A compliance and security management specialist has commented on the Information Commissioner’s findings that just 19 per cent of private businesses contacted by the Information Commissioner’s Office (ICO) accepted a free data protection audit to ensure the confidentiality, integrity and availability of information stored on their IT systems. This finding is in spite of the fact that almost one third of the data breaches reported to the ICO in the last twelve months were suffered by privately held organisations.
Robin Hill, co-founder of RandomStorm, commented, “It’s worrying to see that companies are apparently avoiding security audits. However, the ICO’s report is not surprising. It constantly amazes us how many companies still don’t take simple precautions such as changing manufacturers’ default passwords on devices like routers, servers and modems and updating vulnerable applications as soon as patches are released. Failure to do this leaves their networks, websites and databases wide open to hackers. Any data controller has to take the view that if they are storing information that could be of interest to competitors or criminals, they a potential target for hackers. If organisations are concerned about an audit they should think about calling in security experts to test and tighten up their systems before the ICO calls.”
RandomStorm is a government approved CESG CHECK scheme member. CHECK qualified staff undertake vulnerability testing on public sector IT systems that store protectively marked information up to and including “Confidential” information. The company has also been certified as a Qualified Security Assessor by the Payment Card Industry Security Standards Council, enabling RandomStorm personnel to carry out audits to ensure that merchants comply with the Payment Card Industry Data Security Standard (PCI DSS).