10 Mar 2009
Since 2001, investment advisory group Baillie Gifford has increased the number of dedicated IT security professionals it employs from two to 12.
“Security has always been very important to us, with a lot of focus on external access to systems and internal privileges of staff, but over the past few years a lot more effort has been made regarding governance and the risk management framework of the business regarding the documenting and explaining of the framework to auditors internally and externally,” says Richard McGrail, head of IT at Baillie Gifford.
Further reading
There has always been a pressure to balance data security with accessibility, but recently that balance has tilted towards stronger security, says McGrail. The number of high-profile incidents of data loss has intensified the scrutiny of security practices in the financial services sectors, he adds.
“The blizzard of data losses has cranked the pressure up – and although the publicity may be over-hyped, it is a good thing,” says McGrail.
To ensure that Baillie Gifford stays ahead of the game it has applied for ISO27001 accreditation an information security management best practice standard. The firm will undertake a mock audit this month, and aims to achieve accreditation by September.
As part of that effort, Baillie Gifford now uses encryption technology to protect data residing on its laptops and restricts the use of USB drives. “Only a small number of people can write to a USB port and we have approved Baillie Gifford encrypted USB sticks,” says McGrail.
Laptops are now installed with biometric fingerprint scanners for user authentication and use Microsoft’s BitLocker encryption technology. Additional security is provided by laptop tracking service Computrace, so that any stolen device can be traced or have its data remotely deleted.
All data is classified into three levels of sensitivity with customer and private information treated with the highest level of security including encryption and secure FTP (file transfer protocol) to transfer data, and human checks such as signing out the transfer of data.
“We rely on human and electronic checks for handling data and the levels depend on its sensitivity,” says McGrail.
The company has also undergone penetration tests of its network by two separate companies.
Have your say on this article
Newsletters
Latest stories from Privacy
Latest videos
You may also like
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
