSA’s premises in West Sussex” and that “RSA did not have in place appropriate technical and organisational measures for ensuring so far as possible that such an incident would not occur”. Sadly cybersecurity and information security breaches like this are not far and few between, we see them in the news more times that we’d like to admit.
The DPA is just one example of where new regulations have come into force to control the way information is handled and to give legal rights to people who have information stored about them. The Safe Harbor agreement is another, and one which has changed over the years since it was established in 2000. The introduction of the CRB check in 2002 (or DBS check as it’s now known) has also strengthened the position of our industry as it allows firms like ours - those who work with sensitive documents and data on a day-to-day basis - to look at a prospective employee’s criminal history.
You really have to be on the ball at all times to keep up with the constant evolution of regulations that govern the information security sector, while ensuring that you’re fully compliant with all industry standards, many of which have been introduced over the last 20 or so years. There are currently standards for a wide range of topics including the ISO 27001, an international standard that describes best practice for an information security management system (in simple terms, being able to show that your customer data is as secure as possible).
Essentially, if you work in the information security sector you have to ensure your businesses is watertight - with your software, your hardware, your staff and your security measures (such as CCTV cameras and ID cards or fingerprint entry systems). Imagine how damaging it would be if we were subject to a security breach ourselves?
While we have yet to fully understand the impact that Brexit will have on our industry, we do know is this: there will always be a need to educate individuals and businesses on the very real possibility of theft, fraud and cyber security breaches in the 21st century. We’re getting there but we still have a long way to go, evidenced by PwC’s Global State of Information Security Survey 2017 which states that 18% of UK organisations don’t know how many cyber attacks they suffered last year.
At Shredall SDS Group we’re looking forward to seeing what the future of the information security sector brings, and are ready to adapt. We’ve seen our business change over the last 20 years as the industry evolves, which has led us to exploit a number of new markets. We predict much of the same over the next two decades; there will be no doubt be new regulations in force - which put even tighter control on how we manage sensitive data - new standards to comply with and perhaps even different threats to those we face today - which will need solutions we haven’t even thought of yet.