We frequently read about it, hear about it and talk about it: cyber crime is a tangible threat to businesses and individuals across the world. In fact, 83% of us recognise cyber crime as one of the three biggest threats facing their organisation (ISACA Survey, 2015). But when you come to the crux of cyber crime, how should businesses solve the real-world problems they face on a daily basis?
People – incompetent staff
When it comes to cyber security, staff generally fall into three categories:
- Those willing to accept changes in security practices and take them in their stride – changes don’t faze them.
- Those ‘too busy or important’ to take notice of cyber security measures – yes, we know who you are.
- Those simply unable to comprehend that changing their daily routine will better secure the company – the stubborn and rebellious.
Of course, it all comes down to how you increase cyber security awareness in your organisation, but types two and three above are the ones most likely to cause a data breach. Whether through neglect or just plain incompetence, these staff members are going to be the ones that make you the next Target.
Problem solver: As well as being proven means of getting senior management on board, staff training and visual aids are key ways to improve cyber security awareness among your staff. Knowledge is power, and if more people are aware of cyber security best practices, they are more likely to follow them.
Policies and procedures – insufficient time
Documentation is a key part of any information security management system (ISMS). Policies and procedures are an important way of documenting what you have or haven’t been doing, and of informing the rest of your staff how they should be going about their daily security routine.
The problem is that most companies – particularly smaller businesses – find that there simply isn’t enough time to keep on top of it all.
A typical ISMS may require hundreds of documents to be created, managed and updated regularly. This is enough to put anyone off.
Problem solver: Use a tool to help manage the documentation. Yes, it will involve an initial outlay, but the long-term savings you’ll make by keeping on top of your ISMS will more than justify it.
The ISO 27001 Documentation Toolkit, for example, provides pre-written documents that are easy to tailor, and will save your business time and money throughout the implementation process.
Technology – lack of understanding
Technology is a great business and revenue enabler, but it can just as easily harm your business.
Many people don’t understand the threats that technology could pose to an organisation. And if they do understand, they automatically assume that fixing the problem will come with a big price tag.
Problem solver: Assess the level of risk that certain technologies pose to your business, regularly update your software and patch vulnerabilities.
A real-world cyber security standard to fix your real-world cyber security problems
ISO 27001, the international information security management standard, provides a best-practice framework to address your cyber security problems. Accepted the world over, ISO 27001 is the only standard to focus on cyber security issues relating to people, processes and technology.
Implementing an ISMS aligned with ISO 27001 and/or achieving certification to the Standard can bring significant benefits, including providing assurance to stakeholders and establishing a level of information security appropriate to the risks the business faces.
Our fixed-price ISO 27001 Packaged Solutions provide a simple route to ISO 27001 implementation. For organisations with fewer than 20 employees, organisations can implement an ISMS in under three months using our FastTrack service; larger organisations can gain the resources, tools and hands-on guidance to implement the Standard themselves in the ISO 27001 Get A Lot Of Help Package.