Security awareness seminar held at the Energus building, Lillyhall on 27th July 2010.
We will assist in planning of new corporate buildings to ensure nothing has been missed regarding physical security, access control and network design requirements. Once the building is complete, we will ensure that the staff are well trained to maintain the confidentiality, availability and integrity of the information within.
Get yourself a sense of security
Securing your IT - and reputatiion
Cumbrian firms urged to be better prepared for floods
News and Star
Keeping newsroom information safe
Submitted to UK Press Gazette
Cumbrians must prepare for wave of Cyber Crime
Lake District Messenger
Can your web site be trusted?
Lake District Messenger
Lake District Messenger. January 2011
Not enough Cumbrian businesses are preparing for cyber attacks when a crimewave is poised to strike in 2011.
Businesses have a legal duty to keep staff and client data secure and the Information Commissioners Office (ICO) is ready to get tough on businesses that suffer a security breach of personal and sensitive information.
It is tempting to believe that only large, city-based financial institutions are the target of international hackers.
But most cyber criminals would actually prefer to steal from a huge range of low risk, low defended systems than a heavily guarded company where there is a high chance of detection.
Most of these attacks will be random - and won't be conducted by someone who purposely targeted your business. Cyber criminals have developed systems that run 24 hours a day trawling the internet for poorly guarded computers. If a system is secure then it will simply jump on to the next unsuspecting person.
It is possible that you have inadvertently downloaded a malicious program that is sending your documents to these criminals and they could even be monitoring your keystrokes.
So what do these criminals hope to find on our computers?
Usernames and passwords to online banking systems are their dream ticket - but failing that, any other personal information that can lead to them pretending to be either you, a representative of your company or a client will suffice.
The ICO will pounce if they suspect that an individual's confidential information has been divulged and there will be a full investigation as to whether your company did everything possible to minimise the risk of the security breach.
We are now in the situation where companies are faced with organised criminals attacking from one side - and the ICO imposing heavy fines from another.
I've advised businesses who have had a close shave with the ICO recently and they only escaped punishment because they were able to demonstrate that the stolen data was encrypted. Unfortunately many small businesses have no idea of the procedures involved to encrypt data and there are few qualified information security professionals in the region to offer advice.
The ICO states that businesses must “make sure staff with access to the information are trained to keep it secure and look after it properly”. An information security consultant can identify what information is held, perform the necessary risk assessment and recommend how it should be defended to comply with the Data Protection Act.
Take the time to document every action taken to keep your data secure so that, should the ICO ever need to call, you can readily demonstrate the procedures that your company has in place. This process also gets you into a secure mindset and can help you identify vulnerabilities that you otherwise may never have thought of.