You’d think that the most logical reason for an organisation to implement cyber security is to protect themselves. For many, however, there is a more compelling reason: client requirements.
The weakest link
If a potential client is cyber secure, then it’s very unlikely they’ll do business with an organisation that isn’t. You may not even be handling their sensitive information, but you could still be used as a route into their network.
A great example would be the Target data breach:
It’s been confirmed that the malware which infected Target’s network, leading to the theft of 110 million customer records (40 million credit/debit card info), originated from their HVAC contractor. It’s not clear how the attack was carried out, but industry experts have said they believe the contractors had access to Target’s network allowing them to remotely control air conditioning units. Hackers were then able to secure these login credentials, most likely through a phishing attack, and make their way through the network where they could access the point of sale (POS) system. To those unaware of cyber threats, vetting a HVAC company for cyber security is something that wouldn’t make sense. If they have access to a part of your network and you’ve not carried out due diligence, however, then that causes problems. You could say it paints a big red target…
To be the best, you need the best
As the story above clearly demonstrates, you don’t want to skimp on cyber security. If you’re looking to become cyber secure, then you should do it right. ISO 27001 is the International Standard describing best practice for an Information Security Management System (ISMS). It is any organisation’s best option when looking to improve their information and cyber security.
Showing potential clients that you are ISO 27001 certified will provide your organisation with a much better chance of doing business.
To learn more about ISO 27001 and how it will help your organisation, I recommend you download a couple of our free ISO 27001 green papers. If you’re looking for literature with a bit more substance, then the Introduction to Information Security and ISO 27001 Pocket Guide is what you need.