leadership and entrepreneurs
june/july December/January 2019 business 2020-21 edgebusiness edge
Robust information security requires Leadership and Commitment Jason Parker-Smith
Director, Aston Information Security Ltd
not “just an IT issue” otherwise you end up with the IT department guessing what is important to the business and requires the most protection.
How can Management demonstrate leadership and commitment? Information Security must be a regular agenda item at board meetings. Top management must understand the risks to their business information assets. Information security management is now regarded as a business-critical function that interfaces and supports management’s business objectives and processes and aims to protect information assets from breaches in Confidentiality, Integrity and Availability. While there is an increase in security risks being discussed at board meetings, it is still not happening in many companies. Top management need to demonstrate leadership and commitment by implementing an Information Security Management System (ISMS) and pulling together all employees to work as a team to ensure that the processes and principles are embedded in the organisation. This is
As a starter for 10, at Aston Information Security we suggest: Establish SMART Information Security Objectives that fit in with the strategic direction of the company. Sign-off the high-level policy to include why information security is important and demonstrate management commitment i.e. it is not one rule for management and one for the employees. Communicate the policy to the whole company. Set and minute the risk levels and either Transfer, Tolerate, Treat or Terminate the risk. Provide and sign-off the budget and resources to manage security. Ensuring that everyone feels supported to follow and improve the ISMS.
Review reports at Board meetings on, for example, the effectiveness of your Objectives, the high risks the company is exposed to, incidents that have occurred (if you don’t see an initial spike in incidents there may be a problem), improvement action progress. Play an active role in the supporting information security policies development and make them tailored to the company’s risk appetite, sector and legal/compliance requirements, not Googled.
In Summary If the maturity of your information security programme is in its early days, be prepared for some shocks. You will find processes that are putting the company at risk as well as processes you had been told were being done but are not. One breach of Confidentiality, Integrity or Availability can be enough to put a company out of business. For over 20 years businesses have been relying on Aston Information Security to implement an information security programme that reaps benefits and protection for directors, shareholders, employees and their customers.
Leading the way and growing business through challenging times The Jonathan Lea Network is a law firm focused on advising entrepreneurs, senior managers and investors with their UK legal needs. The firm’s turnover has organically increased more than seven-fold over the last three years. Our retained team operate from a large open-plan office in Haywards Heath, working closely with a remote network of experienced, self-employed solicitors. Our IT systems easily allowed for home working during the initial lockdown and our team were also able to return to the office several weeks in advance of other businesses given our spacious premises.
Mentality Since the beginning of the pandemic, our mentality has been to remain positive and resilient and focused on supporting clients and developing our business. Despite a quiet period in April and May, we retained every employee and ensured everyone was able to take on new matters (even at lower fees than usual) and also to work on marketing initiatives. We never considered taking the furlough-route.
Expanding When the lockdown eased and business picked up again, we were ahead of the game and capitalised on the uptick in work, significantly increasing our revenue over the summer. Now we have the confidence to expand. We’ve recently hired three new employees and also had law students undertake work experience placements in our office.
Developing We’ve taken advantage of technology to help advance our business. Offering 20-minute introductory videocalls to new clients increased engagement and communication and has made it easier to convert new leads. We’ve recently held three successful webinars, which allowed us to showcase our expertise, including ‘resolving shareholder disputes’ and ‘SEIS & EIS tax reliefs’. We’ve also increased our marketing activity by significantly developing our legal template online store, resulting in our revenue from downloads almost tripling since March.
Jonathan Lea
Achieving A recent, significant achievement was helping our client Transcend Packaging raise £10 million. Part of our work related to successfully negotiating with HMRC in interpreting the EIS rules. If we hadn’t received such clearance the transaction would probably not have completed.
Investing After successfully applying for the bounce-back loan, we now have the opportunity to sensibly invest this to further grow our business. We’re now looking to acquire a small established law firm from a sole-practitioner, which will allow us to increase our knowhow and client base.
AS A CHAMBER MEMBER YOU’RE WELL CONNECTED
15
