Flowers, a mews, and why Information Security is more interesting than it sounds
And also the bedrock of the business
Recently, our Marketing Manager Carla Francome enjoyed seeing some flowers in a beautiful mews, as she made her way through London to Andy Beverley’s house for a crucial part of her induction - Information Security Training.
Information Security (often known as InfoSec), refers to the processes and tools that are designed and then used to protect sensitive business information from modification, disruption and destruction. These can be by outside forces, or internal errors. Essentially, it is about protecting sensitive information from unauthorised activities, and the goal is to ensure the absolute safety and privacy of critical data. It includes everything from how to create passwords, where to store them, and how data is kept safe in a company.
CEO Andy Beverley with the company’s presentation on the Information Security processes that Ctrl O employs. He runs through this with all new employees and freelancers. (He would like to clarify that all the bottles are just for decoration and are in fact left over from his wedding 6 years ago!)
Andy explained that Information Security is the bedrock of the business- he described it as the “glue that holds everything together”, and that it can’t be bolted on the side. “If you don’t have a firm base for Information Security, everything will fall over”.
Ctrl O provides software that is used by the Ministry of Defence, the Ministry of Justice and the Foreign and Commonwealth Office, so having robust Information Security is absolutely crucial.
Carla spent 20 over years as a TV Producer on current affairs, science and true crime documentaries, and recently spent a year and a half on a series about one of the biggest data breaches of all time. The three-part series is called “The Ashley Madison Affair” and is now on Hulu and Disney Plus. It tells the story of the website Ashley Madison, a dating site for those wanting to commit adultery, which was hacked in 2015, causing shock waves around the globe.
For the series, Carla spoke in depth to some of the most high profile tech experts in the world, including Brian Krebs in America, Graham Cluley in the UK, and Troy Hunt in Australia. She also spoke to a number of journalists who had had a lot of contact with victims of the hack. Over 30 million people’s details were released, outing them as potentially being signed up to a dating website for affairs. Carla saw up-close what effect it can have when sensitive data is leaked, so this is a subject she cares about a lot, and she was keen to hear more about the companies’ policies from Andy.
Like many companies, Ctrl O complies with a framework of policy processes and guidance for InfoSec, known as an Information Security Management System, or an ISMS. Standby for some tech speak: the ISMS is all part of making sure we at Ctrl O are compliant with the ISO 27001 security certification. ISO 27001 is an international standard to manage information security.
Carla appreciates this is all a very serious business, but she is also keen to learn more about “ISO Twenty-Seven Thousand and One”, and slip the words into meetings, because it sounds like something they’d say in an episode of Red Dwarf, she thinks.
The team in Yeovil with Giedre Kupliauskiene, a risk and compliance analyst we work with, doing an ISO 27001 audit in April. We also think this photo could be entered into a competition for “most corporate photo of the year”.
Back to the presentation with Carla, Andy covered a range of subjects- like how crucial it is to have safe passwords on everything. Humans are poor at coming up with random words in passwords Andy explained, so all employees use a random password generator. “Are you saying that TVCyclingClown01 would fail as random?” Says Carla. (Her father is a clown and she loves cycling, so it was a bit of an in-joke). The password got the thumbs down, as did her other attempts.
Andy explained that there’s a secure (confidential) method for storing passwords, and that all of Ctrl O’s data is stored on a private cloud. In his presentation, there was a page on dealing with phishing emails, and a good diagram on how to tell if an email is fake.
It was a thorough, useful session, and Carla is now ready if anyone would like to discuss how our ISMS framework complies with ISO Twenty-Seven Thousand and One. But she’s still refusing to believe she can’t come up with totally random words. Unfortunately PedalDisneyJuggling05 also got the thumbs down from the team 👎🏻
See how LinkSpace could revolutionise your business process now with a free consultation and trial.
Ctrl O is a registered supplier on Digital Marketplace and is ISO27001 certified (Information Security Management).
