The FSA recently report on a lack of data security within the financial industries.
The report states that UK companies severely underestimate the risk of customer data loss and misuse. It also showed that the worst offenders, with respect to customer data, are the small/medium businesses (SMBs).
The report did not examine the threates from external attacks, but instead focused on internal threats.
While the report does provide advice to firms it “does not constitute formal guidance from the FSA. However, we expect firms to use our findings, to translate them into a more effective assessment of this risk, and to install more effective controls as a result. Small firms should consider the specific data security factsheets that [the FSA] will make available to them on the FSA website”.
The report commented that some areas, e.g certain databases, are generally handled well but noted other areas are not, including:
“Large and medium-sized firms usually recognise the risks of data loss via laptops, USB devices and the internet. But few firms completely mitigate data security risks by locking down USB ports and CD writers, encrypting laptops and USB devices and blocking webbased communication facilities such as Hotmail and instant messaging. Small firms are very weak in this area, with few of them identifying or mitigating risks.”