A large telecommunications company in the UK has recently been targeted by repeated cyber-attacks.
As part of this ‘significant and sustained’ incident, there is a risk to the personal information of its customers throughout the UK. Needless to say, these customers, the company and the nation as a whole are concerned by the fact the hack has happened – even without confirmation of any actual disclosure of sensitive data.
What does this mean to you?
Public sector contracts are, quite correctly, very risk averse. The Government always seeks to provide the best service possible to the public by securing the top companies to provide it. As part of being considered ‘top’, these companies also have to offer the most secure options. After all, these contracts take place over a considerable amount of time serving many different people. Part of this security is based upon a good financial record and positive forecast (that’s another blog), but an increasingly important part is data security.
Which industries does this affect?
In short: all of them. Whether you’re holding sensitive data on vulnerable people’s medical conditions, the addresses of individuals, trade secrets or information on bespoke technology, you must be able to say that this data is safe in your hands. Secured websites, approved users, password protection and multiple, identified employees to authorise transactions involving this data are just the tip of the metaphorical iceberg. The questions you need to ask yourself include:
- How do you prevent access from external parties?
What happens if something is stolen?
- Do you back your information up on a cloud-based system? Is it encrypted?
- What about written information? Is it locked away? Who has access to it?
- Do you destroy old hard drives that may still contain details?
The list of possible risks is large, and growing every day as people increasingly rely on technology to deliver their work effectively and efficiently. As part of this, the risks of human error and disclosure are very real.
Write up an effective data management and data protection policy. Put yourself in hypothetical worst case scenarios and work backwards to identify what means can be put in place to prevent them, or lessen their effects if they do happen. Recording this will provide reassurance to both yourselves and the contracting authority.
ISO/IEC27001 – Information Security Management
Authorities will breathe a collective sigh of relief when they read about your ISO-certified system. Whilst this will not guarantee a contract, it offers considerable reinforcement to your bid and can, in some cases, exempt you from having to explain your procedures in depth. If your service and sector are heavily reliant on sensitive data, such as child safety, vulnerable adults or printing of sensitive materials, certification may go beyond being a supplement to your bid and become a necessity due to the sheer amount of companies who will have it in place.
To discuss data security and avoiding risk, or any other bid writing query, contact our bid team today on 0800 612 5563 or email firstname.lastname@example.org.