Well we did it! A little later than planned due to Coronavirus, but in August 2020 we were audited and are now ISO/IEC 27001 certified. Globally there are only 36,000 companies that are ISO/IEC 27001 certified and only 2,800 businesses in the United Kingdom and 750 in the US, so we are in good company and amongst a select few.
As you will know from your training, the ISMS that we have created is a set of best practice policies, procedures, processes and systems that manage information risks, such as those caused by cyber-attacks, hacks, data leaks or theft. Once achieved, ISO 27001:2013 provides proof and reassurances that an organisation is managing the security of the information it holds to the highest of standards. This is of great importance to all of our stakeholders, including our customers and ourselves as employees, whose jobs and security rely upon us taking the utmost care of the information we are trusted with.
The global pandemic has seen a shift in people working from home and new challenges for us in keeping our systems and information secure. The threat actors are now making millions of dollars a week or even in a day from ransomware attacks and have continued to innovate both their technology and their criminal modus operandi at an accelerating pace. The threat actors are now combining ransomware attacks with data theft with the threat of publishing personal and sensitive data if ransoms are not paid, so even having a secure offline backup is not sufficient protection for some organisations.
We all have a part to play in information security and it’s often the case that doing the basics is enough to help keep us secure, so please continue to be vigilant and report any suspicious emails / activity to internal IT Support.
Best regards
Richard Moody
Director of Global Operations
