Information security falls into three components:
1. AvailabilityInformation must be available to the people who require it to work with it. If it is not available paid work cannot be carried out causing substantial opportunity costs.
2. IntegrityThe information must be correct... if not work may be done incorrectly without anyone realising it. This can cause major problems with clients and huge amounts of additional work.
3. ConfidentialityThe information must only be available to people and systems which are entitled to use it... if it becomes available to others this can lose client trust, allow others to access client lists and other trade secrets.
Failure of any of these components is also likely to constitute a breach of the Data Protection Act.
These three points have major implications for companies which hold information. Companies must ensure that having trained their staff to ensure everyone involved is aware of the possible dangers, they continue to ensure best practice throughout the company, offering peace of mind.
Taking steps to develop and implement suitable procedures for information security, whilst making sure training is current, will make sure best practice is the norm and that an information breach is less likely. Under these circumstances, should a breach occur, it may well mitigate any measures taken by the regulator.
Breaches of information security can have a range of causes, but most arise from human error. A member of staff may send an email to the wrong address (easily done with auto-complete available in most email applications) or may click on a link in a phishing email. The tricky part of addressing security issues is to integrate the human and the technical aspects.