Information Security

Data Breach, Cyber Attack, Insider Attack, DDoS whatever the problem and whatever the cause, the facts are that business interruption as a result of Information Security breaches are increasing exponentially and businesses of all sizes are being affected.
Information Security NT
Information Security Articles

To BYOD or not to BYOD – that is the question

Being able to use your own device (laptop, smartphone or tablet) at work and being able to connect seamlessly to other devices and the organisation’s network sounds great. However, Julian Thrussell, Security Specialist at Ultima Risk Management (URM) raises two notes of caution.   Support A major concern with BYOD is the time and cost…


ISO 27001: What is it and why is it so popular?

ISO 27001 is the International Standard for Information Security and is one of the most popular process-based standards. In this article, Lisa Dargan, Business Development Director at Ultima Risk Management (URM) provides a summary of its purpose, value and why it has been updated.   What is the Purpose of ISO 27001? ISO 27001 provides…


Not – Every Cloud has a Silver Lining

Migrating your data to the Cloud can have a significant positive impact on the Resilience of your business, although as Martin Collins of Ultima Business Solutions writes, you do need to select your vendor carefully: The growth in the number of distributed workforces and the need for increased resilience is driving the need for computing…


Identifying threats to your business

Thanks to Travelers insurance in the USA for this simple but effective guide to Identifying threats to your business. Travelers Insurance Guide to Identifying threats to your business It is always great to see large insurance companies (with extensive marketing budgets) take an active role in promoting Business Continuity.  Yes they have a vested interest…


Lost Your Data? – Maybe not

So the worst has happened, you have lost your data or device and it isn’t backed up or your back up has failed – what next? Don’t worry, all is not necessarily lost. Take a look at this video of what our colleagues at Kroll Ontrack, the Data Recovery experts can do: Or for an…


Information Security FAQs

What is the difference between Information Security and Cyber Security?

They are, effectively the same in the sense that they both relate to preventing unauthorised access to data. However Information Security is broader as it goes wider than the Cyber Realm to include physical security of Information ie. Leaving backup tapes in an unlocked cupboard.

My boss has asked me to take the lead on sorting out our Information Security, where do I start?

A good place to start is by working towards the ISO 27001 standard for Information Security.  This standard gives you the process and controls needed to implement Information Security in your business.  You may also want to engage an Information Security consultant.  We can introduce you to a local consultant and even set up a free of charge 1:1 video call or phone call.

I have received an RFP that asks us to explain our Information Security policy. How should I respond?

You should respond honestly with the controls and policies you have in place. We would always recommend that you work towards or certify with a recognised Standard such as ISO 27001 for Information Security as this is a certification you can display to customers and they will understand the level your business has attained in this area.

We hold over 20,000 customer records electronically, what would we do if we were hacked?

If you are processing credit card transactions you need to make sure you are Payment Card Industry Data Security Standard (PCI DSS) compliant.  For the customer records you need to take all the steps possible to keep these secure. Ask whether you need to keep all the records, how many copies of the records exist in backups, are backups disposed of effectively, are your passwords secure and regularly changed, do all staff have the correct user roles (ie. as limited as possible to perform their duties) etc.

Do I need to register my business for the Data Protection Act?

Whether you need to register your business for the Data Protection Act will depend on the type of business you operate and the data you are collecting.  The best way to check is to visit the Information Commissioners website and complete the Online Assessment Tool

What are the main risks my business faces from an Information Security perspective?

The risks are varied and will depend on your business.  According to the Information Security Breaches Survey: 2014.  33% of small businesses were attacked by an unauthorised outsider, 45% of small businesses suffered from virus infection or malicious software, 16% were hit by denial of service attacks, 12% identified that outsiders had successfully penetrated their networks, 4% know that they had intellectual property stolen.

How often do data breaches occur?

Unfortunately data breaches occur constantly and the majority go unreported. Take a look at this visualisation of data breaches of 30,000 customer records or more since 2005

Is it possible to insure my business against losses from a data breach?

Yes, most insurers will offer Cyber Insurance cover as an addition to your Business Insurance Policy.  Cyber cover will normally cover post breach Legal Costs, Losses relating to Lost Business and Credit Monitoring services for customers.  Policies do vary so please check directly with your insurance company or broker.