When it comes to data and document theft, the costs alone should make businesses sit up and take notice.
For small businesses, the average cost of the worst security breach has nearly doubled over the last year, from between £35,000 and £65,000 to a current £65,000 to £115,000. For large businesses, the price is definitely not right, with £600,000 to £1.15 million the average cost of the worst security breach of the year, compared to £450,000 to £850,000 a year ago.
About 10% of organisations that suffered a breach in the last year were so badly damaged by the attack that they were forced to change the nature of their business.
Attacks by outsiders continue to cause the most problems, with malicious software often used to access company systems. Over the last year, 12% of large organisations reported a security or data breach connected to social networking sites and 7% of large organisations had a security or data breach involving Smartphones or tablets. 10% of the worst security breaches were due to portable media bypassing defences, up from 4% a year before.
So how do businesses combat the threat? Products such as shredders, encrypted flash and hard drives, CCTV cameras and internet security software are critical, as is having a strong security policy.
Almost every large organisation now has a documented security policy and adoption levels in small businesses are reported to have increased from 54% in 2013 to 60% this year.
Having a policy is one thing, but ensuring people understand it is another. Research suggests that only a quarter of businesses with a security policy believe that their staff have a very good understanding of it and a fifth believes the level of understanding is poor.
Fortunately there has been an encouraging rise in the proportion of businesses with a programme of continuing security education, with 68% of large organisations and 54% of small businesses now providing ongoing security training to their staff.
Security issues in companies are often caused by people visiting insecure websites and making the company’s infrastructure vulnerable to hacking threats. To counter this, PC monitoring of internet usage is a good option, with specific social media trackers enabling businesses to discern and prevent inappropriate usage across social platforms. Employees should be warned that their PC usage is being monitored, which in itself will prevent most people from misusing facilities and increase efficiency as well.
Specialised security equipment, such as a wall clock spy camera, is another consideration. This allows businesses to record staff throughout the day. Some devices allow owners to take still images for use as evidence and watch footage via WiFi from anywhere in the world. This option has become increasingly popular because it tackles a range of issues, from staff theft to serious in-company hacking.
To meet privacy guidelines, businesses should tell their employees that they are on camera, unless they suspect a serious breach that warrants discretion. It is legally permissible to record employees in public spaces such as hallways, office rooms and outside areas, but not in private areas such as toilets or cloakrooms.
There are many voice-activated recorders on the market which can be placed in offices to store staff conversations and check back on these. Mobile and landline phone recording software can be implemented but businesses are only allowed to monitor work phones and they should notify workers that they are monitoring them, unless they have a cause for suspicion such as a member of staff divulging private company information to