Cyber Security: Risk, Governance and Reputation
Shauna Dunlop from the ICO (Information Commissioner’s Office) kicked things off with insights on what possible changes will be introduced to the Data Protection Act in the near future and what that might mean for organisations in Northern Ireland. This covered many factors including the use of social media, cloud storage, wearable technology and IOT (Internet of Things). They have published guidance on practical steps organisations can take here regarding Cloud Computing and Breach Management
Everett Breakey from ISACA informed us on how technical staff should consider a professional security training qualification, or undertake some level of training so that they can be better equipped to defend against such attacks.
The head of the Cyber Crime Unit for Northern Ireland, Detective Chief Inspector Douglas Grant gave us some real first-hand experience of what can and most likely will happen to any unprotected or unaware organisation should they not take appropriate action to reduce the risk of cyber threats. Cybercrime is growing exponentially, and becoming more accessible to those without any technical knowledge, and it is almost a certainty that it will be a case of ‘when’ and not ‘if’ any of us experience some kind of security breach, malware attack, system ransom or data loss because of this. Douglas also invited all organisations to join forces with the Cert-UK cyber security information sharing system CiSP in order to be forewarned about new attacks, or to share experiences so that others may defend themselves. Contact us for more information regarding signing up for this.
In order to reduce the likelihood of attack and protect your organisations data and reputation, there are now steps in place to ensure that you have the most basic level of cyber hygiene, and ones which have become an industry standard. Conrad Simpson from specialist cyber security company Cyphra introduced to us the new Cyber Essentials framework which is a Government backed and industry supported scheme to help businesses, charities and academic organisations protect themselves against an ever-growing number of cyber threats, and for which they are a certification body in Northern Ireland.
The first step in this is to take a few moments, consider the data you hold of your members, clients, suppliers and any other potentially vulnerable member of the public. Now consider what the consequences of all of those details being made public and the effect that might have on that individual or their friends and family, never mind the loss of reputation when your organisation’s name could be headline news.
Having the Cyber Essentials basic kite mark approval, you add valuable credibility to your organisation and prove to funders and members of your technical ability to keep information safe and secure and give a high level of trust, and that you are taking a proactive approach to managing risk. You may soon find that this may be a prerequisite for some funders or a requirement for you as part of a supply chain to a larger organisation.
You will reduce the likelihood of your organisation experiencing a security breach along with both the financial and reputational impacts associated.
Earlier this year, NICVA successfully achieved the Cyber Essentials award and is currently progressing with the Cyber Essentials Plus certification.
For more information or to begin the process, register with an accredited, crest-approved certifying body: http://www.cyberessentials.org/certifying-bodies/index.html