Managing your cyber risk during the COVID 19 pandemic

Following government advice millions of people around the world are currently working from home. Like everything there have been some bumps along the way, however most of those workers have found this transition relatively straightforward. This is likely to lead to more flexible working arrangements in the future. It is essential that organizations prepare for this and manage cyber risks properly to secure remote working in the future.  

Immediately some of the apps which have enabled video conferencing have fallen under scrutiny as they have been the target of hackers who have stolen data or posted offensive messages. These have led to some organizations placing a ban on their use.  

During the pandemic and as we adjust to a new way of flexible working for the future, having systems which are resilient has never been more important. The principal objective is to reduce the risks, including prevention or mitigation of cyber-attacks. Data breaches and cyber-attacks are, unfortunately, becoming a regular occurrence.

Following regulatory changes many organizations were already taking steps to ensure that they are well placed to deal with known and emerging cyber threats. There has been a significant uptake of ISO 27001 (Information security management system) certification. 

Implementing this certification is an indirect proof that the organization is aiming to meet the mandatory regulatory requirements however it goes much further as it provides the reassurance to your customers and suppliers that you a framework of policies, procedures, guidelines and associated resources and activities jointly to protect information.

The ISO 27001 certification process

ISO 27001 considers information regardless of where it is found (e.g., paper, information systems, digital media, etc.)

The initial certification process is carried out in two distinct stages. The first planned visit will be a review of the documented system where it will formally evaluated against the requirements of the standard. This will help to establish readiness for the stage 2 audit and highlight any areas of non-compliance that may require attention. Following the assessment, a detailed written report will be presented to the organization which will include any findings.

Stage 2 is effectively a full system review and a site assessment is carried out to verify that it has been successfully implemented, is being followed and that the requirements of ISO 27001:2013 are being met in practice. This can be demonstrated through a review records and conducting interviews. It is expected that the auditor will be engaging with all levels of employee from Top Management down. Upon completion of a successful audit the company will receive another formal report and a recommendation for certification will be made.

Certification is valid for three years and maintained through a programme of annual surveillance audits to ensure continuing compliance.

Benefits of implementing ISO 27001 certification

There are many benefits and here we will summarise just a few. The most obvious benefit is that the risk related to information loss or unauthorised access is minimized. This will lead to greater trust by customers and will open the door to potential new business wins and the retention of existing customers.

You will be able to demonstrate your commitment to meeting regulatory requirements.

Finally, you will have a defined and implemented information management system which will include assigning roles, ensures colleagues are trained in building awareness and applying sound security measures through a systematic approach. 

Be prepared for a new way of working. Learn more about ISO 27001 
Click here to contact a BM TRADA certification expert who will guide you through the process.
We offer a wide range of management systems training courses