Farnborough, Hampshire -- (SBWIRE) -- 11/30/2016 -- Many organisation's data protection systems, access control mechanisms and physical access barriers are designed primarily to protect a company's critical data from external risk. Yet the most significant threats to sensitive data come from those who are readily trusted by an organisation – their employees!

Employees and trusted contractors alike are often placed above the controls and defences that protect sensitive data within an organisation. With staff able to access all data stores and given a full set of modern communications tools from E-mail to Facebook on their desktop. This open environment coupled with an all too frequent lethargic management mindset towards internal data security,can make insiders a severe risk.

The Identity Theft Resource Center (ITRC) reports that data breaches are up by 16% year on year, so it is more important than ever for organisations to be vigilant of insider threats.

Here's a rundown of three of the most severe insider risks.

1 – Lack of control over user access

The most critical insider attacks often occur because of a lack of control over who has access to confidential data. Companies are often unaware – or have little control – of where their sensitive data is and as a result who has access to it.

To combat the problem of not knowing what you have and where it is it is not uncommon for organisations to allow employees to have free access to all data. The result is untrained staff with access to sensitive data often about areas of the business that they have no knowledge about

A recent case at the National Security Agency (NSA) saw a contracted employee arrested and charged with stealing classified data on the US government's surveillance efforts. This saga really underpins the importance of protecting data against insider threats.

2 – Poor management mindset

Our recent survey looking at deployment and attitudes to data classification reveals that many of the world's leading organisations have a poor attitude to the security of personal data. The survey revealed that just 31% of companies are concerned about the volume of data they need to protect.

Consistently growing data volumes mean that organisations are struggling to understand where their sensitive information is located, with inadequate policies for how that sensitive information should be handled.

3 – Inadequate data security strategy

With many organisations clearly suffering from incomplete controls to detect and prevent the inappropriate transmittal or disclosure of sensitive information, the insider threat risk increases.

Data classification is at the heart of any data security strategy because without understanding the value of the information and where it is located, it is impossible to implement a comprehensive data protection program.

Data classification technology, like Boldon James Classifier, provides a way of educating employees about the sensitivity of the data they are creating, sending and storing. Employees have the best idea of the criticality and sensitivity of the data and by classifying and labelling data according to its sensitivity, organisations can reduce the risk of insider threats.

Martin Sugden, Managing Director at Boldon James, comments: "People can be either the strongest or the weakest link in a company's information security chain and the need to 'Trust but Verify' your user's behaviour is critical. The new EU GDPR rules mandate companies being able to demonstrate compliance. Being able to identify potential threats and security issues before they arise is at the top of the priority list for any organisation."

For Media Contact:
David Langton
Boldon James Ltd,
441270507800
marketing@boldonjames.com
https://www.boldonjames.com/

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Farnborough, Hampshire -- (SBWIRE) -- 11/14/2016 -- The largest publicly disclosed cyber-attack in history was announced in September, and it's causing serious waves across the data security industry.

Internet giant Yahoo was responsible for leaking the personal details of up to 500 million users. It's believed that the data breach occurred 2 years ago and has only just been disclosed.

With thousands of Yahoo users expressing their anger on social media and industry leaders questioning why the company took so long to disclose the breach, Yahoo's CEO Marissa Mayer has a lot to answer for.

Yahoo, which has only recently reached an agreement with U.S. telco Verizon Communications to sell the business for £4.84bn, announced that the leaked data of 500 million of its users included names, emails and unencrypted security questions, as well as other sensitive data.

The story breaks exactly 11 months on from the famous TalkTalk data breach in which 157,000 of its customers had their person information and bank account details stolen by hackers. TalkTalk, who lost 101,000 customers as a result of a cyber-attack which took place in October 2015, was fined a record £400,000 this month.

The severity of both attacks highlights the need for better data security and governance. David Langton from data classification specialist Boldon James comments: "It's extremely concerning that some of the world's largest organisations are still failing at protecting our data. Even with new EU General Data Protection Regulation coming into force in 2018, companies still appear to be vastly under prepared".

A recent survey conducted by Boldon James of public and private sector organisations reveals that many companies have a worryingly indifferent attitude to data security.

Only 12% of the companies in the survey said they considered data security as a Board issue, and only 19% of respondents said they had started data security training and awareness programmes in their organisation.

So what can we expect with new EU GDPR regulation just around the corner?

David Langton explains: "Companies clearly aren't ready to tackle what lies ahead and require a better understanding of the impending regulation. EU GDPR will ensure that any business handling sensitive data on EU citizens adheres to strict rules, or face fines of up to EUR20 million. But it doesn't change the fact that many companies are unprepared or simply have a poor attitude to the security of personal data."

Leading technology research firms Forrester and Gartner report that data classification is the basis for a data-centric approach to security. By classifying and labelling data according to its sensitivity, organisations can reduce the risk of breaches by focusing protection on the most sensitive business critical data.

Using a data classification solution to classify data as a first step ensures a data-centric approach to protecting personal information. It embeds a culture of compliance by involving users in identifying, managing and controlling regulated data, while automating parts of the protection process to enforce rules and policies consistently.

EU GDPR legislation and standards come in to force from 25 May 2018. For further information, visit the Information Commissioner's Office website or download the Preparing for the EU GDPR whitepaper from Boldon James.

For More Information Visit Our Website: http://www.boldonjames.com/

For Media Contact:
David Langton
Boldon James Ltd
Cody Technology Park,
Ively Road, Farnborough, GY14 0LX
01270 507800
info@boldonjames.com
www.boldonjames.com

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

A survey conducted by Boldon James of public and private sector organisations reveals that companies have an indifferent attitude to data classification..

Farnborough, Hampshire -- (SBWIRE) -- 08/15/2016 -- A survey conducted by Boldon James of public and private sector organisations reveals that companies have an indifferent attitude to data classification, with only 14% of companies having a data classification policy in place and only 5% using a data classification solution that involves users in the process of data protection.

In the world of information security, data classification relates to the labelling of documents, files and messages based on their value or level of sensitivity to an organisation. Data classification is a critical component of every good data protection policy, because correctly classified data is better protected from leakage or theft.

Leading technology research firms such as Forrester and Gartner both report that data classification is the basis for a data-centric approach to security, so the results from Boldon James's survey results will come as a wake-up call to businesses.

The new EU General Data Protection Regulation (EU GDPR) – which requires companies to adhere to more rigorous data protection policies - comes into force May 2018. Despite the UK's recent decision to leave the EU it is highly likely that UK companies will still be required to adhere to the regulation; and regardless of their location, organisations will have to conform to the regulations if they hold any data on EU citizens.

David Langton, Marketing Director at data classification specialists Boldon James, explains: "It is critical that UK businesses are not distracted by the decision to leave the EU and see this as a get-out clause. The GDPR is designed to help organisations achieve best practices for data security and it is actually a good set of rules to follow to ensure that organisations are consistently employing best practice security methods to increase data protection and reduce risk."

The worrying survey results highlight that essential data security standards are not being widely implemented. Perhaps more concerning, given the potential impact on brand reputation and company value, is the fact that only 12% of organisations see data security as a Board issue.

With the EU GDPR seeing businesses fined up to €20 million, or 4% of their global revenue, for breaking data protection law, many firms could be put out of business for the misuse of data.

The survey results also revealed another disturbing revelation; 58% of companies classify data manually without the use of a data classification solution. This is a major concern for data security, as it is almost impossible to enforce a classification policy without the use of a data classification tool. With only 5% of surveyed companies involving their users in data classification, it seems that organisations are missing a huge opportunity to actively engage their employees in data protection and transform security culture as a result.

David Langton continues: "Data classification should be at the forefront of every company's security approach and is typically the first step to achieving a successfully data-centric security strategy. However, a large number of the businesses we surveyed appear to be overlooking this most fundamental aspect of data protection, missing an opportunity to proactively improve organisation-wide data protection. This leaves them open to regulatory scrutiny and increases the risk of financial exposure and reputational damage."

About Boldon James
Boldon James, a market leader in data classification and secure messaging software, help businesses control and protect their data – whatever the challenge. With over 30 years' experience facilitating effective classification of all kinds of data and across a wide range of operating environments, the company successfully protects organisations against sensitive data leaks.

For More Information Visit Our Website: https://www.boldonjames.com/

For Media Contact:
David Langton
Cody Technology Park,
Ively Road, Farnborough, GY14 0LX
01270 507800
info@boldonjames.com
https://www.boldonjames.com/

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm