June is Scams Awareness Month which is an annual opportunity to raise awareness and take a stand against the scams, fraud and predatory practices which affect millions of people. From spam emails to ‘suspicious activity’ alerts from banks and news stories about data breaches; unfortunately, scams and fraud seem to have become part of daily life.
Last year, government figures showed that 364 organisations took part in Scam Awareness Month and campaigners engaged with 345,000 people through face to face and offline campaigning. However despite this success more still needs to be done to spread the message, particularly among small and medium-sized enterprises (SMEs) whose data is becoming increasingly valuable to cyber criminals.
According to recent government research in the 2018 Cyber Security Breaches Survey, over four in ten UK businesses (43%) and two in ten charities (19%) have experienced cyber security breaches or attacks in the last 12 months.
Today SMEs embrace more interconnected systems than ever. From bring your own devices (BYOD), off-site working to the cloud, small businesses have never been more connected to their clients and therefore more open to threats. SMEs usually have markedly different priorities than larger corporations, such as maintaining a strong cash flow and ensuring the right mix of skills and expertise is retained within their small teams. These pressures all mean that cyber risk is often not seen as a critical business risk by SMEs.
The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance standard was developed over several years from a government funded project to create a cyber security standard which would be an achievable alternative to the international standard, ISO27001.
PKF Francis Clark has reaccredited to the IASME Governance Standard which includes the GDPR requirements as well as Cyber Essentials which evidences that an organisation has carried out steps towards protecting business and data from internet based cyber-attacks.
As Cyber Essentials focusses on key technical controls, GDPR requires more than Cyber Essentials on its own. By certifying to the IASME Governance Standard, which includes the GDPR requirements, PKF Francis Clark has demonstrated that it has a wider governance system for management of the controls protecting personal data. The IASME governance standard adds a number of topics to Cyber Essentials which supports GDPR compliance. These include assessing business risks, training staff, dealing with incidents and handling operational issues.
Richard Wilding, Head of Cyber Services said:
“PKF Francis Clark has already become fully accredited under IASME Gold and Cyber Essentials PLUS, the new IASME Governance standard demonstrates our commitment to the highest standards of data protection.
“We can help SMEs protect themselves against cyber- attack. Many businesses feel they are too small to be prone, however the evidence shows that SMEs suffer more than seven million cybercrimes a year. If you are concerned and would like to arrange a cyber security review we are here to help.”