26 Feb 2009

Security 'should be implemented in the first instance'

Firms should aim to implement security measures before a breach occurs, rather than when it is too late, a specialist asserts.

Mike Spinney, senior privacy analyst at security expert the Ponemon Institute, claims organisations often only install security devices when they have already been the subject of data theft.

"Studies we've done show that many companies will take steps after a breach that they could have taken before because once they've suffered through an event, they realise it wasn't an inevitability," he states.

Measures which businesses can implement include keeping staff educated on the importance of security and developing clear policies on computer safety, Mr Spinney adds.

Further techniques such as the use of data governance, encryption and utilising devices such as shredders can help prevent losses, he concludes.

A recent survey by the Department for Business, Enterprise and Regulatory Reform reveals 55 per cent of companies had a documented security policy in place in 2008, compared with 27 per cent of firms in 2002.