Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2006 >  April 2006 >  Encryption still underused in financial transactions, warns PwC

Encryption still underused in financial transactions, warns PwC

OUT-LAW News, 11/04/2006

Twenty-two percent of those who accept financial transactions do not encrypt the data they receive to ensure its confidentiality and integrity, according to PwC research. Fewer than one-third of smaller firms encrypt the data they receive.

The findings are part of the 2006 Department of Trade and Industry's biennial Information Security Breaches Survey. PricewaterhouseCoopers, leading a consortium of researchers for the survey, found most large organisations following best practice for network and data security.  

Nine-tenths of respondents recognised that protecting customer information was important or very important and a strong justification for security expenditure. This has become one of the biggest drivers for IT security spending.

But while adoption of traditional security controls, such as firewalls, is high, newer technologies are being adopted faster than the controls to protect against their misuse.  Protection of wireless networks has improved since 2004, but many small firms are still not adopting strong controls.

Firms are not considering the security implications of adopting Voice over Internet Protocol (VoIP) telephony. Because VoIP enables a channel to be opened through the firewall, it needs to be managed correctly to ensure the risks are limited. But despite widespread publicity, only half have evaluated the security risks.

Key findings from the telephone survey of 1,000 companies include:

  • Increasing volumes of online business are raising the priority given to protection of customer data. 90% of firms considered this important or very important, and a strong justification for security expenditure. 
  • There was a rise in the number of companies that reported an attack on their internet or telecommunications traffic. Over a quarter of those affected by attempts to break into their networks said they suffered at least one significant attempt every day.
  • The businesses attacked tended to be those that accept financial transactions online. All the websites that accept financial transactions are behind a firewall.
  • Fewer than two-thirds of websites accepting financial transactions encrypt the data they receive. In contrast, every transactional website run by a very large respondent uses encryption.
  • Controls over authorised wireless networks have improved. The number of unprotected networks has halved since 2004. However, there is no room for complacency: one in five firms still lacks any controls.
  • Few small businesses use VoIP telephony and 31% of large businesses have adopted VoIP and more are planning to use it over the next year. Half of the businesses that have implemented VoIP did so without evaluating the security risks.

The full results of the survey will be launched at Infosecurity Europe in London, 25–27 April.

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.