Top IT security threats

The Information Commissioners Office has recently issued a report on the top IT data security threats which have led to some data breaches and some monetary penalities for the companies involved.

The top eight computer security weaknesses highlighted in the report include:

• a failure to keep software security up to date;
• 
  
  a lack of protection from SQL injection;
• 
  
  the use of unnecessary services;
• 
  
  poor decommissioning of old software and services;
• 
  
  the insecure storage of passwords;
• 
  
  failure to encrypt online communications;
• 
  
  poorly designed networks processing data in inappropriate areas; and
• 
  
  the continued use of default credentials including password.

 You can read the full report at http://ico.org.uk/news/latest_news/2014/~/media/documents/library/Data_Protection/Research_and_reports/protecting-personal-data-in-online-services-learning-from-the-mistakes-of-others.pdf

The report is not aimed at IT professionals and is an easy read, highlighting the most common errors organisations make with some good examples.

How to collect personal information

When you collect personal information, whether it is about staff, customers, volunteers, or potential customers you must tell them how the information will be used and give them (in most cases) the opportunity to opt out.

The easiest way to do this is to put a "disclaimer" on the bottom of any forms.You need to be clear about the wording as this indicates what you plan to use the information for. You also need to be consistent with any opt in or opt out boxes.

If you are collecting information over the phone you need to still ask permission and when adding the information to your database, you should show the date and method of agreement. This is so that in future, if someone asks where you got their information, you have a record of it.

If you need help with the wording for a disclaimer, please contact me at Lesley@audit-and-risk.co.uk or  07828 124 588.