Press release
The biggest threat to your business might be talking to you now
(25 AUGUST 2016, LONDON, UNITED KINGDOM) There is another threat to your business. A real threat; one you speak to every day and one that may not know they are actually a threat to your operations. In fact, virtually all of us who work are this threat – we are employees and if we are uninformed about our roles, we can be the most dangerous person in your office.All a little over the top but the sentiment is a reality. Cybercrime is a widespread topic of concern and recent findings suggest that companies should not only worry about threats from external sources but also the increasing risk of internal threats. Recently, Ray Woodford, UK Product Manager for ISO 27001 and ISO 22301 at SGS United Kingdom Limited, looked at how businesses can better educate their staff on information security and why it happens in the first place. The company is also one of a small number of certification bodies in the UK to achieve UKAS accreditation to certify companies to ISO 22301 – the standard designed to help organisations respond to such threats.
The reality with many of these concerns is that there is a human element to them. When an employee accidentally opens a social media scam or phishing email, in most situations (after panicking) his or her immediate reaction is to promptly close the link, discard of the evidence and breathe a sigh of relief that the problem has hopefully disappeared or been resolved. The chances are that some of you have probably fallen subject to this slip-up on at least one occasion and it may have seemed harmless at the time, but this type of incident can be a business’s worst nightmare when it comes to keeping information secure. It is here that ISO 22301 certification can increase a company’s resilience and recovery as well as improving the risk profile with clients, insurers and other stakeholders.
With more than 50% of the worst data breaches in 2015 (HM Government Information Security Breaches Survey 2015) being caused by inadvertent human error and at least 75% of large organisations suffering staff-related security breaches (up from 58% in 2014), it is not hard to see why untrained staff can be the biggest nightmare for companies. These sorts of incidents are increasing and are a demonstrable threat to business continuity.
When an employee carelessly clicks on an unsafe link it is rarely done in full knowledge of the consequences. When a dangerous email link is opened it can result in malware being downloaded onto the equipment. This then leaves the equipment/network open to a variety of attacks; from financial loss or data loss to extortion (e.g. Cryptolocker). In addition, a high proportion of cybercrime is known to occur due to partial involvement of a rogue insider or an ex-employee. But the worry is that employees don’t recognise these as real threats.
A LogRhythm Survey revealed that 86% of UK consumers do not know what spearphishing is, while 40% of those have accidentally shared confidential information through clicking on suspicious links. Despite this, 66% of staff members do not receive any form of cyber security training. The disturbing reality is that if employees are not adequately trained then they are less likely to understand how to deal with or identify possible security breaches. Hackers can then exploit this vulnerability in order to infiltrate networks and open the door to an endless abyss of data. Many suppliers are now being asked for compliance with ISO 22301, particularly those working for government departments and multi-national corporations. The whole process of Business Continuity Management – identifying potential threats to an organisation and their impact – has taken on a new importance. Increasing numbers of organisations are now demanding evidence that their suppliers and business partners comply with information security management standards to protect themselves against cyber breaches. ISO 27001:2013 demonstrates the integrity of a company’s systems and their ongoing commitment to information security. This gives both current and potential customers confidence that their data is safe and secure.
The focus is no longer on the latest software on the market, companies must now be proactive and invest more time in educating their staff about the issues at hand. Employees need to understand that they too have an individual role to play in keeping their company’s information secure. Technology alone will not protect a company from an attack, particularly when outside threats are increasing as technology develops. Many cyber threats are now growing at a faster rate than the development of technology used to combat them. It is crucial for organisations to ensure that they have adequate information policies and procedures in place, along with a high level of staff awareness training, so that their employees are easily alerted to suspicious activity. Building a culture of information security throughout a company will help to reduce the risk of data breaches and minimise effects on assets and systems.
Ray Woodford understands this is a difficult issue for many organisations to take on board.
“Recent cyber attacks on businesses have been wake up calls about information security policies and controls. Employees need to be aware, trained and diligent about their actions in the workplace. The right procedures, the right information and the right accreditation offers a real solution to the problem of individual employee errors."
There is real hope though as HM Government Information Security Breaches Survey found that organisations with security policies and internal education programmes experience a third less breaches. Good news and more to come as the study confirmed that ISO 27001 – the Information Security Management Systems (ISMS) standard – remains the world’s leading standard for security management. It provides a best practice framework to help manage and protect information by considering every risk critical to identify potential threats. Certification to ISO 27001 also ensures that companies are meeting regulatory obligations and that their processes and procedures are good enough to protect the information that is vital to their business.
Organisations are not swimming in the dark in terms of cybercrime as there is enough help out there from organisations such as SGS. To help mitigate the risk of internal threats by ignorant or unsuspecting employees, ISO 27001:2013 focuses equally on training and the role of leadership to drive communications down to all executive levels so that staff are constantly informed about new policies.
It is hardly surprising to realise that if an organisation experiences a data breach it can take them months or even years to recover and some companies fail to recover at all. Effective technology is a vital defence, but if employers continue to overlook the need for information security management and internal training, then hackers will continue to take advantage of their weakness and the likelihood of a cyber attack will increase.
SGS offers a range of ISO 27001 and ISO 23001 audit, certification and training services. For more information, go to www.sgs.co.uk
SGS is the world’s leading inspection, verification, testing and certification company. SGS is recognized as the global benchmark for quality and integrity. With more than 85,000 employees, SGS operates a network of over 1,800 offices and laboratories around the world.
For more information, contact Lesley Pilbeam, Marketing Manager
(tel: 01276 697670 / email: lesley.pilbeam@sgs.com).
Image Line Communications
8 Skyline Business Village
London E14 9TS
020 7689 9009
This release was published on openPR.
Permanent link to this press release:
Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release The biggest threat to your business might be talking to you now here
News-ID: 358983 • Views: …
More Releases from SGS United Kingdom Ltd.
ISO 9001:2015 - SGS Booklet Offers Strong Advice
ISO 9001 sets out the requirements for a Quality Management System, helping businesses and organisations to be more efficient. The publication of ISO 9001:2015 in September last year makes the standard more relevant to the challenges faced by business today. SGS United Kingdom Ltd. has updated its popular pitfalls booklet ‘The Route to ISO 9001:2015’ to assist with the implementation of ISO 9001 by outlining common pitfalls experienced by others.…
More Releases for ISO
Integrated Management System (IMS) Lead Auditor Training: Master ISO 9001, ISO 1 …
SIS Certifications Announces Comprehensive Integrated Management System Lead Auditor Training
SIS Certifications announced its upcoming Integrated Management System (IMS) Lead Auditor Training program, designed to help professionals master the three most important ISO standards: ISO 9001:2015 (Quality Management System), ISO 14001:2015 (Environmental Management System), and ISO 45001:2018 (Occupational Health and Safety Management System).
Know about Training - https://www.siscertifications.com/iso-training/
The six-day intensive training offers a flexible hybrid format, with both remote and onsite attendance…
ISO Document Control Required by ISO 9001:2015
Image: https://www.getnews.info/uploads/1733971370.jpg
The website for Endeavour Technical Limited provides dozens of manuals, descriptions, templates, and explanations for businesses striving to comply with ISO 9001. The procedures for document control are spelled out.
Endeavour Technical Limited is pleased to announce that the procedures, templates, and explanations for ISO document control [https://www.iso-9001-checklist.co.uk/7.5.3-control-of-documented-information-explained.htm] are available for businesses of all sizes. ISO requires businesses to organize and collect necessary information about various processes. The information…
NanoMatriX Technologies Receives ISO 27001, ISO 27701, ISO 27017, and ISO 27018 …
Hong Kong, February 4, 2024 - NanoMatriX Technologies Limited, a leading provider of secure document and product protection, authentication, and traceability solutions, proudly announces its achievement of ISO 27001:2022, ISO 27701:2019, ISO 27017:2015, and ISO 27018:2019 certifications from TUV SUD. This accomplishment reinforces NanoMatriX's commitment to delivering cyber-secure and data-protected solutions to its diverse clientele across 50+ countries.
These globally recognized certifications emphasize NanoMatriX's adherence to the highest information security, cybersecurity,…
Layer3 achieves ISO 27001 and ISO 27017 Certifications
Layer3, an industry leader in cloud, scalable and secure networks, has achieved the much-in-demand ISO/IEC 27001:2013 and ISO/IEC 27017:2015 certifications.
ISO/IEC 27001:2013 is the most widely used information security standard, prepared and published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards. It is a globally recognized standard mandating numerous controls for the establishment, maintenance, and certification of an information security management system (ISMS). The…
ISO Certification Market Report 2018: Segmentation by Type (ISO 9001:2015, ISO 2 …
Global ISO Certification market research report provides company profile for The British Standards Institution, CERTIFICATION EUROPE, NQA, Lakshy Management Consultant, URS Holdings, Bureau Veritas, DNV GL AS (International Standards Certifications Global FZ), SGS, Lloyd's Register Group Services, Intertek and Others.
This market study includes data about consumer perspective, comprehensive analysis, statistics, market share, company performances (Stocks), historical analysis 2012 to 2017, market forecast 2018 to 2025 in terms of volume,…
ISO 27001/ISO 27002 Consultancy,ISO 27000,ISO 27000 Consultancy,Information Secu …
Coralesecure is a Information Security Management System (ISMS) – ISO 27001 Compliance. ISO 27000 Consultancy deals with maintaining the integrity and availability of organizational information and knowledge. Information Security Management System provides the experts on business management, and information security support and properly engages in executive communications Data loss, whether through cyber attacks or other forms of malicious intent can quickly bring an organization to its knees? The protection of…