Data breaches rank amongst the most common cyberattacks because of the lucrative nature of selling personal information on in the black market. Since 2013, there have been over 9bn data records lost or stolen as a result of cyberattacks. Ever more sophisticated methods for stealing data are becoming apparent, highlighted by the Wannacry Ransomware attack on the NHS in 2017 and cleverly disguised Phishing emails that arrive in the inboxes of unsuspecting employees. These breaches pose devastating reputational damage for the targeted organisations for not doing enough to protect sensitive information.
Fortunately, there are steps that can be taken by any business to handle data responsibly and to minimize the reputational damage that occurs. These include: employee user awareness and training, effective management policies, supporting technology, and last but not least, internationally recognised British standards. BSI offers a host of effective best practices to help prevent cyber security dangers within organisations, such as:
- The BS EN ISO/IEC 27001 family of standards dedicated to providing organizations and governments world-wide a means to risk assess and manage their information security in a way that enables them to continuously stay up-to-date
- PAS 555 which involves the governance and management of cyber security risks and should be used in all data system processes and controls and are fundamental to avoiding breaches
- BS 10012 and BS EN ISO/IEC 27040 which are particularly relevant to the security of personal information.
All of BSI’s Cyber Security standards are available through Standards Online (BSOL). BSOL is a cost effective solution to working with standards more efficiently. By storing a collection of standards in one place for multiple authorised personnel to access enables best practice to flow through your organisation.