Ho Ho Ho – with our data off they go…

Christmas isn’t the time to be losing sleep over data loss and cyber security – yes, it’s the obvious cliché, yet after the year we have just experienced in 2020, do you really want to be blasé over anything?

We have cyber covered… or so they thought.

During this year Accordant has worked with a diverse range of clients, most of whom switched quickly to the remote working model and did so really well. Equipment and processes were rapidly worked up and deployed. Yet with that came a whole new set of threat vectors; unexpected ‘visitors’ to corporate zoom calls can be awkward!

Within all of this chaos, policies, as well as processes, governance and resource management, often get forgotten. People are a vital component of any robust cyber security strategy and are often overlooked, with the focus on technology. Educating staff, both on the reasons for security, as well as the approaches to it, are vitally important.

Equipment lifecycles and contract management are things that can blindside the unwary – Cisco recently announced the end of life for some of its IPS devices – so many organisations are left with last minute projects to replace them. However, last minute usually equates to expensive and risky. Contract renewals with outsourced companies were another feature of the summer; with everyone working remotely, some slipped through the net and either renewed automatically or worse, lapsed.

All of this brings into sharp relief the need for Information Security Management Systems (ISMS), an integral part of ISO27001. If you layer on top the need for compliance and audit, the argument becomes even more compelling.

Don’t panic

Before jumping onto ‘Dr Google’ and searching out your nearest and cheapest ISMS supplier, take comfort in the fact that you are likely to already have a lot of this stuff in place. GDPR for example pushed us to look at our data, categorise it and understand its purpose. PCI compliance closed the door on many haphazard processes around financial data and credit cards, and in the USA HIPPA took us to task on health information. The UK has a plethora of domestic and European laws that achieve the same, not least GDPR, as previously mentioned. The challenge is bringing all of this under a central strategy and approach. Contract management, equipment and staff awareness lifecycles also fall into this remit, and can all be quite easily managed, (although this isn’t a job for Excel).

2020 has been HARMful to many organisations…

We know this has been a tough year, and we will remember the harm it has done to many people and businesses. With 2020’s experiences fresh in our memories, it will be simple to recall what we need to do to check our cyber security as we enter into 2021. We need to avoid HARM and that means: Have a look at your cyber security – What does it cover? What doesn’t it cover? Is it enough?

Assess your risk – You may have gaps, yet, if the risk is zero, do you need to close them? If so, how, and by what date? Remember risk can be political, and brand impacting, not just financial; assess it from all viewpoints.

Respond to the findings – and close the gaps. Implement training and awareness programs; ensure your teams know what they can and cannot do. What data they can take home to work on, and what they cannot. Deploy policies, and ensure alerts are captured and responded to appropriately.

Monitor your solutions – and learn from them. The threat vectors are not static, so your solutions cannot be either! Hackers getting access to your systems is just one vector. Data loss prevention is critical; staff training and good password discipline central; but what about Wi-Fi, 5G, Campus networks, USB sticks, and filesharing services, such as Dropbox and OneDrive.

2021 will be a good year

It seems a hard thing to say, yet during this year we have learnt so much. We adopted remote working practices, new schooling approaches, and faced significant challenges head on - 2021 will build on these things. Cyber security threats have become more of a focus, yet we have good foundations in place. Take the next steps to extend these foundations throughout your organisation by empowering your people to become the agile and highly mobile teams you need.

Accordant has built itself around three pillars:-

  • Cyber security;
  • Transformation economics; and
  • Service delivery.

In simple terms, whatever we do, we do it securely, with a mind on the economic and financial costs and impacts, and we do it well. Our Assessment Services will highlight and identify what needs to be done, by whom, and by when; what it will cost and what the magnitude of the risk really is. From the board through to the technologists, we do this in the language of the organisation, so that the journey is swift and appropriate.

Click here to watch our video.

0800 1182390