TechnologyAccounting SoftwareBusinesses ignore new security standard

Businesses ignore new security standard

The government is considering ways of improving the 'appalling' takeup of security standard BS7799, as worries over IT security failures grows.

Link: City businesses ignore hacking threat

The havoc created by worms such as the SQL Slammer has alarmed the government, alongside fears that IT security does not have high enough priority for businesses.

Slammer caused $1bn of damage globally, despite a patch for vulnerability being released eight months previously.

David Hendon, director of communication and information industries at the Department of Trade and Industry, warned unless business leaders gave IT security a higher profile, security standards such as BS7799 could become mandatory.

Speaking at the Protecting Critical Information Infrastructures conference in London, Hendon said: ‘There comes a point at which society cannot allow the corporate equivalent of train crashes to keep happening. Corporate responsibility will have to be considered.’

BS7799 provides a framework for implementing a security policy. The lack of firms that have achieved accreditation has worried the government – currently, only 80 certificates have been awarded to UK companies.

This is an ‘appalling’ figure, said Hendon. But he admitted his own department, the DTI, was unlikely to devote money to seeking accreditation until it is forced to.

One way to encourage firms to seek accreditation would be through existing data protection law, according to laywers.

The Information Commission has started including a question on BS7799 certification in its annual data protection forms.

Under the Data Protection Act, companies holding personal data protection are required to ensure that the data is stored securely.

Jonathan Armstrong, technology lawyer at law firm Eversheds, believes that the IC could presume that if a firm has not signed-up to BS7799, it is not taking effective measures to secure its data and so make accreditation a de facto requirement.

But businesses would oppose the imposition of standards, especailly as BS7799 is an expensive process that can take several years to achieve.

The need for information security was not disputed, but this should be ‘achieved through encouragement’, not force, said Jeremy Beale, head of e-business at industry group the Confederation of British Industry.

This could be done be favouring accredited firms in government tenders, he added.

Firms had been put off because of the perceived costs, said David Lacey, head of information security and governance, Royal Mail Group. But after going through the accreditation process twice, he said this was a misconception: ‘It is a very efficient way of improving security procedures,’ he said.

Related Articles

Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

2m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

2m Alia Shoaib, Reporter
UK behind foreign markets in digital accounting, but gap is narrowing

Accounting Software UK behind foreign markets in digital accounting, but gap is narrowing

5m Alia Shoaib, Reporter
Four reasons why SME owners should switch to cloud accounting

Accounting Software Four reasons why SME owners should switch to cloud accounting

6m Emma Smith, Managing Editor
BDO strikes technology partnership with Receipt Bank

Accounting Firms BDO strikes technology partnership with Receipt Bank

6m Emma Smith, Managing Editor
The rise of the progressive accountant

Accounting Software The rise of the progressive accountant

5m Emma Smith, Managing Editor
Making Tax Digital: Revolution or revolt?

Accounting Software Making Tax Digital: Revolution or revolt?

5m Emma Smith, Managing Editor
Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

Accounting Software Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

6m Emma Smith, Managing Editor