Develop a culture of security – 93% of security breaches in SMEs are caused by human error. Clear and simple security policies communicated through an Information Security Officer will create staff awareness on the need to prevent, and how to spot, potential security breaches.
In 2013 the National Fraud Authority calculated that fraud cost the UK economy a whopping £15.5bn a year. The cost to the public sector was estimated to £702mn and £5.7bn to private businesses. This massive financial cost does not account for the loss of reputation a business can suffer with its customers and partners in the event of a security breach.
Topwood will soon be one of the first security shredding firms to be accredited with information security ISO27001. We summarise below the five key elements to consider when adopting an ISMS (Information Security Management System):
1. Develop a culture of security – 93% of security breaches in SMEs are caused by human error. Clear and simple security policies communicated through an Information
2. Install the best computer protection and invest in defences against cyber attacks. Strategies should incorporate the web, email and mobile devices (USB sticks, laptops etc.).
3. Review physical information security barriers in place. Secure the workplace with access controls and having restricted levels of access for visitors and contractors.
4. Create a secure document management policy. Track the life cycle of documents based on your industry’s requirements to ensure compliance. Restrict access to sensitive documents and that includes a secure destruction policy. To dispose of documents securely, partner with a professional shredding company that provides a secure chain of custody including locked consoles, secure onsite shredding and a Certificate of Destruction after every visit. A shred-all policy simplifies the disposal process and reduces the risk of employee error in deciding whether to shred-it or not.
5. Destroy all mass media devices – remember physical hard drive destruction is the 100% safe way to destroy data from hard drives permanently.
Finally – regular (and random) security audits will identify and further reduce potential breaches of security. If you would like to learn more about simple information security solutions that can help protect your offices from security breaches contact us.