Brian Pennington

A blog about Cyber Security & Compliance




2015 Security Predictions


The full article can be found here.

Hidden Dangers of a Data Breach an Infographic

Health sector needs to improve its data protection

The Information Commissioner’s Office report on how organisations providing secondary health care are complying with the Data Protection Act and highlights areas that need improvement.

The report summarises the results of 19 audits, mostly against NHS Trusts.

The audits looked at how personal data is handled by the organisation, and fit alongside NHS information governance guidelines. The organisations voluntarily agreed to work with the ICO to identify good practice and, where necessary, improve procedures relating to the handling of personal data.

The Audits found:

  • All the organisations had data protection policies and procedures in place, though compliance with the policies wasn’t always effectively monitored, for instance through spot checks.
  • All the organisations had a system in place to track health records, though some did not conduct audits for missing files. The physical security of records also varied, with concern raised particularly around unlocked trollies used for moving files.
  • There was also a lack of simple password controls, notably forcing regular password changes.
  • Some organisations had little in the way of fire or flood protection in place for paper records.
  • All organisations had appropriate information governance related risk registers and risk assessments that were regularly reviewed.
  • Concern was raised around the use of fax machines for sending personal information, given the human error associated with using a fax machine.

Before three of the audits, staff were surveyed about their awareness of data protection policies

  • 88% of staff had read and understood the policy in place within their organisation
  • 94% had completed data protection training within the previous year

Claire Chadwick, ICO Team Manager in the Good Practice team, said:

Information about a person’s health tends to be one of the most sensitive types of personal data, and it is clear it must be properly handled.

“Our experiences in these audits suggested that tended to be the case. Only one of the audits suggested a substantial risk of non-compliance with the law, while more than half gave reasonable assurance the law was being complied with.

“By paying attention to this report, more organisations in this sector can ensure they are handling personal information properly. This report is an opportunity to review and improve practices and procedures based on our experiences

The audits followed a letter from the Information Commissioner and the Chief Executive of the NHS Sir David Nicholson to chief executives and finance directors within the NHS.

The full report can be found here.

Infographic: BYOD Security is still a problem

Insufficient BYOD security management and lax exit processes puts organisations at risk.

Mobile phone users are not concerned with security until there is a breach and then they blame their provider

Crossbeam Systems have released research into Mobile Phone user’s opinions on security. 

The most revealing finding was that compromised security, rather than high monthly fees, would be the biggest reason for UK smartphone users to change mobile network providers. 

The independent blind survey of 1,076 UK adult smartphone users and bill payers examined: –

  • usage habits
  • the importance of mobile security and data services
  • purchasing considerations
  • what would motivate them to switch providers

A summary of the survey results are below:-

  • 75.6% of those surveyed would change mobile providers if their current, operator-supplied smartphone was compromised by hackers, malware or other security failure
  • 79% of 648 women surveyed stating they would change networks if their smartphone fell victim to a security issue.
  • 70% of 428 men surveyed would also change networks following a security incident
  • 56% of global respondents don’t know if their mobile network provider has measures in place to secure their smartphone
  • 35.7% of respondents were aware that their smartphone contained applications that stored or had access to financial information such as PayPal, retail apps with saved card payment information and mobile banking apps, and that third parties accessing these would be a concern
  • 52.9% would be scare of other people having “Access to my personal information, such as passwords and credit card details”
  • 5.8% said a lack of security would drive them away from their current network provider

If your smartphone was hacked by a criminal whose fault would it be?

  • 37.5% My mobile network provider (Vodafone, O2 etc.)
  • 31.6% Mine
  • 17.9% My smartphone manufacturer (Apple, Samsung, HTC, etc.)
  • 12.9% Other please specify

Smartphone users, like most people, don’t think about the security of their devices until they’ve been hacked. This may be misleading mobile network operators to focus less of their attention on customer security and underestimate the risk it creates said Peter Doggart of Crossbeam

The good news is 53 percent of global respondents expressed a willingness to pay their network provider additional fees to help improve security.

Create a free website or blog at

Up ↑

%d bloggers like this: