According to the FSB (Federation of Small Businesses, The Voice July/August 2014), a smaller number of businesses are experiencing information security breaches and cyber attacks than a year ago.
This sounds like good news but the downside is that the cost of dealing with incidents has increased significantly (research carried out by PricewaterhouseCoopers).
In 2012, the average cost of the worst security breach they experienced was between £35,000 and £65,000 and in 2013 it was between £65,000 and £115,000. These amounts are significant enough to severely damage your business.
Think about all of the data that your organisation stores on digital devices; client and employee information, business critical data, accounting records.
Prevention is always better than cure and one way to mitigate the risks of cyber crime is to have a robust system of management in place. This will not only minimise the chances of a breach but will also reduce its impact on the business, should an attack get through your defences.
It’s not just the cost of rectification that can damage your company; recent high profile cases have shown that a company’s reputation is also at stake.
Information Security Management System (ISMS)
ISO 27001 accreditation provides an auditable management process to international standards and provides a structure to help you improve the security of your information.
The management process you implement will provide a “best practice” system that will help you to identify the risks and maintain the necessary controls to minimise or eliminate the possibility of a security breach.
ISO 27001 certification will demonstrate that your company’s security management system has been independently assessed and verified.
Benefits of ISO 27001 certification include:
- An internationally endorsed best practice framework to manage cyber threats and attacks
- Supplier and customer confidence in your security systems
- Reduces costs if a breach does occur
- Protects your company’s reputation
- A plan to limit data loss and return business systems to normal
ISO 27001 auditors
You should always use a trusted certification body, which is UKAS accredited.
This is a specialist area and you will need an experienced auditor to work with your team to provide a system that will work for your particular information protection requirements.
Ideally they will have experience of your particular industry sector and can use their knowledge of best practice to provide the best possible system.