229
All Enquiries
please call +44 (0)121 241 2299
A recent article on the BBC news website highlighted an incident at Eurofins, one of the UK’s largest forensic service providers. In June 2019 a ransomware attack severely affected the lab’s ability to provide their services to the Police. Work had to be suspended for seven weeks resulting in investigations and trials being delayed.

A senior manager at the company commented that cyber-crime could happen to any organisation, warning “It’s a threat to society” and all business sectors are vulnerable.

A cyber-readiness report from Hiscox in 2019 found that a significant majority of the firms surveyed reported that they had experienced one or more cyber-attacks with 61% reporting an attack last year, up from 45% the previous year.

The report also stated that the scale of ransom demands has risen, cyber-crime is now an unavoidable cost of doing business today.
https://www.hiscox.co.uk/cyberreadiness

What is Ransomware

Computer-infected-by-ransomware-virusCyber criminals target victims and infect their computers with malicious software. The software locks and encrypts the computer’s data to prevent access to the user. A ransom demand is then made to get your data unlocked. However, there is no guarantee your data will be unlocked after you have paid. More sophisticated criminal gangs target business networks and can cause chaos by encrypting multiple devices at once.

Phishing by hackers is one of the main methods used to gain access to computer networks. Targeting a user with what looks like a legitimate email to get them to open an attachment or click on a link that installs malware on their network and enables hackers to steal usernames and login details. Training for your employees is vital to make them aware of the risks.

Another approach by hackers is trying multiple usernames and password combinations in the hope that one will work so they can gain access to your computer network.

Just as effective is a Denial of Service attack where multiple machines bombard a single host with server requests until the server crashes and leaves your computer network unavailable until a solution can be found.

Cyber-crime protection with ISO 27001 certification

ISO 27001 is an internationally recognised Information Security Management System (ISMS). Certification to ISO 27001 will provide a framework to help you to manage the risks, train your employees, monitor and control your system networks and continually improve your management system. The ISO 27001 certification process will keep all your information assets secure by setting up a framework which would include:
  • Risk assessments covering where your data is stored and identifying any vulnerabilities
  • Training your employees to spot suspicious emails and warning them against opening attachments and links from unknown senders. This is very often the method used by cyber-criminals to spread malware.
  • Improving system security including firewalls, network management, anti-virus protection, access control, asset management, software installation, patch management, password management, back-ups and audits are some of the measures in the framework
  • Process for responding to a cyber-attack to mitigate the damage and repair the system to get you back up and running as soon as possible
  • Reporting, monitoring and logging activities to continually improve your system and keep up to date with the latest requirements.
The ISO 27001 ISMS covers more than just loss through cyber-attack. It also includes data loss or damage caused by natural disasters, theft and mismanagement.

Cyber-crime can have other devastating effects on your business. Legal regulations may have been breached and claims for compensation will have to be dealt with if sensitive information about your customers or suppliers gets into the wrong hands.

The ensuing adverse publicity and damage to your reputation will need to be managed to minimise the effect on your business.

You may have to bring in experts to fix the breach of your computer systems and consider how you will cover any financial losses.

Implementing ISO 27001 will provide a framework for identifying cyber risks to your business and establish processes needed to protect your information assets.
To find out more about the benefits of ISO 27001 ISMS, call one of our team on 0121 241 2299 or request a quote.
ISO 27001 is one of the most recognised standards for Information Security Management and is part of the globally respected ISO suite of Management System Standards.

Since the introduction of the ANNEX SL framework, organisations already certified to one ISO Management System Standard will now find it easier to comply with other ISO standards, such as ISO 27001, due to a common clause framework across ISO standards.

Certification demonstrates that you have a robust management system to comply with the latest security, privacy and compliance requirements for today’s digital age.

Suitable for all sizes of organisation
Blue chip companies, global cloud service providers and small to medium sized businesses are aware of the risks of cybercrime and the havoc it can cause an organisation.

ISO-27001-cloud-services-protectionGoogle Cloud is one organisation that has realised the value of regular independent third-party audits of security, compliance and data processing frameworks needed to achieve ISO 27001 certification.

You don’t have to be as big as Google to benefit from ISO 27001 certification. Recent research by Beaming (UK Internet Service Provider) showed that in the UK, small businesses bore the brunt of £17 billion worth of cyber-attacks in 2018. ISO 27001 is as relevant to small businesses as it is to large organisations and provides a framework to protect SMEs from outside attack and internal errors by employees.

With more businesses relying on cloud services, choosing the right provider and assessing how your employees share information requires a high level of control to ensure data is not inadvertently shared with the wrong group of people, or worse, publicly.

Whether you have your own self hosted IT or you rely on cloud-based services, having regular independent third-party audits of your Information Security Management Systems (ISMS) will protect your IT network from a range of events.

ISO 27001 certification
Part of the certification process is to identify the information held, look at the risks and threats and put in place a framework to minimise a breach.

Loss of data can come from many sources and can include hackers, your own employees and natural disasters such as fire and flood.

Having a system of checks and controls will help to prevent a breach and provide procedures to minimise the impact of a loss.

A range of security controls are the backbone of the standard and include (not fully inclusive):
  • Security policies
  • Employee security
  • Management of data assets
  • Access control
  • Encryption
  • Physical and environmental security
  • Incident management
  • System maintenance
  • Business continuity
  • Regulatory compliance
To minimise your risks of falling victim of an inadvertent click on a phishing email by an employee, a deliberate cyber-attack or a natural disaster, call ACS Registrars on 0121 241 2299.
One of the risks facing businesses in 2016 is the increase in cyber crime.

Balloon-popping-business-riskThe ISO 27001 international standard provides an effective information security management system (ISMS) focused on identifying areas of risk and developing a system for managing and minimising those risks.

Areas at risk include:
  • Computer hardware and systems
  • Data stored locally and off site
  • Intellectual property
  • Employees’ personal details
  • Data and equipment belonging to contractors
  • Suppliers’ assets
  • Customer information
Threats come from a variety of sources including natural disasters, hacker attacks, computer viruses and the consequences of stolen information.

As a result of an incident, an organisation could not only be faced with the costs of putting right the damage and coping with the effects on the business, but could face legal implications connected with the breach.

Costs can run to millions of pounds and with cyber attacks and unpredictable weather conditions increasing, it is more important than ever to manage the risks to your business.

How will ISO 27001 protect my business?
First stage is to appoint an experienced ISO 27001 consultant who will help you to set up an effective management system tailored to your business. They will identify the risks to your business and develop a process to manage those risks together with an ongoing system of monitoring and continual improvement.

Working with members of your team, your appointed consultant will be able to apply industry best practice and using their experience, provide a workable system that will:
  • Review current procedures
  • Identify risks
  • Assess threats to assets
  • Highlight gaps and areas for improvement
  • Establish a system of management and control
  • Provide processes and procedures
  • Continually improve the system with audits and reviews
ISO 27001 Certification
Once you are satisfied that your ISMS is established in line with the requirements of ISO 27001, you will be ready for auditing by an independent accredited certification body. In the UK, you should check they are UKAS accredited.

For more information contact one of our team.
Many businesses operate quite successfully without being ISO certified; however in today’s crowded market place, being certified by a UKAS accredited certification body can give you a competitive edge. It may even be a requirement before you can start the relationship.

Goldfish_jumping_continual_improvementFor example, if you are looking to access new markets, getting certified will give potential customers confidence in your management systems and your ability to meet their requirements. The standards are international and are therefore recognised across global markets.

When you have a robust management system in place, your business will be able to streamline operations and improve productivity that will help to increase profits.

By assessing risks from natural disasters, accidents, cyber-crime or mismanagement, you will be able to mitigate their impact on your business.

Environmental disasters get much more publicity these days and keeping ahead of regulations and legislation is more important than ever. Demonstrating your commitment to reducing the impact that your operations have on the environment will enhance your reputation with your employees and customers.

There are a wide range of international standards available for organisations of all types and sizes and you can select the most relevant for your business.

The ISO standard or standards that you choose to meet your particular needs will help to meet the everyday challenges and risks faced by all organisations.

These are some of the more popular standards available:
  • ISO 9001     Quality Management Systems
  • ISO 14001     Environmental Management Systems
  • OHSAS 18001     Occupational Health and Safety Management Systems
  • ISO 27001     Information Security Management Systems
  • PAS 43         Safe Working of Vehicle Breakdown and Recovery Operators
  • NHSS 17     Quality Management for Vehicle Recovery at Highway Construction Sites
  • NHSS 17b     Quality Management for Vehicle Recovery and Removal on Controlled Roads
  • PAS 80         Automotive Garage Services - Service and Repair of Vehicles
  • HACCP         Hazard Analysis and Critical Control Point Systems

The benefits to businesses are wide ranging and will provide a management system and structure that will help your business to become more efficient and sustainable.

Do you need ISO certification? Call us for a free, no obligation discussion to find out which ISO standard you need for your business. We are a UKAS Accredited Certification Body.

 

Cyber_crimeAccording to the FSB (Federation of Small Businesses, The Voice July/August 2014), a smaller number of businesses are experiencing information security breaches and cyber attacks than a year ago.


This sounds like good news but the downside is that the cost of dealing with incidents has increased significantly (research carried out by PricewaterhouseCoopers).


In 2012, the average cost of the worst security breach they experienced was between £35,000 and £65,000 and in 2013 it was between £65,000 and £115,000. These amounts are significant enough to severely damage your business.


Think about all of the data that your organisation stores on digital devices; client and employee information, business critical data, accounting records.


Prevention is always better than cure and one way to mitigate the risks of cyber crime is to have a robust system of management in place. This will not only minimise the chances of a breach but will also reduce its impact on the business, should an attack get through your defences.


It’s not just the cost of rectification that can damage your company; recent high profile cases have shown that a company’s reputation is also at stake.


Information Security Management System (ISMS)
ISO 27001 accreditation provides an auditable management process to international standards and provides a structure to help you improve the security of your information.


The management process you implement will provide a “best practice” system that will help you to identify the risks and maintain the necessary controls to minimise or eliminate the possibility of a security breach.


ISO 27001 certification will demonstrate that your company’s security management system has been independently assessed and verified.


Benefits of ISO 27001 certification include:

 

  • An internationally endorsed best practice framework to manage cyber threats and attacks
  • Supplier and customer confidence in your security systems
  • Reduces costs if a breach does occur
  • Protects your company’s reputation
  • A plan to limit data loss and return business systems to normal


ISO 27001 auditors
You should always use a trusted certification body, which is UKAS accredited.


This is a specialist area and you will need an experienced auditor to work with your team to provide a system that will work for your particular information protection requirements.


Ideally they will have experience of your particular industry sector and can use their knowledge of best practice to provide the best possible system.