Electronic data is far less impressive than a physical asset; thousands of lines of data held on a USB flash drive commands far less respect than the latest laptop. Yet the impact to an organisation could be just as damaging if a USB flash drive is lost or stolen.

To combat this reality, users need educating as to how and why they have to adhere to their organisation’s IT security policies and the value of the data they handle. At the same time, organisations need to encourage and build a culture of security best practice and common sense, underpinned by solid technologies that deliver the level of security required by law.

By adopting a program of education reinforced by effective technology, organisations can look forward to a more secure future, especially if, as looks likely, cloud computing becomes a central plank of business IT infrastructures.

 It is of course all very well being wise after the event, but we have been saying for some time that organisations need to develop and implement effective data protection policy and procedures, which are backed up and enforced by technology. Healthcare organisations need to take action to avoid breaching HIPPA regulations in the US and similar regulations in the UK.  The stakes will be further raised in the UK when the Information Commissionaire will have the power to impose up to £500,000 fines from 6th April 2010.

 One healthcare organisation determined to implement best practice and safe guard their data is Care UK, you can read more here.

Remote working is what’s keeping their operations functioning but to what percentage of the work force?

Giving out laptops with the appropriate applications to connect to the corporate network is not the most cost effective business continuity strategy for many large enterprises, not to mention the humble SMBs.

Mentioning security might seem like a bit much in a situation like this where connectivity to corporate networks takes priority. But those that exploit loopholes like these can feast on your confidential data like hungry beasts.

So what option do you have that enables your entire workforce to work from home on unmanaged PCs that is cost effective and secure?

We have the most secure and low cost solution, and it is called Trusted Client – the secure remote working solution for a fraction of the cost of a laptop. Read more on what Trusted Client is and how it works.

At the same time, corporate IT managers are under significant pressure – either from their boards or other senior management, including investor sources – to justify their current security expenditures in the face of continuing shareholder scrutiny on all expenses.

Whilst historical evidence suggests that IT security has been an essential part of the necessary investment aspect of business for a number of years, there are signs that IT budgets generally are being cut in the face of the current economic situation.

Data leaks and losses – the main result of poor IT security – have, unfortunately, been with us since the earliest days of PCs in the 1980s.

But the good news is that solutions to data leaks and losses have been available to PC users since the mid-1980s – as leakage and loss risks were discovered, so the industry developed an increasing range of sophisticated solutions.

The arrival of the Internet as a mass communications medium in the late 1990 changed the ballgame significantly, however and even the best security technologies of the period – and security best practices – could not prevent a raft of data leaks and losses occurring.

The net result of these losses was the development of a number of laws designed to penalise those organisations that failed to implement best practices and policies on data leaks and losses, as well as enforcing those policies using relevant security technologies.

The plethora of legislation that seeks to prevent data leaks and losses in UK organisations include the Data Protection Act and, or course, where the company is trading with the US organisation, there is the Sarbanes Oxley Act.

But are organisations adhering to the requirements of this legislation? Read the full whitepaper

This needs to comprise of effective policy which is reinforced by technology.

The correct controls need to be in place from the start – trying to put these in place after an employee has been sacked and stolen data is like bolting the barn door after the horse has bolted.

Whenever an organisation hires a new employee, there needs to be education about the data policy, and continual reinforcement of this to ensure that employees are updated on any policy changes.

Organisations need to make sure that strategies are in place across the entire employee lifecycle, and ensure that these are effectively communicated, so prevent potentially catastrophic data loss.

 The white paper addresses the legal risks and liabilities associated with the potential loss of confidential company, customer or employee data and includes an overview of the relevant legislation and provides advice on best practice, you can read and download the full paper here.

However, putting the proper Information Assurance controls and technology in place will not happen overnight, companies should start to plan and act now to avoid the Information Commissioner’s new teeth.