Information Security

Last month, credit reporting agency Equifax reported a data breach that exposed the personal data of more than 100 million consumers. This would be worrying enough on its, but perhaps the most alarming part of this story is the fact that the attack in question reportedly began back in May, but wasn't observed until late July.

Among the information affected by security breach were people's:

  • Names
  • Birth dates
  • Addresses
  • Card details

The fallout from this incident has been catastrophic for Equifax. A number of lawsuits have been filed against the company, and Equifax shares dropped by 13% the after the news broke. The breach is still being closely followed by media outlets internationally, and the former Equifax CEO Richard Smith has even appeared in front of the United States Congress.

All of this demonstrates yet again that information security is an absolutely critical concern for businesses in the 21st century. Even small enterprises should take data security very seriously, ideally implementing a strong information security management system (ISMS) and seeking ISO 27001 certification to ensure that robust security processes are in place.

If you are looking to achieve ISO 27001 certification, please contact NPT Management Systems today for expert advice and assistance with planning and implementing your ISMS.

Plane at the airport

British Airways found themselves in hot water last month when an IT systems failure forced the airline to cancel hundreds of flights, leaving approximately 75,000 passengers stranded at Heathrow and Gatwick airports during the bank holiday weekend. The company issued a statement blaming the outage on a 'power surge', but a number of data centre experts have disputed that claim, and this calamitous disruption has drawn yet more attention to numerous IT failings throughout the industry at large.

For example, here's a quote from a Guardian article published on the 30th of May 2017 (a few days on from the IT failure):

"The airline industry is notorious for running outdated infrastructure long after standards have improved. In December, for instance, it was revealed that passenger booking systems used by multiple airlines were easy prey for hackers."

The fallout from this incident is still causing problems for British Airways, and their parent company IAG has reportedly lost £170 million in value since the bank holiday weekend, making this whole mess a particularly severe illustration of the importance of ensuring the smooth and secure operation of your company's IT systems.

Whether you run a huge corporation like BA or a small business serving a small, local customer base, you need to make sure your computer systems are safeguarded from attacks and outages. As part of this effort, we strongly recommend planning and implementing an information security management system (ISMS) that conforms to ISO 27001 standards.

Need help putting an ISMS in place and achieving ISO 27001 certification? Contact NPT Management Systems today to discuss your requirements with our ISO experts.

Cyber Security

You have probably read numerous stories about the WannaCry cyberattack (also known as WannaCrypt) that shook the world's IT systems recently. Hundreds of thousands of computers were infected across 150 different countries; if you live in the UK, there's a chance you were affected by the chaos that ensued when a number of NHS systems were hit by ransomware.

The WannaCry attack - which is still ongoing at time of writing - has thrust the issue of online security into the spotlight once again, and many business owners are now wondering what they can do to safeguard their own IT systems from future cyberattacks. Here are a few tips:

  1. Look carefully at emails before clicking a link or opening an attachment. Hackers often impersonate trusted companies (PayPal, Apple, Amazon, etc.) and sometimes even your own colleagues/clients. Before clicking on a link in an email (or opening an attachment), read it carefully - are there any spelling/grammar mistakes that you wouldn't expect the sender to make? Any suspicious statements or incorrect information? Also, look at the sender's actual email address - it's common to see emails from 'Apple' or 'Google' that are really from unaffiliated email addresses (e.g. customerservice@company.xyz) or 'spoof' addresses that are subtly misspelled (e.g. admin@appple.com).

  2. Hover your mouse over links before clicking them. If there's a hyperlink in a potentially suspicious email, don't click it to find out what it is. Instead, hover your mouse cursor over the link - this should reveal the true destination of the hyperlink. Again, look out for subtle misspellings and unfamiliar domain names, and don't assume that the clickable text is representative of the link's actual destination - just because the link said 'www.amazon.co.uk' doesn't mean it wasn't sneakily linking to something else!

  3. Implement an information security management system. It can be difficult to ensure good cyber security practices throughout the entirety of a large organisation, and it may therefore be worth implementing an information security management system within your company and seeking ISO 27001 certification. We at NPT Management Systems can assist with this task - contact us now to discuss your requirements.

ISO 27001 is the globally-recognised standard for information security management systems. If you've picked up a newspaper recently, you'll know that information security is an increasingly pressing matter for modern businesses; the high-profile data breaches to which TalkTalk and VTech fell prey last year make it soberingly clear that information security is not to be taken lightly. Hacks and security breaches damage customer trust and, in severe cases, they can ruin your brand's reputation.

 

So how can I improve my company's information security management?

It's a good idea to implement a robust information security management system (ISMS) within your company. This ISMS should be followed at every level of your business, and in order to ensure its efficacy, the system should meet the requirements of ISO 27001. Achieving ISO 27001 certification will:

  • Ensure that your information security management system is fit for purpose
  • Force you to constantly evaluate and improve your ISMS to meet current standards
  • Instil trust in your clients and customers

 

NPT Management Systems can help!

We at NPT Management Systems are Hampshire's leading ISO 27001 consultants. If you're based in Hampshire and you need assistance with your ISMS, we can help - we'll design and implement an information security management system that's perfectly suited to your company's needs, and we'll even help you to achieve ISO 27001 certification via a UKAS-accredited body.

Contact us now, or visit our ISO 27001 page for further details.

Just a few weeks after TalkTalk's high-profile security breach, another large company has fallen victim to hackers. Hong Kong-based company VTech announced that its Kidizoom smartwatch and InnoTab may have exposed customers to identity theft, with the details of over 6 million children being stolen. 

With internet-capable devices for children (such as those produced by VTech) becoming ever more popular, it is worrying to see that manufacturers' security systems are possibly leaving some of the youngest, most vulnerable members of society at risk. According to cyber security expert Tom Kellermann, children can sometimes present an attractive target for fraudulent claims due to their clean credit record and the possibility of a longer life in front of them.

While the information acquired by the hackers has yet to turn up on forums where such data is sold, the damage inflicted on both parents and VTech itself may already be too late to reverse. Customers will still be left shaken by the possibility that personal information about their children is being shared amongst criminals, while VTech (who are already seeing a fall in stock prices) can surely expect to see a drop in sales and use of its services as a direct result of the breach. 

As these two latest examples of internet security hacks have highlighted, failure of security systems (particularly where customer details are concerned) can launch your business into the public eye for all the wrong reasons, potentially causing you to lose trade from future and existing customers. 

To avoid finding yourself in a similar situation with your own business, it is vitally important to implement an information security management system that's compliant with ISO 27001 standards. This helps your company to better manage sensitive information, minimising the risk of a security breach. To find out more about how NPT Management Systems can help you achieve this, please get in touch today.