Would you store your money at a bank that only protects your money with some fencing and a padlock? Of course not. There’s a reason banks have their vaults within sight of the front door, because nothing says peace of mind like 2 tons of steel standing between your money and a thief. Unfortunately, the days of vaults and bank robbers are fading fast and being replaced by digital assets that can be wiped out by someone on the other side of the world. So how are you supposed to know if you can trust a company to protect your information?
By knowing what a 21st century vault looks like.
Concrete and steel are no longer what keep your valuable information and assets safe. Instead, it’s protected by firewalls, network infrastructure, and encryption. Here’s the bad news. No company is going to give you a complete run down of its cybersecurity measures, and even if they did you’d have to be a cybersecurity expert to tell if they were actually worth anything. Here’s the worse news. Some businesses don’t even have to tell you if they’ve been breached in the past. For example, law firms don’t deal with directly with consumers so they have no need to report any breaches to the public. That’s like a bank not telling you that your money was stolen.
Even though cybersecurity might as well be in a different language to most people and some businesses being opaque about how they handle it, there are clear signs that a company has your information’s safety in mind.
For example, even if a law firm doesn’t tell you about their past breaches you can tell if they’re secure or not based on if they are ISO 27001 certified. ISO 27001 is a cybersecurity standard created by the International Organization for Standardization. The most important thing you need to know about ISO 27001 is that to be certified, a business must create and implement a ISMS, or an information security management system. Now you may be thinking, “this all just sounds like more tech jargon, how is this supposed to help me?”
ISO 27001 simply lays out a standard, tells a company how to evaluate the risks they face, and then how they can implement security measures that fit their size and their specific risks as a part of their ISMS. More importantly, ISO 27001 gives businesses a framework that allows them to respond to a breach and minimize damage, which could be the difference between a scare and a full on code red. Seeing that a law firm is ISO 27001 certified is like seeing a huge bank vault when you walk in the front door. We all know that bank vaults don’t guarantee security, but you can sleep much easier at night knowing that your information and money is protected by it.
Knowing what you know now, you can make an informed decision on who you trust with your business and that’s a much bigger deal than you may think. No one is safe from being hacked. Big or small, law firm or grocery store, everyone has something that a hacker can turn into a profit. That could be the information of average people who never thought they would be targeted or insider information on global mergers that could earn a person millions. The good news is that you’ve turned on the cybersecurity info faucet, and you’re more prepared to make informed decisions than most people. How much information you let spill out is up to you. If you want the information to keep flowing, stay posted.