Protect Yourself – Getting Cyber Security Right

Did you know that 75% of all UK businesses have suffered from at least one cyber attack in the past 12 months? It’s a shocking statistic and one that puts the severity of the cyber security issue into perspective. Online criminals pose a persistent threat, and the sobering truth is that for that 25 % lucky enough not to have experienced an attack, it’s only a matter of time before they do.

We hear about cyber attacks and the impact they cause on an almost daily basis. Just earlier this month, the payday loan firm Wonga suffered a serious data breach as a result of a cyber attack which saw the confidential data of around 245,000 customers compromised. According to experts, it was one of the most significant data breaches in the UK that involved financial information.

Although it may seem like businesses are helpless to suffering from cyber attacks at any given moment, there are measures that can be taken to minimise the impact of any incident from both operational and financial perspectives.

Firstly, businesses must accept that the role of IT is changing, and cyber security needs to be the responsibility of the entire organisation, driven from the top down. This isn’t just to do with allocating additional budget, either; it involves looking at cyber security from a proactive point of view, which not only includes employee awareness but educating users in data ownership and their responsibilities in respect to that data.

Secondly, businesses should devise a cyber security strategy which allows them to prepare and effectively deal with a cyber attack and consequently mitigate any risks. Historically, most cyber attacks are caused by simple human error, whether it’s unknowingly clicking on a malicious link, providing information to a counterfeit website or using unapproved software, and so user awareness (making sure all staff are knowledgeable about the different types of attack and how to spot them) should be one of the primary focuses in any cyber security strategy.  Beyond that, the specifics of a cyber security strategy will very likely differ from one organisation to the next, depending on the size and nature of the business and the various assets it holds.

[easy-tweet tweet=”Cyber Essential is a government-backed scheme that addresses around 80% of cyber threats” hashtags=”Cyberthreats,Security “]

Regardless of the plans and policies businesses already have in place, they can always benefit from using an industry-recognised framework when assessing their own state of ‘cyber readiness’. Cyber Essentials and Cyber Essentials Plus (audited) are a simple but effective way of doing this. Cyber Essential is a government-backed scheme that addresses around 80% of common cyber threats, radically improving the security defences of any business.

By becoming Cyber Essentials and Cyber Essentials Plus certified, businesses are demonstrating to suppliers, partners and customers that they’re taking cyber threats seriously and have prepared themselves accordingly. Plus, with 80% of threats already addressed through these frameworks, businesses are perfectly positioned to tackle the remaining 20% with the advice and expertise of an IT or cloud service provider.

As well as Cyber Essentials, businesses might want to consider attaining the ISO27001 certification. For small businesses within a supply chain of a larger company that expects them to be aligned to ISO27001, it may not be cost effective to actually complete the ISO27001 certification.  For these businesses, there is an alternative cost-effective information security certification they can obtain. It’s called the IASME Governance standard. This standard was developed over several years during a Technology Strategy Board funded project and offers an affordable alternative to ISO27001 — the international standard that many larger companies aspire to achieve. To successfully achieve the IASME Governance standard, businesses must undergo an assessment against all of the ISO27001 Operational Control categories as well as a Cyber Essentials assessment.

Plus, as of March 1, 2017, the IASME Governance standard also includes a separate assessment that takes into account the imminent introduction of the General Data Protection Regulation (GDPR). This regulation is designed to standardise the procedures that must be carried out to protect against cyber attacks and is something that all businesses must adhere to from May 2018 onwards. As part of the GDPR, any business that fails to comply will be hit with significant fines — up to €10 million or 2% of annual global turnover — while those that suffer from a data breach will face an even worse punishment with potential fines of €20 million or 4% of annual global turnover, whichever is greater.

By successfully completing the IASME Governance standard scheme, businesses of all sizes can ensure that they are meeting every requirement outlined in the GDPR, and can operate confidently without living in fear of being fined.

There’s no doubting the irreparable damage that can be suffered at the hands of cyber criminals, but it is also well within the power of businesses to protect themselves sufficiently through cyber security strategies and best-practice frameworks.

+ posts

Hazel Freeman, managing principal consultant, professional services, PulsantHazel heads up the Business Advisory professional services practice. Hazel has been focusing on developing the IT Risk and compliance offering which fits well with M&A and any transformation as well as consulting on how IT strategy can be aligned to business strategy to make the most out of a company’s IT function which fits in with IT Economics and helping companies develop their business cases.  Already involved in PSN (Public Service Network) for Renfrew Council, performing an IT/Business Strategy review for SSP and more recently pitching to CII to review their Information assurance capabilities.

 

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

How AI is Transforming Customer Communication Management

Business communication has evolved over the years. Today, it's...

Investment Opportunities for Startups and Technologies in AI 

Although artificial intelligence developed from niche technology has become...

Four Surprising Lessons I’ve Learned Leading Tech Teams

Techies. Geeks. Boffins. Whatever your organisation calls its IT...

A Business Continuity Cheat Sheet

Right, let's be honest. When you hear "business continuity,"...

Challenges of Cloud & Ultima’s Solution to Transform Business

With the way that AWS and Microsoft dominate technology...