Posts Tagged ‘Information Security’

Alan Collins

It is not often a television advert makes me sit up, take notice and shout “No!….” at the box in the corner.  One did recently, and perhaps it says as much about me and my long learned approach to data security.

Over the past three years or so, our company has introduced a rigorous and robust approach to data security and information management.  This has culminated in us being one of the very few pension companies to have obtained ISO 27001:2005 accreditation and recently being (we think) the first in our industry to obtain the updated ISO 27001:2013 certification.  Is has taken time, significant investment and the buy-in of all staff to engrain the proper processes and procedures into our day to day work.  It is something we are very proud of.  Among the many requirements are:

  • Ensuring password protection of personal data being sent to external parties;
  • The enforcement of “complex” passwords for all staff logging in to our systems;
  • Clear-desk policy (not easy); and
  • The proper disposal of confidential waste.

Now, take a look at Nat West’s recent “Goodbye unfair banking, Hello NatWest” advert.  Skip past the tired parents waving goodbye to the unruly young party guests, the elderly couple waving off their raucous rock band neighbours, the father waving away his daughter’s bad-boy boyfriend and the lucky couple waving off the torrential rain on their way to a sunshine holiday.   The culmination of the advert is your typical “man in the street” rifling through a number of “tempting” new customer offers that have been sent to him by “other banks” in the post.  He pauses for thought, tosses the offer letters in the bin and wanders smiling into a shiny local NatWest branch.

“No.  What are you doing?”  I think to myself.  You’ve just thrown a goldmine of personal information into a public dustbin.  Are you mad?   Address information on the outside, possibly further personal data on the inside.   Take them home, shred them! Read more »

Monica Cope

Trustees often outsource aspects of pension scheme management to third-party service providers, but do they fully understand the potential vulnerabilities to their schemes and members, particularly in the digital age?

According to the Information Security Breaches Survey 2013, commissioned by the Department for Business and Skills, companies are now “struggling to keep up” with security threats. Read more »

Will Davison

Spence & Partners, the UK pensions actuaries and administration specialists, today advised that more schemes should be auditing their data controls to avoid data protection fines and suggested a number of steps that schemes should consider to ensure better information security:

  • A strict data policy needs to be implemented and maintained;
  • The easiest things can be overlooked and it is important to take a common sense approach. Data should not just be discarded in bins. Make sure there are confidential waste bins and that a specialist firm is employed to dispose of the waste;
  • Carry out spot checks on staff to ensure compliance with policies in place;
  • Consider having independent audits in accordance with recognised accreditations e.g. ISO 27001 or AAF;
  • Data security is not a tick box exercise – more probing questions should be asked; and
  • Train staff and make sure that they understand how important data security is and the procedures that need to be followed. Read more »
Page 1 of 11