With the increased risk of some sort of cyber-attack over the past few years, it is now more important than ever to look over your computer network and identify the risks within your organisation. In this webinar we’ll look at the basic principles to protect your data and also how you can take it one step further by assessing and minimising risk.
There is a link at the end of this deck to the associated blog and webinar recording
1. With the increased risk of some sort of
cyber-attack over the past few years, it is
now more important than ever to look over
your computer network and identify the
risks within your organisation.
There is a link at the end of this deck to
the associated blog and webinar
recording
3. Who am I?
Matthew Parsons – Director – Surf Tech IT
Working in IT Services for 14 Years
4. Information Security | Protecting your business
• Identifying Risks
• Assessing your assets
• Securing your information
• ISO 27001 : Information Security
5. Identifying Risks
• Everything / Everyone within your business is a risk
• Hardware
• Laptops, Desktops, Phones, External Hard drive
• Software
• E-Mail, Cloud Solutions i.e Office 365
• Employees
7. Assessing your assets
Risk/Asset Threat Likelihood Severity Rating
Laptop Stolen/Lost 2 2 4
Email Security Compromised 2 2 4
Employees Release of unauthorised data 2 3 6
Rating = Likelihood x Severity
8. Assessing your assets
Risk/Asset Threat Likelihood Severity Rating
Laptop Stolen/Lost 2 2 4
Email Security Compromised 2 2 4
Employees Release of unauthorised data 2 3 6
Rating = Likelihood x Severity
Rating
Low 1 to 4
Medium 5 to 10
High 11+
9. Control Action
Risk/Asset Control Likelihood Severity Rating
Laptop Company policy not to store
customer data on local drive
2 1 2
Email Complex passwords, change
password every 90 days and enable
two factor authentication
1 2 2
Employees Employment contract states the
release to information classified as
'confidential' will result in
disciplinary action
1 3 3
Rating = Likelihood x Severity
Rating
Low 1 to 4
Medium 5 to 10
High 11+
10. Control Action
Other Control Actions may include:
• Additional hardware appliances (such as Firewalls, Web Filtering)
• Additional software (such as Anti-Virus, AntiSpam)
• Computer policies (Locking down users abilities on computers, what software can be installed)
Why assess these threats?
• If you can identify the threats to your business, access the risk it may cause and identify it as a high risk.
You will be able to make changes within your business to best protect your data and customer data
11. ISO 27001 | Information Security
ISO 27001 is a standard created by the International Organisation for Standardisation (ISO) for implementing
an Information Security Management System (ISMS).
ISO 27001 is not required by every industry, but if you can incorporate just a few elements of ISO 27001 in to your
business it should assist in protecting your important data.
We work with businesses to assess these risks for them and then advise how any potential risk can be addressed
and minimized.
As an IT Support and Solutions provider our customers depend on us to keep their data safe. Our clients like
the reassurance knowing that our systems and processes are audited, when you partner with a company
like us we have the complete control of your IT systems.
13. BizSmart aims to help business owners of small and medium
sized businesses to create value and scale their businesses
through sound practical business support by providing insight,
Clarity combined with a real determination to help you succeed.
You can access webinars and presentations like this and more
besides through our SmartRoom service here
You can read the associated blog
and listen to a live recording of this
presentation by clicking here
You can read Matthew’s profile here
14. SPECIAL OFFER ....... Work with an IT company that strives
to be the best.
If you’d like to take advantage of the knowledge and
experience at SurfTech IT, but are concerned about potential
costs, or the time and disruption involved in upgrading your
systems, please book a complimentary consultation to talk
through your options.
You can get in touch via email
atinfo@surftechit.co.uk or call 0330 120
0295, quoting BizSmart Lunch & Learn
Webinars.
15. •Need a sounding board for your ideas?
•Need to know what to prioritise?
•Want someone to challenge your assumptions?
16. BizSmart –
Where Smart people go to surround themselves with other
Smart people, to gain business success.