Daily, we are hearing terrible stories, from loss of personal savings to the impact on businesses brought to a standstill while they sort out responses to cybercrime. Yet the problem is worsening, not getting better!
Don’t be fooled into thinking that “this couldn’t happen to me, they’re not interested in my data or my business”. It’s not your data that they are doing this for. It is for the currency it provides them.
And don’t also be fooled into thinking that the only risk is from crime. ISO 27001, the international standard for Information Security, Cybersecurity and Privacy Protection, requires businesses to understand ALL threats and vulnerabilities.
Risks Sources are Internal Too
Risks in this space can come from internal not just external sources; from weak IT setup through to poor business practices; often from ignorance rather than blatant disregard or malicious intent.
This year, we have been working with a handful of companies to help them design and implement their Information Security Management Systems for ISO27001 certification. This is an onerous task that requires changes to typical practices and significant investment in time and resources.
But the businesses who are doing this are thinking long term. They want to deliver better services to bigger clients and be resilient to disruption.
It’s great to see many small and medium-sized businesses thinking and behaving like big businesses, looking at the big picture and addressing their biggest risks. It’s a tad scary when I see some of the bigger businesses not doing the same thing.
What is your business doing about cyber risk?