If big companies can be hacked, what does it mean for smaller ones?

16 Sep, 2019

Everything’s on the line – the security of the company has been compromised, the company is getting bad PR, fines are on the horizon and a reputation is being torn apart with potentially devastating long term effects.

On top of this, people are speculating and questioning – how did this happen? Has anything of mine been compromised? What happens now?

A prime example of a breach that unnerved the companies and their customers in August and September of last year, was British Airways. Users of the BA website were unknowingly diverted to a fraudulent website, where hundreds of thousands people had their personal details, such as credit card details, stolen. This particular breach resulted in the ICO (Information Commissioner’s Office) issuing the company (BA) a £183m fine…

During early May this year, the popular message application, WhatsApp, was a victim of a hack. A sophisticated type of spyware called ‘Pegasus’ was created in Israel, along with a wave of panic throughout the network. This was a complete violation of privacy, as hackers gained access to messages, photos, contacts and more. Every single user of WhatsApp was potentially hackable, with no way of identifying if your account had been affected.

Finally and most recently, during July of this year, Capital One experienced a security breach in which a ‘configuration vulnerability’ was exploited by a lone hacker. This was to get access to 100 million credit card applications and accounts.

So, what does this mean for smaller businesses? Large organisations are often targeted as they have more information and the effects will be more damaging. However, small businesses get hacked for information too. A key motive of hacking a smaller business is that it’s generally assumed they don’t have as sophisticated security measures in place, therefore it’ll be easier. Smaller businesses also often hold information as they are in connection with large businesses, which is of value.

Having your own standard policies and security measures in place may no longer be adequate, especially as it’s not enough for many large companies. ISO certification is a comprehensive way of protecting your business, encompassing people and processes as well as external factors.

Picture this: your house, something that’s valuable and important to you. You install the most sophisticated CCTV and security system you can find. However, whilst you’re at work, your teenage daughter decides to leave through the back door and leaves the door open behind her whilst browsing her phone. Can you see where I’m going with this?

There’s zero use in installing all that security if not everybody that should be involved, is involved in knowing the importance of utilising it. This is the same in a business. You can have security measures and procedures in place, but if it’s not rolled out to the entire team and stays where it was made, it’s a waste of effort. Staff competency, as well as the official procedures and documents, is something the ISO 27001 ensures is covered.

Find out more about why companies are securing their business’ information with ISO 27001, and setting themselves apart from the competition.