Who has access to your data?

23 Apr, 2014

Information leakage is the most prevalent vulnerability found with a likelihood of 55% to have at least one serious vulnerability appearing on a site…

86% of all websites had at least one serious vulnerability during 2012…

Only 68% of consumers have ever had security training…

78% of employees can access business information from personal devices… 

61% of employees have taken data out of the company to leverage it for a new job…

*Sources: SC Magazine, Welivesecurity.com, DocTrackr Data security Blog

Sitting on the edge of your seat?

You should be, these are nail biting statistics for businesses around the world, that are becoming more and more in the foreground of running a business.

Can I ask you…

  • What are YOU doing to protect your business?
  • ISO 27001What would you do if it was YOUR website that had a serious vulnerability?
  • What happens if your employees had access to YOUR data on their personal device?  Can I ask, what would happen if that employee lost their personal device?
  • What happens if an employee was to take data away from YOUR business for a new role?
  • Last question… What impact would it have on your business?  

What is Cyber Security?

“Computer security is information security as applied to computers and networks.  The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorised access, change or destruction”

How can YOU protect YOUR business?

Passwords

Did you know? “More than 70% of people would reveal their computer password in exchange for a bar of chocolate. 33% said they shared passwords or wrote them down”. (Source: BBC)

ISO 27001A good, strong password is easy to remember, but difficult to guess.  Now, my memory has it’s off days and if your password is 20 characters, you may have a little difficulty remembering it.

If you have no other choice but to write it down, make a change to it so someone else reading it will not be able to use it directly, i.e. if it’s “J472cEeA”, write “J250cEeA” (subtract 2 from each digit).

You could implement a password policy into the business – for example – update every 3 months, must contain a minimum of 8 characters and include, symbols, lower/UPPER case letters and numbers.  Do not write down/Do not share.  Not only implementing the policy, but also explaining the importance of why to all of the employees.

Another important factor is to not send your password over a computer network, or store it on a computer, without encrypting it and of course this means don’t send it without doing the same over email!

They shouldn’t contain any piece of the “real name” associated with your account (so user Adam J whose name is “Adam Jones” cannot have Adam!123  or 37Jones# as his password).

Also remember to have different passwords for different accounts/applications, if one of your accounts was to be compromised and all of your accounts had the same password – you could be putting all of your information at risk.

 International Security Standards – ISO 27001:2013

You could look at implementing an ISO 27001 information security management system into your business.  It is a systematic and pro-active approach to effectively managing risks to the security of your company’s confidential information.

The ISO 27001 system promotes efficient management of sensitive corporate information, highlighting vulnerabilities to ensure it is adequately protected against potential threats. It encompasses people, process and IT systems.

Information is an asset which, like other important business assets, has a value to an organisation and consequently needs to be suitably protected.

This standard will help your company coordinate all your security efforts both electronically and physically, coherently, cost effectively and with consistency and prove to potential customers that you take the security of their personal / business information seriously.

The main benefits of the ISO 27001 standard include:

To you:

  • Cost reductions as a result of avoiding incidentsISO 27001
  • Smoother running operations as responsibilities and processes are clearly defined
  • Improved business image in the marketplace – customers have peace of mind that the company is trustworthy

To your customers:

  • Working with a trustworthy provider maintains the company’s own integrity to the safeguarding of its data
  • Instills confidence further down the supply chain resulting in stronger customers / supplier relationships

To your staff:

  • Having appropriate access controls in place lowers the risk of accidental exposure to employees of confidential/sensitive information
  • Reassurance that their employer is meeting data handling security guidelines
  • Defines clearly and precisely roles and responsibilities therefore job satisfaction and productivity is increased

The standard has also been recently updated to 2013 version and we are one of the first ISO Certification company in the UK to be implementing this to our clients.

One of our clients had this to say about the ISO 27001 Information Security Standard:

ISO 27001 certification is another sign of our commitment to showing our customers why they can have the highest confidence in using us. Our control of confidential information is robust and through routine auditing and increasing employee awareness we shall ensure that it stays that way. We see this certification as a demonstration to clients who place high value on ensuring confidentiality by further improving the trust throughout all levels of the business relationship”

To read the full testimonial click here

For information on the ISO 27001:2013 standard, please contact the office on 01905 670 303 or email us

Where can you get more information and advice?

Get Safe Online – Practical advice on all aspects of cyber protection for small businesses.

Action Fraud – Report internet crime and find guidance on preventing fraud.

FSB – Federation of Small Businesses.

Intellect – Advice and support from the UK technology industry trade association.

ISO 27001

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

News Archive

  • News Archive

Featured News