229
All Enquiries
please call +44 (0)121 241 2299
The growth in online business is benefitting companies throughout the UK, but there are risks involved with this continuing expansion.

UK businesses of all sizes are vulnerable to hacker-attacks that aim to steal data that can be sold on the open market to fraudsters. Hacking can also disrupt business operations and systems, this can have a devastating impact. The time and resources needed to recover from a breach, loss of data and damage to a company’s reputation can run into the millions of pounds.

However, it is not just large organisations that are at risk; figures indicate that 74% of small businesses have suffered a cyber breach (figures reported in 2014/2015).

How can ISO 27001 protect my business?

Cyber_risk_insuranceRisks can come from a variety of sources including:
  • Employees, deliberate act or accidental through lack of understanding
  • Hacker-attacks, on computers and servers
  • Phishing, via emails
  • Loss of hardware, such as laptop or removable media that get into the wrong hands
  • Home and mobile working, leading to a reduction in security levels
  • Malware infection
Any one of the above risks could cripple an organisation and lead to an expensive and time consuming recovery.

Certification to ISO 27001 provides an effective information security management system (ISMS) that can be implemented throughout the organisation.

An effective ISMS will identify potential risks and establish a management processes that will help to eliminate, or minimise the effect of an incident, when it occurs.

A disaster recovery plan is established to ensure organisations can get back to “business as usual” as quickly as possible following a breach.

Continuous monitoring and improvement of the system is carried out through annual audits to maintain your ISO 27001 certification. This will identify any new threats or gaps in procedures, to help you maintain a high level of protection.

For more information call one of our team to discuss how ISO 27001 can benefit your organisation.
 
One of the risks facing businesses in 2016 is the increase in cyber crime.

Balloon-popping-business-riskThe ISO 27001 international standard provides an effective information security management system (ISMS) focused on identifying areas of risk and developing a system for managing and minimising those risks.

Areas at risk include:
  • Computer hardware and systems
  • Data stored locally and off site
  • Intellectual property
  • Employees’ personal details
  • Data and equipment belonging to contractors
  • Suppliers’ assets
  • Customer information
Threats come from a variety of sources including natural disasters, hacker attacks, computer viruses and the consequences of stolen information.

As a result of an incident, an organisation could not only be faced with the costs of putting right the damage and coping with the effects on the business, but could face legal implications connected with the breach.

Costs can run to millions of pounds and with cyber attacks and unpredictable weather conditions increasing, it is more important than ever to manage the risks to your business.

How will ISO 27001 protect my business?
First stage is to appoint an experienced ISO 27001 consultant who will help you to set up an effective management system tailored to your business. They will identify the risks to your business and develop a process to manage those risks together with an ongoing system of monitoring and continual improvement.

Working with members of your team, your appointed consultant will be able to apply industry best practice and using their experience, provide a workable system that will:
  • Review current procedures
  • Identify risks
  • Assess threats to assets
  • Highlight gaps and areas for improvement
  • Establish a system of management and control
  • Provide processes and procedures
  • Continually improve the system with audits and reviews
ISO 27001 Certification
Once you are satisfied that your ISMS is established in line with the requirements of ISO 27001, you will be ready for auditing by an independent accredited certification body. In the UK, you should check they are UKAS accredited.

For more information contact one of our team.

Cyber_crimeAccording to the FSB (Federation of Small Businesses, The Voice July/August 2014), a smaller number of businesses are experiencing information security breaches and cyber attacks than a year ago.


This sounds like good news but the downside is that the cost of dealing with incidents has increased significantly (research carried out by PricewaterhouseCoopers).


In 2012, the average cost of the worst security breach they experienced was between £35,000 and £65,000 and in 2013 it was between £65,000 and £115,000. These amounts are significant enough to severely damage your business.


Think about all of the data that your organisation stores on digital devices; client and employee information, business critical data, accounting records.


Prevention is always better than cure and one way to mitigate the risks of cyber crime is to have a robust system of management in place. This will not only minimise the chances of a breach but will also reduce its impact on the business, should an attack get through your defences.


It’s not just the cost of rectification that can damage your company; recent high profile cases have shown that a company’s reputation is also at stake.


Information Security Management System (ISMS)
ISO 27001 accreditation provides an auditable management process to international standards and provides a structure to help you improve the security of your information.


The management process you implement will provide a “best practice” system that will help you to identify the risks and maintain the necessary controls to minimise or eliminate the possibility of a security breach.


ISO 27001 certification will demonstrate that your company’s security management system has been independently assessed and verified.


Benefits of ISO 27001 certification include:

 

  • An internationally endorsed best practice framework to manage cyber threats and attacks
  • Supplier and customer confidence in your security systems
  • Reduces costs if a breach does occur
  • Protects your company’s reputation
  • A plan to limit data loss and return business systems to normal


ISO 27001 auditors
You should always use a trusted certification body, which is UKAS accredited.


This is a specialist area and you will need an experienced auditor to work with your team to provide a system that will work for your particular information protection requirements.


Ideally they will have experience of your particular industry sector and can use their knowledge of best practice to provide the best possible system.