229
All Enquiries
please call +44 (0)121 241 2299
The government is aiming to make the UK “the safest place in the world for young people to go online” (https://www.gov.uk/government/news/government-launches-major-new-drive-on-internet-safety).

This is the latest of a long list of government initiatives put in place recently to combat cybercrime against the general public and businesses.

A recent report from the British Chambers of Commerce found that even though one in five businesses had been attacked in the last year, only 24% had security measures in place.

Cyber-InsuranceISO 27001
ISO 27001 information security management system provides businesses with a framework to identify, cope with and recover from a cyber-attack.

By implementing a companywide management process and recovery strategy, ISO 27001 goes further than other solutions such as Cyber Essentials to help your organisation combat cybercrime.

Cyber Essentials is a government initiative set up to help businesses protect themselves against cyber criminals. Achieving the badge will help to identify risks to your business and protect your organisation from common cyber threats.

However, Cyber Essentials is not a replacement for ISO 27001 but can be used to compliment your security management system. For example, if you are bidding for government contracts, this is a mandatory requirement for some ICT products and services.

Achieving ISO 27001 certification gives you a solid foundation and makes getting a Cyber Essentials badge more straightforward.

ISO 27001 rerelease 2017
Though the actual content of the standard has not changed, there has been a recent update to reflect the new EN status.

BS EN ISO 27001:2017 has now been ratified by each of the 34 CEN-CENELEC member countries.

If you already have ISO 27001 certification, this will not change any of your current management systems for the time being. Updates will be published in the future and we will keep you advised if anything changes.
This is not the first time we have written about the vulnerability of businesses to cyber-attacks and the latest government survey does nothing to allay those fears. Though the statistics show that incidents of cyber-crime have reduced slightly, the costs of dealing with these breaches has almost doubled.

ISO_27001The following statement has been taken from the 2010 to 2015 government policy paper published 7th May 2015.

81% of large corporations and 60% of small businesses reported a cyber-breach in 2014.
With the cost for the worst cyber-security breach estimated between £600,000 to £1.15 million for large businesses and £65,000 to £115,000 for smaller ones, the government must look at new ways to protect businesses and make the UK more resilient to cyber-attacks and crime.”

Businesses affected by cyber crime
There have been some high profile cases:

eBay
Hackers managed to access an eBay corporate account to gather user’s personal information.

JP Morgan Chase
A neglected server provided access to contact details for its account holding customers.

Home Depot
Payment systems were infected with malware that allowed hackers to steal credit card details.

Employees’ responsibility
It is not just about server access; employees are much more mobile these days and carry around company information on laptops and mobile phones. Data is stored on removable media which can be copied or lost.
Malware can infect company computers and mobile phones. To protect against these risks, you will need to establish policies to ensure employees know what they should and shouldn’t do.

ISO 27001 information security management system
There are numerous ways an organisation can protect against cyber-crime. Choosing an internationally recognised standard that provides an auditable method of monitoring, protecting and managing information is one option.
Achieving ISO 27001 certification provides a framework of policies and procedures that will help prevent a security breach and limit the impact of a cyber-attack.

Using experienced consultants, you will be guided through the process, identifying any risks and tailoring the management process to your individual requirements. This will help to keep costs and disruption to a minimum should an incident occur.

Other benefits include:
  • Customers and business partners will have more confidence in your ability to keep their information safe.
  • Continuity of supply following an attack.
  • More reliable systems for storage of information.

ISO 27001 provides for a regular auditing procedure so you can continually improve your processes and keep up to date with the latest security measures to stay one step ahead of the criminals.