• open panel

Healthcare Industry Beware!

Recent reports have highlighted that hospitals and physicians in the US have been given a deadline of 2015, to convert all health records into digital form and then, to deploy the accompanying technology to handle these digital assets.  Considering only about a quarter of the US population’s health records are digitally stored – this is a bit of a tall order!

Makes you wonder whether, no lets rephrase that, WHEN the UK will follow in their footsteps.  For those organisations operating in the health sector, it may be

stethoscopewise to start reviewing the security and efficiency of you’re file transfer systems now, especially when you take into account the increased ICO powers of enforcement due to come into effect on 6th April 2010.  If a similar mandate were to come into force in the UK, in order to avoid possible fines of up to £500,000 organisations would need ensure that sensitive client files were secured when being transported between locations.

If your a healthcare organisation and you want to review or evaluate your large file transfer processes, please get in touch with the team at Pro2col on 0333 123 1240.  We offer a comprehensive range of secure file transfer solutions and we’re always happy to help.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Email Attachment Management – The Future of Ad Hoc File Transfer

Email is probably the best known and most widely used internet service in the marketplace to date.  With an estimate quarter of the worlds population on the internet and a total of 418,029,796 users in Europe (over 50%), figures indicate that 92% of these users either send or read email.  As technology progresses and file sizes increase, moving data between geographically isolated locations has become more challenging.  Many businesses rely predominately on email for their daily communications and operations but unfortunately, it is being used for purposes it was neither designed nor intended to cope with.  Using email for ad hoc file transfer can cause huge problems for businesses in terms of  cost, efficiency and reliability.

Email Attachment

So if we can’t email large attachments, what can we do?  Introducing our latest white paper; Email Attachment Management – The Future of Ad Hoc File Transfer, which is available for download now.  It addresses the issues surrounding the ad hoc transmission of large files and details how email attachment management solutions enable businesses to email large attachments, minus the problems associated with standard email.

If you would like to discuss any of your file transfer requirements ad hoc or otherwise, please contact Pro2col on 0333 123 1240, we are always happy to help.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Law.com reviews Biscom Delivery Server for Law Firms

Traditionally, when a law firm needs to send confidential documents to a client in a secure manner, they send it via courier or mail.  Organisations are accepting the fact that these methods are no longer adequate for a number of reasons, such as efficiency, security and expense.  Implementing a secure data transfer tool is key to effective communications.

See what Sean Doherty, Technology Editor from Law.com had to say following his evaluation of Biscom Delivery Server.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

IT Departments Beware – employees may be compromising your data!!

According to a survey published by Osterman Research Inc. in June-July 2009, using a sample of large organisations (over 500 employees and $5 million dollar revenue), 82% of employees resort to using personal email accounts when sending large files – compromising data security.  This tactic is employed by many to evade the email server attachment limits imposed by IT departments.

Considering 20% of the organisations surveyed send in excess of 500 files a week, this is a seriously disturbing statistic when you take into account the ramifications of using standard email for file transfer.  The most frustrating aspect of this predicament, is that many IT professionals are fully aware of the risks associated with this method of file transfer in particular e.g…

•    Compromised security and non-complianceCaution Sign
•    Lack of tracking, logging and auditing
•    The absence of visibility and monitoring

…and consequently, have introduced strategies and procedures to combat the use of unsolicited file transfer methods. The problem is employees will continue to violate security and procedural policies if they aren’t provided with a comparable, alternative solution that offers the same, simple functionality as their email client.

The results also revealed that 55% of the organisations surveyed had seen a 20% increase in ad hoc file transfer activity during June-July 2009 – the largest growth across all of the business file transfer ‘requirements’.  Evidently, employees have an increasing need to send large files on an ad hoc basis, largely due to the dramatic increase in file size over recent years.

So the moral of this story is, if you want your employees to adhere to company procedural policies when sending large files on an ad hoc basis, IT departments need to provide them with an adequate alternative to their email server!

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Secure File Transfer Standards – Are you Compliant?

With the sheer abundance of security standards, laws and legislation in our society nowadays, it’s really easy to get overwhelmed.  Although a necessary measure to safeguard individual’s confidential information and protect your business against prosecution, it can be difficult to fathom which laws apply to your organisation when it comes to secure file transfer.

To complicate matters further, legislation varies between continents, in the US even between states!!  As a result, we have put together a succinct guide detailing some of the most high-profile legislation governing the US and UK in terms of secure file transfer, including some standards that are recognised internationally.  These include acts such as The Health Insurance Portability Act (HIPAA), Sarbanes Oxley (SOX), Gramm-Leach-Bliley and The Data Protection Act, as well as industry standards like FIPS and ISO 27001.

Data Protection Act

Unfortunately it doesn’t end there.  Once an organisation has established which legislation applies to their business, they then have to make sure that their systems and procedures are actually compliant!  Thankfully, accompanying the majority of legislation is compliance testing – a sure-fire way to guarantee investment in technology and solutions that meet the secure file transfer requirements stipulated by government.

If you would like to discuss security compliance in terms of secure file transfer solutions, don’t hesitate to get in touch – we are happy to provide advice and support.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

ICO gets new powers to address data protection negligence

Announced earlier this week by the Ministry of Justic, amends have been made to the Data Protection Act of 1988 that when passed in April 2010 will allow the ICO to impose fines of up to £500,000 on organisations found to be negligent regarding the privacy of personal data.

Justice Minister, Michael Wills, said: “We want to ensure that the Information Commissioner’s Office has the powers it needs and is able to impose robust penalties on those who commit serious breaches of data protection principles.”

To be subject to the fine there are certain criteria to be met, but the one that should make existing Data Controllers sit up and take notice is:

If the data controller knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial damage or substantial distress, but failed to take reasonable steps to prevent the contravention.

ICO Logo

If you’re a Data Controller responsible for your companies data security how does this announcement make you feel?  If you’d like a no-obligation discussion regarding your data security and secure file transfer requirements contact Pro2col today on 0333 123 1240.

Article continues here

 

Share on TwitterShare on FacebookShare on LinkedIn+1
 

UK businesses under increasing pressure to step up data privacy

The European Commission (EC) have publicly stated that the UK Government is not adequately enforcing European data privacy laws and is ready to clamp down on them in 2 months time.  Reported on the Infosecurity web site and backed up by our recent discussions with the ICO; next year is likely to be the year in which Enterprises feel the full force of European legislation regarding the data privacy.  Enterprises will be under increasing pressure to ensure that every step is taken to secure data both at rest (internally) and in transit (e.g. securing file transfers).Judge Hammer

The powers at the disposal of the ICO are also being addressed with individuals responsible for data security breaches potentially being liable for custodial sentences.

Read more: European Commission warns UK over privacy legislation.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Saving money by ignoring data security – a false economy?

We hear it in the news week in week out.  So and so company has left a laptop on a train containing 4 million unencrypted customer records, a hacker has infiltrated an online payment system stealing thousands of unsuspecting UK consumer credit card details – even today I have walked through the door and the first news alert in my email begins, “ChoicePoint to pay $275,000 for second data breach.” I can’t help but wonder why data security is failing?

Recently, I’ve begun research into the current state of data security in the UK. As part of my research I contacted the ICO (Information Commissioner’s Office) and asked them to provide me with figures detailing reported breaches in the UK over the last few years.  According to ICO figures, 2008 saw the loss of sensitive data on 341 separate occasions, spanning all industry sectors.  So far this year, we as a nation have seen 348 instances of compromised data and we still have 2 1/2 months to go!!!  Before I progress any further I must emphasise the use of the word ‘reported’.  According to a study conducted by The Ponemon Institute using a sample of 615 UK based companies, 70% of the companies surveyed experienced a data breach in the last 12 months – a worrying discovery in itself.  Even more surprisingly, nearly 40% of those surveyed failed to publicly announce a breach in their security, as there’s no legal or regulatory requirement to do so because they are a private sector organisation.

data and lock

Taking into consideration the growing prevalence of digital business systems and processes over the past decade, we all must be aware of the importance of data security in our digitally dominated world.  Especially in light of the abundance of publicity surrounding data breaches – surely it must weigh on the minds of CIO and IT personnel?  So if we are all so acutely aware of the risk, why do some companies not take the precautionary measures required to secure the data they hold or transmit?  I can only make assumptions regarding the factors involved and I would speculate its the cumulative result of a number of factors.

Firstly, the big stumbling block – finance.  From experience, I know there are companies out there that struggle securing the necessary funds from their annual budget to address data security as its often deemed non-critical, especially in the current economic climate.  With the inhibitive cost of some of the security solutions out there, I can’t really blame them.  On the other hand, there are lots of providers emerging in the marketplace offering affordable, scalable solutions, that provide not only the data security they need but also the ability to streamline business processes and reduce operational costs.  Solutions such as this, can provide a significant return on investment and in the long term actually save money – a win-win situation!

The financial consequences of a data breach should also be taken into consideration.  According to a study coordinated by The Ponemon Institute back in 2008, the average cost of a UK data breach incident is £1.73 million – substantially more than the cost of securing the data in the first place!  Then you have to take into consideration the financial implications of a blow to a companies reputation – these intangible costs are likely to be well in excess of any fines.

Secondly, I feel the lack of legislation has a big part to play in the predicament organisations find themselves facing.  Apart from a select few e.g. PCI DSS, the only legal guidelines UK businesses are currently required to abide by, are those outlined in the Data Protection Act.  The problem is, up until very recently the majority of this act has been unenforceable (more to come on that later).  I can’t help but feel this lack of legislation and an authority body promotes a certain amount of apathy in organisations.  If all of these companies in the public eye are receiving minimal fines and a slap on the wrist for contravening Data Protection laws, what is the motivation to spend money on securing data?  Consequently, many organisations opt to sit on an unexploded time bomb and when it finally blows (which it inevitably will)  hold their breath and hope no one gets wind of the incident during the aftermath and leaks the news to valued customers.

The recently appointed UK Information Commissioner, Christopher Graham, has addressed this very issue during his first speech at the Annual Privacy and Data Conference in London on 8th October.  The crux of his speech is that change is afoot.  Mr Graham made it perfectly clear that data privacy and information security are now ‘top of the agenda’ and with the new powers of enforcement being granted to the ICO in the forthcoming Coroners and Justice Bill, he fully intends to use them to maximum effect.  He added: “we’re going to have the resources to go after the bad boys – there’s a well-funded regulator that will hit you hard if you get it wrong… if you don’t take this stuff seriously its going to bite you in the bum.”  He also stated, “If you breach the law you’re going to be in trouble.  It (compliance with data privacy law) isn’t a nice to have – it’s the law of the land.  You will destroy brand value and reputation (by ignoring it).”  Some strong words!

Finally, although aware of the viable threat of data breaches, from our experience as security specialists we have dealt with a number of companies who believe their data is completely secure when in reality – it isn’t.  Therefore a lack of insight and knowledge when addressing company wide data security systems can result in inadequate protection.  This is where the value of a security specialist comes into play.  We can’t be masters of all trades, sometimes its beneficial in the long run to let the experts work their magic as data security can be a minefield, its best left to the professionals.

Taking into consideration the consequences associated with the loss of sensitive data, such as the tangible cost to the company and more significantly a serious blow to reputation, is it really worth risking the security of your company’s data to save money in the short term?

See here to find out more about some of the secure file transfer solutions available in the marketplace.

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Biscom Delivery Server (BDS) Webinar

As I’m sure (or hope) you may have spotted in the news, we have recently added Biscom’s secure, ad hoc file transfer solution to our ever expanding product portfolio – another milestone in Pro2col’s endeavor to provide our customers with a wide range of secure, large file transfer solutions to meet their every need.

During our time in the file transfer industry we have spoken to lots of organisations across different industry sectors with a requirement to send large files on an Ad Hoc (or one-off) basis, a need that had been overlooked in the development of many secure file transfer solutions.  Ad hoc file transfer solutions come into their own on the occasions that you really need to send a large file quickly and simply without the worry or expense of having to involve IT administrators to create or manage end-user accounts.  They will literally allow you to send the file in the same way you would when using an email attachment, minus the problems experienced when using a traditional mail server!

We wanted to take this opportunity to invite all of our readers to a special webinar being held on Thursday 29th October at 2pm (GMT).  Here you will be given the chance to see exactly how the solution works and to ask any questions relating to the Biscom Delivery Server, Ad Hoc file transfer or just secure file transfer in general!

To find our more about exactly what will be covered during the 1 hour webinar, please visit the webinar section of the Pro2col website.

If you are interested in attending please register here…

Share on TwitterShare on FacebookShare on LinkedIn+1
 

Pro2col on LinkedIn

A great communications tool that previously we’ve underused (we’ve just been so busy!), Pro2col are now active on LinkedIn.  Not only that, we’ve set up the File Transfer Technology Group – a place where we can share ideas and opinions and more importantly, hear what everyone else out there has to say about all issues file transfer.

To date discussions have ranged from secure file transfer related…

U.S Congress have enforced acts eg. HIPPA & Sarbanes-Oxley to protect confidential information stored & exchanged throughout businesses & services. Should similar guidelines exist in the UK/EU?

To file transfer protocols…

FTP or peer to peer Portal?

I’d like some feedback from everyone on what they think are the three ‘main’ types of b2b file transfer. Here are my thoughts – have I missed any really obvious ones though?

To what’s in the news…

Accidental insider security incidents more frequent than malicious attacks

Illegal file-sharers could see internet connection cut

The group has only been active for a few weeks now and there are already over 75 members including several Pro2col employees:

James Lewis – Managing Director/Business Guru

Charles Snell – Managing Director/Technical Buff

Lindsay Lewis – Marketing Manager/General Dogs Body

We’d love to hear your thoughts and opinions on any of the above topics.  Even better – if you have a subject you’d like to discuss please join the File Transfer Technology Group and start a discussion – new members are always welcome.

Hope to see you on LinkedIn soon!

Share on TwitterShare on FacebookShare on LinkedIn+1
 
© Pro2col Ltd 2012 | Terms of Sale | Privacy Policy | Sitemap
Part of the Pro2col Group