9 minute read
leadership and entrepreneurs
Robust information security requires Leadership and Commitment
Jason Parker-Smith
Advertisement
Director, Aston Information Security Ltd
Information Security must be a regular agenda item at board meetings. Top management must understand the risks to their business information assets.
Information security management is now regarded as a business-critical function that interfaces and supports management’s business objectives and processes and aims to protect information assets from breaches in Confidentiality, Integrity and Availability.
While there is an increase in security risks being discussed at board meetings, it is still not happening in many companies. Top management need to demonstrate leadership and commitment by implementing an Information Security Management System (ISMS) and pulling together all employees to work as a team to ensure that the processes and principles are embedded in the organisation. This is
The Jonathan Lea Network is a law firm focused on advising entrepreneurs, senior managers and investors with their UK legal needs. The firm’s turnover has organically increased more than seven-fold over the last three years.
Our retained team operate from a large open-plan office in Haywards Heath, working closely with a remote network of experienced, self-employed solicitors.
Our IT systems easily allowed for home working during the initial lockdown and our team were also able to return to the office several weeks in advance of other businesses given our spacious premises.
Mentality
Since the beginning of the pandemic, our mentality has been to remain positive and resilient and focused on supporting clients and developing our business. Despite a quiet period in April and May, we retained every employee and ensured everyone was able to take on new matters (even at lower fees than usual) and also to work on marketing initiatives. We never considered taking the furlough-route. not “just an IT issue” otherwise you end up with the IT department guessing what is important to the business and requires the most protection.
As a starter for 10, at Aston Information Security we suggest:-
Establish SMART Information Security Objectives that fit in with the strategic direction of the company.
Sign-off the high-level policy to include why information security is important and demonstrate management commitment i.e. it is not one rule for management and one for the employees.
Communicate the policy to the whole company.
Set and minute the risk levels and either Transfer, Tolerate, Treat or Terminate the risk.
Provide and sign-off the budget and resources to manage security. Ensuring that everyone feels supported to follow and improve the ISMS.
Expanding
When the lockdown eased and business picked up again, we were ahead of the game and capitalised on the uptick in work, significantly increasing our revenue over the summer. Now we have the confidence to expand. We’ve recently hired three new employees and also had law students undertake work experience placements in our office.
Developing
We’ve taken advantage of technology to help advance our business. Offering 20-minute introductory videocalls to new clients increased engagement and communication and has made it easier to convert new leads. We’ve recently held three successful webinars, which allowed us to showcase our expertise, including ‘resolving shareholder disputes’ and ‘SEIS & EIS tax reliefs’. We’ve also increased our marketing activity by significantly developing our legal template online store, resulting in our revenue from downloads almost tripling since March. Review reports at Board meetings on, for example, the effectiveness of your Objectives, the high risks the company is exposed to, incidents that have occurred (if you don’t see an initial spike in incidents there may be a problem), improvement action progress.
Play an active role in the supporting information security policies development and make them tailored to the company’s risk appetite, sector and legal/compliance requirements, not Googled.
In Summary
If the maturity of your information security programme is in its early days, be prepared for some shocks. You will find processes that are putting the company at risk as well as processes you had been told were being done but are not. One breach of Confidentiality, Integrity or Availability can be enough to put a company out of business.
For over 20 years businesses have been relying on Aston Information Security to implement an information security programme that reaps benefits and protection for directors, shareholders,
Leading the way and growing business through challenging times
employees and their customers.
Jonathan Lea
Achieving
A recent, significant achievement was helping our client Transcend Packaging raise £10 million. Part of our work related to successfully negotiating with HMRC in interpreting the EIS rules. If we hadn’t received such clearance the transaction would probably not have completed.
Investing
After successfully applying for the bounce-back loan, we now have the opportunity to sensibly invest this to further grow our business. We’re now looking to acquire a small established law firm from a sole-practitioner, which will allow us to increase our knowhow and client base.
Robotics surge as virus strikes
The scourge of coronavirus could be fundamentally changing the way businesses operate by expanding remote working and accelerating the deployment of robotics and AI.
The British Chambers of Commerce BCC has released the results of its Coronavirus Impact Tracker, which reveals that the majority of businesses have made changes to adapt to the UK lockdown and social distancing. Most are highly dependent on technology. Sixty-six per cent of organisations have embraced remote working – and 50 per cent are using some form of video-conferencing software to keep their operations going.
Walmart is using robots to scrub its floors, and McDonald’s has been testing robots as cooks and servers. Danish manufacturer of ultraviolet-light-disinfection robots, UVD Robots, has shipped hundreds of its machines to hospitals in China and Europe.
Even before the pandemic, Amazon and Walmart were deploying robots in warehouses to improve efficiency. But Covid-19 has prompted them to increase the use of robots for sorting, shipping and packing.
Food delivery
Starship Technologies has been running a food delivery service in Milton Keynes using autonomous vehicles since 2014. It has seen considerable increases in demand as many grocery stores, restaurants, and other delivery companies have been contacting the company to ask for assistance.
Gary Jowett, from Computer & Network Consultants (CNC) in Brighton, said: “Social distancing has shone a spotlight on remote working technology, AI and robotics as crucial weapons in the fight for commercial survival. And they offer answers about how your business can thrive in the future. “Once a company has invested in robotics, for example, it’s hard to envisage why it might revert to using humans for the same task with all the overheads that would incur. A greater reliance on such technology is likely to fundamentally change all our perceptions of work and the working day. It could lead to a big shift in the way productivity is measured, and the actual job roles people are given. For employees, that may also mean a change in the skills sets they need to maintain a successful career.”
IMAGINE HAVING ACCESS TO ALL THE BEST IT SERVICES.
CNC provide the most comprehensive range of IT services in the South East including:
IT Support & Outsourcing Internet Connectivity Installation & Infrastructure IT Hardware & Software Cloud e-Mail Archiving Mobile & Remote Access Off-Site Data Backup
Hosted Phones & Mobiles Security Services Cloud & Hosting Disaster Recovery Apple Support Virtualisation Office 365 & Azure We would love to talk to you and offer a Complimentary systems & security check-up with no obligations to use our services. — 01273 386 333 — sales@cnc-ltd.co.uk — www.cnc-ltd.co.uk
ISO 9001:2015 & ISO 27001:2013 Certified
24
Practical Compliance: Bribery
It has been reported that the Serious Fraud Office is investigating Canadian aircraft manufacturer Bombardier Inc. over suspected bribery and corruption in relation to contacts and orders from Garuda Indonesia, Indonesia’s national airline. Why does this affect businesses in Sussex? In the run-up to the introduction of the Bribery Act 2010, then Secretary of State for Justice, Kenneth Clarke said:
“Bribery blights lives. Its immediate victims include firms that lose out unfairly. The wider victims are government and society, undermined by a weakened rule of law and damaged social and economic development. At stake is the principle of free and fair competition, which stands diminished by each bribe offered or accepted.”
In financial services, prevention of bribery and corruption sits with the Money Laundering Reporting Officer whose brief now includes all forms of financial crime prevention. But all businesses need to be aware of the potential for bribery and corruption impacting their operations.
Time, then, for a quick refresher on the Bribery Act 2020. The act came into force on 1st July 2011 to repeal and consolidate all previous legislation. It also defined the bribery offences in the UK and the penalties committing those offences.
The Bribery Act created the following offences:
Active bribery: promising or giving a financial or other advantage.
Passive bribery: agreeing to receive or accepting a financial or other advantage.
Bribery of foreign public officials is a standalone offence
The failure of commercial organisations to prevent bribery by an associated person (also known as the corporate offence).
And the penalties?
The penalties under the Act are severe – there is a maximum penalty of 10 years’ imprisonment and/or an unlimited fine for individuals.
Corporates face an unlimited fine (including in respect of the corporate offence). A firm can mitigate the Corporate Offence by demonstrating that regular training regarding how bribery can impact the firm has been given to all staff. There are other possible serious financial, as well as reputational, consequences of being found guilty of an offence under the Act, including confiscation under proceeds of crime legislation, the requirement to appoint an external monitor to review and ensure compliance with policies and controls and/ or to pay substantial costs associated with the prosecution. Being mindful of these six principles will help your business prevent bribery
1.
2.
3.
4.
5.
6.
Have clear and practical procedures that are proportionate to your business Commitment from the Board and Senior Management Assess the potential exposure to bribery with regular risk assessments Proportionate due diligence on individuals and firms which perform services for your firm Regular communication with staff, including training and refresher training Regular monitoring and review of the effectiveness of procedures.
How can we help
Compliance Matters UK Limited offers cost effective and practical guidance. Contact us on 07768 422 213 or email ian@compliancematters.co.uk to discuss any needs you may have.
UV-C Light Disinfection Technology UV-C Light Disinfection Technology
Advanced Health Care & Well-being Industry Disinfection Advanced Office, Warehouse & Logistics Centres Disinfection Solution Solution Non-contact air and surface disinfection Non-contacConfidence t air and surface disinfeSpeed & Precision ction Confidence Most powerful UVC product Speed & Precision in the marketplace
In Partnership with:
OCTA UV-SYSTEM Robot UV-C
LED-UK Lighting Ltd Tel: 01424 222200 Email: steve@led-uk.co.uk www.led-uk.co.uk
