The past two years provided arguably the most challenging operating conditions for organisations in a lifetime.
It’s important to reflect on how events affected your organisation, and how to ensure you can continue to function safely through 2022 and beyond.
Business continuity planning and cyber security are two important areas that you can address with relatively little outlay. Moreover, your investment will bring significant benefits in time, and reassure existing and prospective customers that your organisation can withstand whatever challenges 2022 might bring.
Lessons learned from 2021
The pandemic forced many organisations to shift to remote working, with little time to properly assess and adapt to the new security risks they were exposed to.
Many switched to a hybrid working model. However, the focus was on ensuring they could continue to operate rather than putting in place the necessary security measures to safeguard themselves against attack.
Cyber criminals saw this as an opportunity to take advantage, resulting in a huge increase in cyber attacks, phishing campaigns and the targeting of security vulnerabilities in popular software.
There was also a huge increase in ransomware attacks – up by 151% in the first half of 2021 compared with the same period in 2020.
Many organisations failed to meet their obligations under the UK DPA (Data Protection Act) 2018 and GDPR (General Data Protection Regulation), putting them at risk of a fine of up to £17.5 million.
Regulators such as the ICO (Information Commissioner’s Office) are no longer making allowances for the pressure the pandemic put organisations under.
How IT Governance can help you
Update and refresh
Cyber threats are constantly evolving. New vulnerabilities are discovered and exploited every day , and old ones are potentially reintroduced with every system change. You cannot assume that you will always be secure just because you were in the past.
A programme of regular information security risk assessments will help you identify, analyse and evaluate the risks you face, and enable you to treat them appropriately, in line with your risk appetite and compliance obligations.
Penetration testing will help you determine any technological vulnerabilities that might leave your organisation exposed, and gap analyses will help you understand the extent of your compliance with relevant laws and regulations.
Be aware of the latest updates
In January 2022, a new iteration of ISO 27002 will be published, providing a new control set for ISO 27001. ISO 27001 itself is due to be refreshed later in the year. There will also be a new version of the PCI DSS. We have everything you need to ensure you can comply with these standards.
Test your infrastructure
Identify, analyse and evaluate your security vulnerabilities with our CREST-accredited penetration testing services. We can test your internal and external infrastructure, review vulnerabilities within your web applications and remote access systems, carry out social engineering and phishing tests, and more.
Test staff awareness
Improve your employees’ security and data protection awareness with staff training. Used by more than 100,000 professionals worldwide, our short e-learning courses cover cyber security and information security best practices, as well as the DPA 2018 and GDPR, ISO 27001, and the PCI DSS.
Make compliance easy
The CyberComply platform comprises five Cloud-based tools designed to make compliance with your cyber security requirements and data privacy laws simple and affordable. The platform covers data flow mapping, risk assessments, GDPR compliance checking, and more.
Help your employees take the next step in their career with IT Governance training. From introductory courses through to advanced training, available as classroom, instructor-led online or self-paced online courses, your staff are guaranteed to find a course and qualification to suit them.
Prepare for an unpredictable 2022
Whatever 2022 has in store, at least you can control your cyber risks. If you postponed big projects because of COVID-19, this should be the year to pick them up again and take the actions you need to help your organisation prosper.
Cyber Security as a Service
Let our cyber security consultants, legal experts and incident responders become an extension of your in-house IT department. For a monthly subscription, our cyber security team makes sure you are, and remain, secure.
Privacy as a Service
Delivered by independent privacy lawyers, data protection officers and cyber security experts, this monthly subscription service contains everything you need to meet your data protection obligations.
DPO as a Service
Our independent Data Protection officer will fulfil your organisation’s responsibilities under Articles 38 and 39 of the GDPR, leaving you free to focus on your core business activities.
Cyber Incident Response
Effective cyber incident response management can reduce the risk of future incidents occurring, help you detect incidents at an earlier stage and develop a robust defence against attacks to potentially save your organisation millions.
For more detailed projects, we can put together a bespoke package with whatever products and services you need. We cover ISO 27001 and information security, cyber security, the PCI DSS, data protection, quality management and IT service management.
Staff awareness training
Used by more than 100,000 professionals worldwide, our short e-learning courses cover cyber security and information security best practices, as well as the DPA 2018 and GDPR, ISO 27001, and the PCI DSS.