Imagine discovering your personal data had been compromised and first hearing about it on the news… that was the plight of more than 150,000 TalkTalk customers that fell victim to the wideley publicised data security breach in October. In this case, it was reported that 10% of TalkTalk customers had their bank account details accessed by online hackers.
Information security issues usually occur as a result of human behaviour, so could TalkTalk have avoided this damaging data hack by implementing a better system of measures?
Of course data security is IT centric, but it’s not simply an IT issue. Keeping customers safe requires an organisation’s physical and technological systems to be ‘jointed-up’ for optimum protection. Such robust checks and measures are detailed in the internationally recognised Information Security Management standard, ISO 27001. Followed correctly, businesses could avoid incurring debilitating data breaches, while providing their customers with the duty of care they have a right to expect.
The BBC’s Panorama programme shone their investigative light on this subject last week and showed how hackers go about stealing your ID, and what straightforward preventative measures we can all take to help stop such cyber crimes in their tracks. It also lifted the lid on how such criminals profit from (what is meant to be) private and confidential customer information!
The cost of crime for small and medium sized enterprises (SMEs) can be equally as devastating and long lasting, with “over half (51%) of SMEs in the UK having been targeted by cyber crime; costing owners a collective £25million [ADT]. Such Information Security breaches could be largely avoided by implementing the ISO 27001 standard; ensuring certified organisations avoid having to break the bad news to their customers or suffer the damage to their reputations and profits.
Cyber crime may not be able to be eradicated but it can be drastically reduced by adopting proven checks and measures. Below, leading business systems certifier, the British Assessment Bureau, outlines best practice to stay safe online and the benefits of implementing the ISO 27001 standard.
RECOMMENDED WATCH: BBC 1’s Panorama: “How hackets steal your ID”
|TIP: It only takes 10 minutes to crack a lowercase password that is 6 characters long. Add 2 extra letters and some uppercase letters and it could take up to 3 years to crack that password. Add 1 more character and some numbers / symbols and it will take 44,530 years to crack!|
How to Stay Safe Online
Organisations have the ability to prevent information security risks, by implementing the internationally recognised ISO 27001 standard. ISO 27001 defines how an organisation should approach its Information Security Management project and specifies the essential components; achieving certification also provides credibility for those claiming their clients’ information is secure.
|In a survey by Liebermann, they found that 39% of IT staff could get unauthorised access to their organisation’s most sensitive information.|
Developed by experts as a best practice standard, the ISO 27001 enables organisations to formalise and verify that risks can be effectively identified and managed, whether it done by elimination, minimisation or mitigation. It also exhibits that client and stakeholder’s personal information is taken seriously and kept secure. As a result this makes winning new business easier and helps to retain existing clients.
The ISO 27001 is a straight forward approach to Information Security Management standards and can be used by businesses of any size and in any sector. Research has proven that it helps improve staff morale, therefore increasing employee retention and company credibility.
|59% of consumers avoid shopping online with SMEs because of fears over cyber security. However, 82% would buy more online from SMEs if the businesses were better at showing how well protected they are from cyber crime.|
By implementing the ISO 27001 Information Security Management systems within the day to day running of the business, it allows an organisation to demonstrate complete compliance and will gain the status as a preferred supplier in the industry, meeting more tender expectations along the way. Ultimately, with these processes in place, a business has the control of their own risk management. These risks could include fraud, theft, systems failure, data corruption, physical theft, and more.
In addition, ISO 27001 is designed to be compatible with other popular Management System Standards such as ISO 9001 (Quality), ISO 14001 (Environmental) and OHSAS 18001 (Health & Safety) and can be seamlessly integrated any of these. The update to the standard, which took place in October 2013, took into account the changing world of information security, where cyber-crime, cloud computing and smartphones have considerably changed the landscape. ISO 27001 is recognised as the best practice standard for demonstrating information security credentials.
|Britain is being targeted by as many as 1,000 cyber-attacks per hour. Staggeringly, 54% of firms don’t regularly monitor their IT systems for breaches.|
As all organisations are susceptible to information security breaches, you should ensure that you have the knowledge and ability to minimise risks. My implementing structure, staff will know what to do, how to do it and when; while clients will be assured their information is safe.