Information Security

Last month, credit reporting agency Equifax reported a data breach that exposed the personal data of more than 100 million consumers. This would be worrying enough on its, but perhaps the most alarming part of this story is the fact that the attack in question reportedly began back in May, but wasn't observed until late July.

Among the information affected by security breach were people's:

  • Names
  • Birth dates
  • Addresses
  • Card details

The fallout from this incident has been catastrophic for Equifax. A number of lawsuits have been filed against the company, and Equifax shares dropped by 13% the after the news broke. The breach is still being closely followed by media outlets internationally, and the former Equifax CEO Richard Smith has even appeared in front of the United States Congress.

All of this demonstrates yet again that information security is an absolutely critical concern for businesses in the 21st century. Even small enterprises should take data security very seriously, ideally implementing a strong information security management system (ISMS) and seeking ISO 27001 certification to ensure that robust security processes are in place.

If you are looking to achieve ISO 27001 certification, please contact NPT Management Systems today for expert advice and assistance with planning and implementing your ISMS.

Plane at the airport

British Airways found themselves in hot water last month when an IT systems failure forced the airline to cancel hundreds of flights, leaving approximately 75,000 passengers stranded at Heathrow and Gatwick airports during the bank holiday weekend. The company issued a statement blaming the outage on a 'power surge', but a number of data centre experts have disputed that claim, and this calamitous disruption has drawn yet more attention to numerous IT failings throughout the industry at large.

For example, here's a quote from a Guardian article published on the 30th of May 2017 (a few days on from the IT failure):

"The airline industry is notorious for running outdated infrastructure long after standards have improved. In December, for instance, it was revealed that passenger booking systems used by multiple airlines were easy prey for hackers."

The fallout from this incident is still causing problems for British Airways, and their parent company IAG has reportedly lost £170 million in value since the bank holiday weekend, making this whole mess a particularly severe illustration of the importance of ensuring the smooth and secure operation of your company's IT systems.

Whether you run a huge corporation like BA or a small business serving a small, local customer base, you need to make sure your computer systems are safeguarded from attacks and outages. As part of this effort, we strongly recommend planning and implementing an information security management system (ISMS) that conforms to ISO 27001 standards.

Need help putting an ISMS in place and achieving ISO 27001 certification? Contact NPT Management Systems today to discuss your requirements with our ISO experts.

Cyber Security

You have probably read numerous stories about the WannaCry cyberattack (also known as WannaCrypt) that shook the world's IT systems recently. Hundreds of thousands of computers were infected across 150 different countries; if you live in the UK, there's a chance you were affected by the chaos that ensued when a number of NHS systems were hit by ransomware.

The WannaCry attack - which is still ongoing at time of writing - has thrust the issue of online security into the spotlight once again, and many business owners are now wondering what they can do to safeguard their own IT systems from future cyberattacks. Here are a few tips:

  1. Look carefully at emails before clicking a link or opening an attachment. Hackers often impersonate trusted companies (PayPal, Apple, Amazon, etc.) and sometimes even your own colleagues/clients. Before clicking on a link in an email (or opening an attachment), read it carefully - are there any spelling/grammar mistakes that you wouldn't expect the sender to make? Any suspicious statements or incorrect information? Also, look at the sender's actual email address - it's common to see emails from 'Apple' or 'Google' that are really from unaffiliated email addresses (e.g. customerservice@company.xyz) or 'spoof' addresses that are subtly misspelled (e.g. admin@appple.com).

  2. Hover your mouse over links before clicking them. If there's a hyperlink in a potentially suspicious email, don't click it to find out what it is. Instead, hover your mouse cursor over the link - this should reveal the true destination of the hyperlink. Again, look out for subtle misspellings and unfamiliar domain names, and don't assume that the clickable text is representative of the link's actual destination - just because the link said 'www.amazon.co.uk' doesn't mean it wasn't sneakily linking to something else!

  3. Implement an information security management system. It can be difficult to ensure good cyber security practices throughout the entirety of a large organisation, and it may therefore be worth implementing an information security management system within your company and seeking ISO 27001 certification. We at NPT Management Systems can assist with this task - contact us now to discuss your requirements.

In our last blog post, we etalked about information security management and explained why it's such an important consideration for modern businesses. If you're looking to keep your company's data (and, critically, your company's customers' data) as secure as possible, we recommend implementing a robust, comprehensive ISMS (Information Security Management System) and applying for ISO 27001 certification.

However, if you don't think that your business necessarily needs to achieve 'ISO 27001 certified' status, you may be able to fix the weaknesses in your security systems without going through the whole accreditation process. We at NPT Management Systems frequently carry out information security assessments for businesses of all sizes and across all industries; these initial reviews can help business owners to spot 'holes' in their information security systems and make the necessary improvements without working towards full certification.

If you'd like to arrange an information security assessment for your business, please call NPT Management Systems on 02380 659 867, or click here to get in touch via our website.

ISO 27001 is the globally-recognised standard for information security management systems. If you've picked up a newspaper recently, you'll know that information security is an increasingly pressing matter for modern businesses; the high-profile data breaches to which TalkTalk and VTech fell prey last year make it soberingly clear that information security is not to be taken lightly. Hacks and security breaches damage customer trust and, in severe cases, they can ruin your brand's reputation.

 

So how can I improve my company's information security management?

It's a good idea to implement a robust information security management system (ISMS) within your company. This ISMS should be followed at every level of your business, and in order to ensure its efficacy, the system should meet the requirements of ISO 27001. Achieving ISO 27001 certification will:

  • Ensure that your information security management system is fit for purpose
  • Force you to constantly evaluate and improve your ISMS to meet current standards
  • Instil trust in your clients and customers

 

NPT Management Systems can help!

We at NPT Management Systems are Hampshire's leading ISO 27001 consultants. If you're based in Hampshire and you need assistance with your ISMS, we can help - we'll design and implement an information security management system that's perfectly suited to your company's needs, and we'll even help you to achieve ISO 27001 certification via a UKAS-accredited body.

Contact us now, or visit our ISO 27001 page for further details.