Landmark Technologies are ISO 27001 Certified
With the introduction of GDPR in 2018 the need for organisations to implement robust security policies has become more apparent. Cybersecurity has become a growing concern with cyber attacks on corporate data becoming more prevalent than ever. According to Acronis, ransomware is estimated to attack a business every 14 seconds in 2019. Data breaches can cost businesses of all sizes thousands to bounce back from. Recently, a Norwegian aluminium producer had to recover after hackers took 22,000 computers offline at 170 different sites worldwide. Norsk Hydro refused to cave in to the cyber-criminal’s demands and spent £45m trying to restore their business operations.
Are you taking your data security?
One way to do this is with ISO 27001, a security standard that will help you:
- Assign responsibility and improve reputation
- Establish a Thorough Cyber Security and Disaster Recovery Plan
- Gain customer and employee trust
- Achieve required security compliance
Landmark Technologies are ISO 27001 certified, to learn more about how we can assist with your cybersecurity needs click here.
The Threat Against Data Security
Just this week it was announced British Airways were fined £183,000,000 after they revealed their website was hacked and 5000,000 customer details including credit card details were stolen. This fine equalled 1.5% of the annual turnover and is the largest fine ever given to an organisation who incurred a data breach.
This is only one example of a company making headlines because of a disastrous data breach. According to a report by Kaspersky Lab, the number of ransomware attacks targeting companies increased threefold in 2016. Their research revealed SMEs were hit the worst; 42% of SMEs experienced an attack within 12 months of the survey. Additionally, 67% of the companies affected by an attack lost part or all of their corporate data, despite one in three paying the ransom.
As a response to these attacks, the EU created the General Data Protection Act (GDPR), which came into law in 2018. This act made it a legal requirement for companies to report breaches and issues tougher penalties for those that don’t. Data security is not a luxury for your business and with an increase in intelligent and malicious attacks, now is the time to put a plan into place.
“We Need organisations to consider network security, information technology security, as a boardroom issue – it’s not just an IT issue. The bottom line is that the risks are great, which means that information technology security is an evergreen 24/7 requirement.”
Elizabeth Denham, UK Information Commissioner
Landmark Technologies ISO 27001 certified: How Can this Help?
In order to avoid data breaches and stay prepared for attacks, many companies are implementing ISO 27001 for their information security management system (ISMS). This is an internationally recognised standard that defines the best approaches for businesses to manage their cybersecurity risk. According to an ISO survey, 40,000 ISO 27001 certificates have been issued worldwide, and that number increases by 20% every year. The ISO 27001 specification outlines a six-part planning process for each company:
- Create a security policy.
- Define the scope of the ISMS.
- Direct a risk assessment.
- Manage any risks.
- Create and implement control objectives.
- Provide a statement of applicability
An ISO 27001 certification means that a company verifiably follows information security best practice, according to a formal and recognised set of standards. Becoming certified will benefit you in terms of your data security, your company reputation, your consumer trust and your industry compliance.
Q&A with Michael Brophy
We are pleased to successfully achieve certification to ISO 27001:2013 Information Security standard. We took this opportunity to have a Q&A with Michael Brophy of Certification Europe to get an insider’s perspective on the impact of GDPR, the future of cybersecurity and the benefits our ISO 27001 accreditation brings to businesses.
Q1. The titles of the ISO 27001 standards mention ‘Information Technology Security Techniques’. Does this mean they are IT-specific?
Answer: No, but this is a common misconception. ISO 27001 is a management system designed to ensure security controls are in place to protect all information within the company. As with changing times in IT infrastructure, the standard does include elements of IT security such as network security and cryptography. However, the standard also includes physical security requirements, assents management and even HR security. These are all with the goal of protecting the company’s information and reducing the possibility of a breach.
Q2. What are the business benefits of ISO 27001 certification?
Answer: A company will choose to become certified to ISO 27001 for various reasons but the main push behind the decision would be to:
Establish a Thorough Cyber Security and Disaster Recovery Plan:
Since the objective of this standard is to improve organisations’ information security practices, your company will not be able to obtain a certification without a cybersecurity and disaster recovery plan in place. Each of the six steps, as well as the defined standards of ISO 27001, will walk you through the process of creating a comprehensive ISMS that really works. This means that you will be prepared for attacks or potential data breaches, and you will be able to handle any incidents responsibly and avoid costly penalties.
Show Responsibility and Improve Reputation:
Part of becoming ISO 27001 certified involves assigning responsibility for data protection and information security risks. By clearly outlining risk responsibilities for your business leaders, you can improve accuracy, productivity and awareness surrounding data security. Not only will this help you prevent breaches, but it will also show that your company takes data security seriously. According to IT Governance, officials are more likely to show leniency to companies that are following information security best practice in the occurrence of a data breach, as opposed to those that are not.
Gain Customer and Employee Trust:
With high profile data breaches making headlines across the world, customers and employees have a right to be wary about which companies they are trusting with their data. Adopting an internationally recognised standard will prove that you have a plan in place to protect their information. This will help you secure the loyalty of your consumers and workers, and it will you give you a competitive advantage in your industry, as many organisations are now requiring their partners and suppliers to have approved security certifications. According to IT Governance’s ISO 27001 Global Survey, 57% of companies adopted the standard in order to gain a competitive advantage, and 42% implemented it at the request of their partners.
Achieve Required Compliance:
Having your ISMS ISO 27001 certified is automatic evidence of your compliance with many other standards, such as GDPR. The goals of compliance in this case are to meet regulatory requirements, improve processes, achieve business objectives and strengthen security. With ISO 27001, your company will ensure compliance with regulations such as not disclosing information to unauthorised individuals and providing lawful and transparent processing. This will help you avoid fines and keep your business running smoothly
Q3. One year on from GDPR:
i) Do companies have a full grip with compliance requirements for data collection and processing?
Answer: Based on the organisations we have worked with since GDPR was first announced organisations have taken on board requirements for GDPR specifically data collection and processing. The challenge for them has been how can they demonstrate compliance and ISO 27001 has been the most effective option.
If you were to breakdown this further down by industry type, companies who fall under IT, Legal, Health and Financial Institutes are the front runners to ensure compliance is consistently achieved
ii) What has its impact been so far in Ireland, the EU and beyond?
Answer: Since GDPR came into regulation The Data Protection Commissioner (DPC) who operate as the Irish regulator have yet to fine any organisation for breaches of GDPR. However, this does not mean fines are not coming. The DPC currently have over 6000 complaints to process and from that fines will be made. Other regulators across Europe have penalised 11 companies for fines reaching 55 million Euro.
Q4. What does the future of cyber security look like and its impact on Irish SMEs? Tips for SMEs in preventing cyber-attacks?
Answer: Cyber Security is now as important to companies as having light and heat. We are in an age where a loss of data for a company whether it be through accidental data breach or hacking can have a disastrous effect on the company and their reputation. Sometimes Irish SMEs can view cyber security as more of an issue for large organisation however this is not the case. Cyber Criminals have little need for your information, they just care about how valuable the information is to you and how much will you pay to get it back.
We always recommend carrying out a review of the current ISMS that are already in place and see how it stacks up to ISO 27001. This is called a Gap Analysis and is usually carried out by a third party. Certification Europe provide this service with objective to see what weakness exist in your system plus see how well the current ISMS complies to regulations such as GDPR.
Q5. What does the future look like for Certification Europe?
Answer: The future looks busy and bright. Certification to ISO 27001 is highly sought after for by SMEs and Multinationals based in Ireland. We are an Irish owned SME who has worked hard over the past 20 years to build a strong reputation within the auditing world. We are continuing to build strong partnerships with our client’s both domestically and internationally in industries from IT, Pharmaceutical, Public Sector, Education and Construction, legal, Health and Finance Institutions.
Are you taking Data Security Seriously?
Your company’s data is its most valuable asset. It’s not an overstatement to say that without data there is no business. All companies need to protect themselves against data loss, “It won’t happen to me” no longer works. Data loss can happen due to a variable of factors from human error, software corruption to cyber attacks and can happen to any business regardless of their size. It’s not a case of if disaster happens, but when disaster will it happen. Becoming ISO 27001 certified is an internationally recognised solution. ISO 27001 accreditation will help you both avoid attacks and implement a plan in case a breach does occur.
Landmark Technologies have recently become ISO 27001 certified. We are here to help you get your cybersecurity up to standard. Get in touch with our team today to learn more about how we can provide full protection, 24/7 monitoring and much more for your business.
Hungry for knowledge, what are you waiting for? Sign up today