As Britain looks set to embrace a long-term shift to remote working, compliance firm, Bureau Veritas is calling on businesses to urgently prioritise cyber security as a health and safety risk.
It comes as recent reports show hackers earned a record £28 million last year for reporting software flaws during the pandemic. Meanwhile, with more companies introducing hybrid models of working in which staff split their time between the office and home, cyber security is increasingly becoming a health and safety issue, with rising pressure on firms to create a ‘cyber safe’ working environment – whether that is in the home or the office.
As such, information security expert Bureau Veritas is encouraging businesses to mitigate this rising risk by improving cyber security culture within their organisation and ensuring all employees are trained and up to date on the latest best practices.
Basilio Vieira, Lead Auditor at Bureau Veritas, said: “The Coronavirus pandemic has irreversibly changed the way we work. And with more of us set to split our working week between the home and the office, organisations need to respond to this ‘paradigm shift’ by treating information security as a health and safety risk.
“This means instilling a workplace culture which prioritises cyber security at all times so that employees take this seriously wherever they may be working. One example is working from home during the pandemic, how many of us left our work laptops unattended and accessible while we were home-schooling or answered the door for packages?
“Yet, we only need to look at the 2017 WannaCry attack on the NHS, which cancelled 19,500 medical appointments, including operations and locked computers at 600 GP surgeries, to understand the huge implications for mechanical failure that weaknesses in the information security system on can have. But when we think about cyber security it’s more than just hackers – we’re talking about protecting confidentially, integrity and availability of data and IT systems and currently that’s paramount.”
According to Bureau Veritas, businesses looking to create a robust system for handling information security risks should look to ISO 27001. A voluntary certification, it sets out best practice in terms of managing the security of assets such as financial information, intellectual property, and information entrusted by third parties.
Basilio continued: “It’s also worth considering that with most offices or work buildings now functioning off a central, protected network, such systems need to be monitored to detect actual or attempted cyber attacks and failures. As such, a standard like ISO 27001 will help firms complete a risk assessment and ask those all-important questions. What happens if the system is exposed? What’s the worst case scenario planning?
“ISO 27001 is a comprehensive solution which provides a framework that is adaptable to any environment. Ultimately, it means you can reap the rewards of a more connected world while acknowledging and managing the risks associated with this.”