There is no such thing as an accident when it comes to data loss, according to the head of IT security and information assurance at Openreach.

 

Speaking at the (ISC)² SecureLondon Conference, Dr Cheryl Hennell, claimed that she did not believe that there is such a thing as an accident, as there is a human or mechanical failure involved that causes a fault.

 

Hennell said: “One in 400 emails contains confidential information, sometimes the employee doesn't even realise as they don't understand the impact on the share price, it is all about confidentiality. A lot of incidents come from inside, whether it is deliberate or not.”

 

She also claimed that the four ‘P's' of information security – process, principles, policies and procedures – are not being adhered to by businesses, and every company should have them, as ‘people are trouble makers'.

 

Hennell said: “People create too many problems and make a difference in the organisation, you should look at risk and at information and technology risk.

 

“If you don't push policies on to people, there is no point in having them. You should encourage data protection amongst employees as they would protect their own data.”