Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Access the smarter, faster technology needed to make the most of your hybrid working future.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Cybersecurity Insights: How to Protect Your Information Assets
We are now living in the age of GDPR. Since the regulation became enforceable in May 2018, we have already seen the Information Commissioner’s Office announce its intention to fine British Airways £183 million and Marriott International £99 million for massive breaches the organisations suffered in 2018. All businesses need to take protecting their information assets seriously – any size of data breach has the potential to cause significant financial, operational and reputational damage. In order to reduce the risks to your business, you need to take steps to protect your information assets.
The Financial Conduct Authority (FCA) published an industry insights document in March 2019 with the aim of improving cybersecurity practices amongst regulated firms. At Six Degrees we work with FCA regulated firms to keep them safe from data breach, and there is value we can add to the FCA’s document that will help all businesses improve their cybersecurity posture.
In previous blog posts we expanded upon the FCA’s guidance on how to implement cybersecurity governance best practices, and delved into the importance of asset management. Understanding the importance of asset management is one thing, but knowing how to protect your information assets is another. In this latest cybersecurity insights blog post we’ll build on the insights the FCA offers in section four of its document: protect your assets accordingly.
As we covered in a previous blog post, all information assets are classified in terms of their confidentiality, integrity and availability:
Effective cybersecurity policies, standards, procedures and controls will protect the confidentiality, integrity and availability of your information assets. This in turn will reduce the risk of your business suffering financial, operational or reputational damage as a result of an accidental or malicious data breach.
The FCA’s industry insights document provided five insights and best practices that will help businesses protect their information assets. We will expand upon these one at a time.
Effective cybersecurity training is an important, but often overlooked element of your business’ GDPR and ISO 27001 compliance regimes. Getting it right requires more than just the occasional presentation or online course and exam. Your cybersecurity training needs to influence behavioural change, and the only way of truly driving this is through top-down board-level engagement.
Partner with a cybersecurity specialist and carry out behavioural analysis through workshop sessions. On the basis of findings from these workshop sessions, carry out targeted training on a ‘little and often’ basis. Include security at home, adding value for users and extending the cybersecurity conversation beyond the office. Remember, security professionals are not the bad guys – they should be integrated as part of business as usual, and they should always be helpful and approachable.
Supply chain compromises are a key threat vector for most businesses. You may control your own data, but when you pass it on to third party supplier contracts, and they subcontract again to their vendors and suppliers, you may well lose visibility and control over where your data is being stored and how it is being used.
Carry out a robust assessment of all suppliers that handle personally identifiable information (PII) through an annual questionnaire. This should cover their entire business, and should comprise the first step of any procurement process along with a request to see evidence of secure practices through a right to audit.
At a high level there is little to add to the FCA’s advice around encryption; not all data requires the same level of protection, so apply encryption controls appropriately for each level of data classification. Apply risk management principles to determine the potential impact of any data being exposed, and remember that when systems are highly interconnected and interdependent, you are only as strong as your weakest link.
In order to be aware of your potential vulnerabilities, you will need to carry out regular vulnerability scans overseen by a governance committee. Establish provisions to apply patches on both a scheduled and emergency basis, in order to ensure that you can address security flaws as soon as vendors release remedial patches.
Back up your vulnerability scanning with regular independent penetration testing. In an ideal world, penetration testing should take place every time there is a significant change to your IT infrastructure – whether it’s adding an application server, updating your remote access method or any change that affects your network topography. Security should be built in from the start, with penetration testing carried out prior to go-live.
You may also want to consider implementing an outsourced cybersecurity operations centre (CSOC) that will combine real-time monitoring with intelligent human analysis by experienced security professionals to recognise unusual log patterns and proactively alert on developing cyber threats.
Most businesses have a change advisory board. In today’s hostile cybersecurity landscape, security must have a place at the table. Cybersecurity should be a key consideration at the outset of every change request, and all change management processes should be reviewed from both a security and a business perspective.
Keeping you information assets secure is a key aspect of any business’ cybersecurity preparedness, but the truth is that staying safe from cyber-threats is a constant challenge. If you’re keen to benchmark your business’ cybersecurity preparedness, take our cybersecurity quiz. It only takes five minutes, and will give you a snapshot of where you are and what steps you can take to improve your cybersecurity posture.
Foreign exchange company Travelex has become the latest high-profile victim…
CNS Group protected a global fashion brand from financial loss…
Six Degrees has launched a suite of GDPR compliance solutions…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
