It has recently been reported that a member of the public found a USB stick on the street that contains about 174 files on Heathrow Airport’s security measures.
These files contained information regarding:
- The route taken by the Queen when using the airport, along with the security measures in place to protect her.
- A timetable of the patrols that guard the site against terror attacks.
- The types of ID needed to access restricted areas, including IDs used by covert police officers.
- Maps showing the locations of security cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
- Routes used by Cabinet ministers and foreign dignitaries.
- The details of the ultrasound radar system used to scan runways and the perimeter fence.
Airport security chiefs have been working with the Metropolitan Police to find out how the USB drive ended up on the street.
Reports consistently find that data breaches are often caused by insiders, including employees, third-party contractors and partners. The Information Commissioner’s Office (ICO) found that four out of the top five causes of data breaches in 2017 were due to human error or improper processes.
The vast majority of those data breaches are purely accidental; from falling for a phishing campaign to mishandling confidential information. Research shows that traditional cyber security awareness measures can be greatly enhanced by a multi-faceted security programme that creates a total culture change and tackles employee behaviour.
In order to avoid situations where individuals are in a place where they are able to share confidential data, the proper measures need to be put in place. An information security management system (ISMS) can help you manage all your security processes in one place, consistently and cost-effectively.
ISO 27001 provides the basis for managing data security using an integrated set of policies, procedures and technology, tied together into an ISMS. It uses a proven framework to help organisations protect their information through effective technology, auditing and testing practices, organisational processes and staff awareness programmes.
Get a proven solution for your cyber security needs and take the first steps to implementing ISO 27001 with our Foundation training course.