Large organisations\' security breaches blamed on poor policies

A loss of decent security on mobile devices and tablets has brought about 82 per cent of huge organisations reporting security breaches.

According to a survey of security professionals from 447 organisations, 47 per cent of enormous organisations have lost or leaked confidential information hung on mobile devices, while only 39 per cent encrypt downloaded data.

The report by PwC, along side Infosecurity Europe and supported by the dep. for Business, Innovation and abilities, found that 54 per cent of small businesses (and 38 per cent of huge organisations) should not have a safety-awareness programme.

Chris Potter, PwC information security partner, said: “With the explosion of recent mobile devices and the blurring of lines between work and private life, organisations are opening their systems as much as massive risk. Smartphones and tablet computers are sometimes lost or stolen, with any data on them exposed, while mobile devices can literally drill straight through your security defences, if you are not careful.

““However, organisations aren't responding to those new challenges. Just as we saw a decade ago with computer viruses, companies are slow to regulate their controls as technology usage changes. It's clear how important smartphones and tablets are getting â€" as confidential data is increasingly stored on them, the danger of information breaches increases.”

Only 26 per cent of respondents with a safety policy believed that their staff had "a great understanding" of it, while 21 per cent said staff understanding was "poor".

Potter said: “Setting out your security is vital to make certain staff know what risks to see out for, the right way to handle data appropriately and what to do if a breach occurs. The foundation reason behind security breaches by staff is usually a failure by organisations to speculate in educating staff about security risks. Yet organisations are failing to advertise a culture of security awareness so staff are usually ignorant of the hazards they're posing.

“Often, breaches occur through ignorance instead of malice. Possession of a safety policy on its own doesn't prevent breaches; staff ought to comprehend it and put it into practice. The survey results show a transparent payback from security awareness programmes â€" education results in greater understanding which in turn results in fewer breaches. Unfortunately, the survey results also show that it often takes a major incident before companies train their staff.”