Cyber security risk assessments are essential for organisations to protect themselves from malicious attacks and data breaches. After all, it’s only once you’re aware of the ways you’re vulnerable that you can put appropriate defences in place. But what exactly does a risk assessment do? Essentially, it helps you answer these three questions: Under what scenarios is your organisation under threat? How damaging would each of these scenarios be? How likely is it that these scenarios will occur? To complete a risk assessment, you must give each scenario that you identify a ‘risk score’ based on ..read more

Today is Earth Day, an annual global event that aims to raise awareness of environmental issues. This year’s event – the fiftieth Earth Day – falls in the midst of an unprecedented interruption to life as we know it, and so provides a unique opportunity for us to understand the impact we and our working habits have on the natural world. The environmental benefits of staying at home It should come as no surprise to learn that restrictions to contain the spread of the coronavirus pandemic have had a noticeably positive effect on the environment: already, air quality has improved, carbon emission ..read more

When organisations are seeking ISO 27001 compliance, they rely on auditors to give them good advice. Most of the time they’ll do just that – it’s what they’re paid to do. But as with any profession, some auditors are better than others. How can you tell if your auditor isn’t to be trusted? Keep an eye out for these seven mistakes: 1. They impose their opinions without facts Why is this bad? ISO 27001 has clear rules on how to implement its requirements. Although there’s room to interpret which course of action is best for you, any decision should be supported by an instruction in the Standard ..read more

When you begin your BCP (business continuity plan) project, it’s a good idea to produce a checklist of tasks. This helps you stay on top of your progress during what will almost certainly be a long process. To give you an idea of what your checklist should consist of, we’ve created this three-step guide. Assemble the team You’ll want a team of employees to take primary responsibility for the BCP. You must therefore:  Decide who has the skills and experience for the project;  Make sure every department is accounted for;  Appoint a team leader; and  Find a way for them to manage their existin ..read more

Earthquake. Flood. Cyber attack. The threat of disruption looms over organisations more ominously than ever, thanks to the increasing infiltration of technology in business processes, consumer expectations and the rapid rise in cyber crime. You’ll rarely get advance warning about disruptions, so you need to prepare for whatever might come your way with a BCP (business continuity plan). In this blog, we explain how a BCP works, what it covers and how to create one. What is a business continuity plan? A BCP outlines the processes and procedures that an organisation must follow to continue operat ..read more

This blog has been updated to reflect industry updates. Originally published 6 August 2018. Under the EU GDPR (General Data Protection Regulation), organisations must respond to a serious data breach within 72 hours of becoming aware of it. This places a significant burden on organisations; after all, taking the appropriate measures to comply with the law while simultaneously dealing with the collateral impact of a breach is no picnic! According to the Ponemon Institute Cost of a Data Breach Study 2018, one in four organisations will suffer a data breach in the next two years. This shows how i ..read more

Sometimes the only thing that can stop an outrageous plan is an even more outrageous one. At least that was the thinking at the Bank of Valletta in Malta, which last week prevented a daring cyber heist by shutting down its IT systems and plunging the organisation into cyber darkness. The crooks had broken into the bank’s systems and were transferring €13 million (about £11 million) into foreign accounts when security personnel noticed the attack. To stop the criminals making off with the money, the bank shut down its primary IT functions, crippling its 44 branches, ATM terminals, POS (point-of ..read more

The recent fire at Ocado has been a devastating blow to the company and the local community. Hundreds of firefighters were involved in tackling the blaze; the smoke billowed for more than 48 hours, darkening the Hampshire sky; surrounding homes and businesses were evacuated due to the risk of explosion, and those further afield advised to keep windows and doors shut; and some firefighters needed treatment for smoke inhalation. On top of that, Ocado’s business operations took a hit. Not only was its robotic warehouse devastated, but the news that its deliveries would be compromised resulted in ..read more

Comprehensive BCM (business continuity management) measures are essential for responding effectively to a disruption and providing a minimum acceptable service during a disaster. A crucial aspect of BCM is the development of an effective BCP (business continuity plan). What is a business continuity plan? A BCP consists of the processes and procedures an organisation needs in order to continue operating during a disaster and recover as quickly as possible. All of this information is put into a document, which is regularly tested, developed and improved on to make sure the organisation is prepar ..read more

As winter draws in, Scottish organisations will be preparing for the harsher weather and its knock-on effects. With last year’s severe conditions costing Scotland’s economy hundreds of millions of pounds, ensuring the continuity of critical business operations north of the border has never been more important. However, it’s not just the wilder weather that can greatly disrupt operations. Scottish organisations need to consider a more comprehensive approach to their business continuity programme to take into account the ever growing threat of cyber attacks. “’Cyber resilience’ means being able ..read more