ISO 27001-2022 – PROTECTING YOUR BUSINESS AGAINST CYBER CRIME

Cyber crime is on the increase and reported incidents are regularly being publicised in the national press. Businesses can no longer afford to ignore this very real and significant threat to their security and finances.

The cost of a serious security breach can average between £65k and £115k for small businesses* and substantially more for larger companies. Every organisation should have some form of information security management system in place to provide protection against an attack.

ISO 27001 consultants
Certification to the standard by experienced ISO 27001 consultants will identify areas of risk, provide controls and establish policies and procedures that will reduce risk and minimise the effects of an attack.

The cost of an attack can be devastating, with some businesses unable to recover from the damage caused, which can include:

  • Loss of company and client data
  • High IT costs involved to repair the damage
  • Adverse publicity and damage to reputation
  • Legal consequences and costs

An effective management system will limit disruption and keep your costs to a minimum.

 

Defending your business from attack
A holistic and systematic approach is required involving all areas of your business; employees, processes and technology.

Risk assessments will identify areas of weakness and vulnerable assets. The implementation of systems and controls can then be established to manage the risk. 

The management system needs to allow for continual improvement, monitoring and record keeping to maintain its effectiveness as technology evolves and risks change.

Security policies for your employees and contractors working on and off site will need to be established to protect company systems and data from theft or harmful malware.

The requirements will be different for every company and you will need an expert with specialist knowledge and skills to advise you on what is needed to keep your business safe from attack.

 

The impact of cyber crime

Generally, cybercrime is on the rise. , security attacks increased 31% from 2020 to 2021. The number of attacks per company increased from 206 to 270 year on year. Attacks on companies affect individuals too since many of them store sensitive data and personal information from customers.

A single attack – whether it’s a data breach, malware, ransomware or DDoS attack – costs companies of all sizes , and many affected companies go out of business within six months of the attack.

 

How to report a cybercrime

In the UK, you can report cybercrime through several channels:

  1. Action Fraud: This is the UK’s national reporting centre for fraud and cybercrime. You can report online at Action Fraud or by calling 0300 123 2040.
  2. Local Police: For non-emergencies, you can contact your local police by calling 101.
  3. National Cyber Security Centre (NCSC): For significant cyber incidents, you can report to the NCSC through their website.
  4. Suspicious Emails and Texts: Forward suspicious emails to report@phishing.gov.uk and suspicious text messages to 7726.