- A memory stick containing the unencrypted personal information of 3,000 NHS patients was found by a member of the public outside an East Sussex NHS Trust building;
- Malware was sent to 19,000 UK customers of high street banks: Barclays, RBS, Lloyds, HSBC and Santander;
- Business networking site LinkedIn hastened to fix a vulnerability in its notification system that exposed its users to remote hacking;
- Customer information from infidelity site Ashley Madison – which boasts more than 33 million registered users worldwide – was posted online.
These stories barely scratch the surface of recent incidents. Data breaches – whether they occur through direct cyber attacks or as a result of the careless behaviour of unwitting staff – have become a common part of modern business life.
For organisations that need to address cyber security (and that’s all of them), the lesson is clear: don’t risk it – cyber secure it. If you don’t know your organisation is cyber secure, you’re taking the sort of risk that your customers, shareholders and regulators would deem irresponsible and unacceptable.
The best-practice approach to cyber security
ISO 27001, the international standard for information security management, recognises that cyber security is an enterprise-wide issue, and provides an approach to cyber risk management that addresses an organisation’s people, processes, and technology.
It sets out the requirements of a best-practice information security management system (ISMS), and provides associated guidance for conducting risk assessments and applying the necessary risk treatments.
Implementing an ISMS enables organisations of all sizes, sectors and locations to mitigate the risks they face with appropriate controls, limiting the threats posed by untrained staff, inadequate security procedures and out-of-date software solutions.
Free guide to cyber security
Simply fill in your details below to download your free, in-depth guide to cyber security and ISO 27001 from IT Governance: