Information Security Management
In businesses today, information held electronically in computers such as accounts, personnel records, product drawings, manufacturing data, sales/marketing campaigns and email, is more important than the hardware which houses it. Such information is vital to the continuing running of the business and yet it often is less secure than the £50 in the petty cash box.
If someone stole your petty cash you’d soon find out. But if someone stole a copy of a data file, for instance, your customer list, would you know immediately? An effective information security management process is essential in order to protect this vital resource.
The objective of information security management is to implement appropriate measures in order to eliminate, or at least minimise, the impact that cybercrime can have on your organisation. Crucial risks to the business need to be understood and made secure. Although these risks can change on a daily basis, if handled correctly, the benefits will soon be realised.
To address these risks, here are examples of ways in which ibd advisors can benefit your organisation:
- IT risks are identified and practical measures implemented to reduce potential incident impact
- The potential for business disruption is significantly reduced, as well as avoidance of potential damages and losses
- Maintaining confidentiality of personal data helps build your reputation as a trusted employer
- Ensure legal compliance (particularly for Financial Services sector)
- Competitive advantage in compliance for Public Sector tenders
- Promote a professional and respected image with partners, customers and suppliers
- Security provides your organisation with greater stability to consider plans for future expansion or diversification
At ibd we have a number of specialists who can design, implement and maintain a logical set of practical procedures and systems. These will be tailored to your needs to manage potential risks to your vital business data. If appropriate, they can provide a route towards a UKAS approved accreditation to the formal ISO/IEC 27001 standard.
According to the latest Risk Value report from NTT Com Security, the majority of businesses in the UK (57 per cent) nowadays expect to be breached, and anticipate it would cost them £1.2 million on average. This is the highest number globally, the report adds. This does not include hidden cost like brand erosion and reputational damage. UK's businesses expect the recovery to last at least two months, following a 13 per cent drop in revenue
Lack of attention to Information Security Management will leave a company at risk from a variety of threats, both internal and external. Engaging with an ibd adviser will help ensure that:
- All operating systems and applications are up to date.
- Anti-malware is installed and effectively used to prevent attacks by viruses, trojans, spam, worms, keyboard loggers and spyware.
- Policies regarding employee use of email and the internet are in place to prevent misuse and company liability. Including the use of social networks, instant messaging etc. relating to a business context versus private.
- Confidential or business sensitive files are secured using encryption.
- System access controls are established to restrict access to confidential peer information, or valuable customer data. Prevention of ex-employees or those under disciplinary procedures from removal, corruption or passing on data to unauthorised users.
- System and mobile device firewalls are put in place and demonstrated to be effective.
- Offsite backup of data is secure and a recovery exercise conducted to prove effectiveness.
- There is compliance with the Data Protection Act. Breaches, whether intentional or accidental, can lead to criminal prosecution, fines & custodial sentences
- IT best practice is introduced to all employees.
- The provision of data access should normal business access be denied, eg, fire in the locality.
There is always a temptation to avoid taking action until the need becomes urgent, but as in so many areas of corporate risk, pre-empting the danger can save a business in the long term.
Need More Information?
Talk to one of our Info Security specialists at ibd, who can assess your risks and advise on the most economic way to mitigate potential damage to your business.