Every day across the UK and around the world, thousands of IT systems are compromised. Some attacks are simply for the prestige, some for political motives, but most commonly they are attacked to steal money or gain commercial advantage. 

Are you confident that your cyber security governance regime minimises the risks of this happening to your business?  

Handling the number of data breaches for our clients, we believe that in practice, few organizations are as impermeable as they could be. The technical level of cyber security lapses can be varied, from the simple sending of an email to the wrong person to a sophisticated cyber attack  

 During our SIRO courses we emphasise that responsibility to manage your company’s cyber risks starts and stops at Board level.  Whilst most acknowledge that you can never be totally safe, our course is designed to offer some practical steps which you, as leaders, can direct to be taken to improve the protection of your personal data and the processes that you use. 

Background: 

A key principle of the UK GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’.

Protecting personal data and information is critical to today’s technical environment that organisations rely on. Personal data and information and the IT that store and process it are critical to organisations and businesses success.  

At the same time the need to access and share information more widely, using a broad range of connecting technologies is increasing the risk to the corporate information base. 

Breaches of information assets can severely damage organisations. Any compromise of information through, for example, basic human error or the deliberate actions of an outsider or indeed internal employee, could have a permanent or at least long-term impact on your business.  

A single data breach could destroy your financial standing or reputation.  

Information compromise can lead to material financial loss through loss of productivity, of intellectual property, reputational damage, recovery costs, investigation time, regulatory and legal costs. This could lead to reduced competitive advantage, lower market share, impact on profits, adverse media coverage, bankruptcy, or even, where safeguarding data is breached, loss of life. 

In addition to an accurate picture of those information assets that are critical to your organisational tasks, Boards will wish to reassure themselves that they have regular up to date information on the threats and known business vulnerabilities to make informed information risk decisions. 

The threat is not only technical 

Many individuals pose a risk to information loss. From cyber criminals interested in making money through fraud or ransom demands, competitors interested in gaining an economic advantage for their own companies; deliberate hackers who find interfering with computer systems an enjoyable challenge or simply employees, or those who have legitimate access, either by accident or deliberate misuse. 

The key is effective risk management and awareness. 

Our CPD accredited training encourages you to consider things like risk analysis, organisational policies, and physical and technical measures. We highlight additional requirements about the security of your processing – and these also apply to data processors too. Being aware of potential threats is a normal part of risk management across the public and private sector.  

Alongside financial, legal, HR and other business risks, Board members and trustees need to consider what could threaten their critical information assets and what the impact would be if those assets were compromised in some way. 

Aims of our training 

• Identify the risks to your information 

• Understand that your governance framework and information risks are threat across the organisation 

• How to manage cyber riks within corporate governance 

• Best practice when implementing security controls and supporting policies that are commensurate with the level of risk that you as a Board or SIRO is willing to tolerate 

• Appreciate what level of security is required 

• Deciding a level of security that is ‘appropriate’ to the risks presented by your processing and what’s ‘appropriate’ for you. 

• Understand what organisational measures you we need to consider 

• Carry out an information risk assessment and build a culture of security awareness within your organisation 

• What technical and non-technical measures you should consider 

• How to assess your physical security standards 

• Understand how to design and implement the organisation’s security measures 

• Understand the threat and consequences to your organisation or business 

• Steps to reduce your cyber and data risks 

• Best practice for an information risk management regime

• Board responsibility and actions. 

Online Training

• Facilitated via Microsoft ‘Teams’ (2.5 hours duration with 30 additional minutes for questions).
• Our core presentation will be issued to delegates at least 4 working days in advance.
• We recommend that you study the course materials prior to the session, so you can highlight any areas that you may be specifically unsure of, or if you any specific issues/scenarios that you may want to discuss. Where possible these will be blended into the session.

After the session, time should be spent reflecting and consolidating training learnt into a development plan.

If you are interested in this course, please check our online training availability to the right or contact us for more information.