23 Apr, 2014
Information leakage is the most prevalent vulnerability found with a likelihood of 55% to have at least one serious vulnerability appearing on a site…
86% of all websites had at least one serious vulnerability during 2012…
Only 68% of consumers have ever had security training…
78% of employees can access business information from personal devices…
61% of employees have taken data out of the company to leverage it for a new job…
*Sources: SC Magazine, Welivesecurity.com, DocTrackr Data security Blog
You should be, these are nail biting statistics for businesses around the world, that are becoming more and more in the foreground of running a business.
“Computer security is information security as applied to computers and networks. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorised access, change or destruction”
Did you know? “More than 70% of people would reveal their computer password in exchange for a bar of chocolate. 33% said they shared passwords or wrote them down”. (Source: BBC)
A good, strong password is easy to remember, but difficult to guess. Now, my memory has it’s off days and if your password is 20 characters, you may have a little difficulty remembering it.
If you have no other choice but to write it down, make a change to it so someone else reading it will not be able to use it directly, i.e. if it’s “J472cEeA”, write “J250cEeA” (subtract 2 from each digit).
You could implement a password policy into the business – for example – update every 3 months, must contain a minimum of 8 characters and include, symbols, lower/UPPER case letters and numbers. Do not write down/Do not share. Not only implementing the policy, but also explaining the importance of why to all of the employees.
Another important factor is to not send your password over a computer network, or store it on a computer, without encrypting it and of course this means don’t send it without doing the same over email!
They shouldn’t contain any piece of the “real name” associated with your account (so user Adam J whose name is “Adam Jones” cannot have Adam!123 or 37Jones# as his password).
Also remember to have different passwords for different accounts/applications, if one of your accounts was to be compromised and all of your accounts had the same password – you could be putting all of your information at risk.
You could look at implementing an ISO 27001 information security management system into your business. It is a systematic and pro-active approach to effectively managing risks to the security of your company’s confidential information.
The ISO 27001 system promotes efficient management of sensitive corporate information, highlighting vulnerabilities to ensure it is adequately protected against potential threats. It encompasses people, process and IT systems.
Information is an asset which, like other important business assets, has a value to an organisation and consequently needs to be suitably protected.
This standard will help your company coordinate all your security efforts both electronically and physically, coherently, cost effectively and with consistency and prove to potential customers that you take the security of their personal / business information seriously.
The main benefits of the ISO 27001 standard include:
To your customers:
To your staff:
The standard has also been recently updated to 2013 version and we are one of the first ISO Certification company in the UK to be implementing this to our clients.
One of our clients had this to say about the ISO 27001 Information Security Standard:
“ISO 27001 certification is another sign of our commitment to showing our customers why they can have the highest confidence in using us. Our control of confidential information is robust and through routine auditing and increasing employee awareness we shall ensure that it stays that way. We see this certification as a demonstration to clients who place high value on ensuring confidentiality by further improving the trust throughout all levels of the business relationship”
To read the full testimonial click here
For information on the ISO 27001:2013 standard, please contact the office on 01905 670 303 or email us
Where can you get more information and advice?
Get Safe Online – Practical advice on all aspects of cyber protection for small businesses.
Action Fraud – Report internet crime and find guidance on preventing fraud.
FSB – Federation of Small Businesses.
Intellect – Advice and support from the UK technology industry trade association.
ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.
Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.