Five reasons companies who hold your data should have ISO 27001

Do they?

25,000 organisations around the world have ISO 27001 (though few of them operate in the agrifood sector). What does this mean? And why is it important for you?

ISO 27001 is an internationally recognised framework for data governance and security. It provides a standard for organisations to measure themselves against, informing how they protect the data they hold – your data – and is standard in industries like finance, insurance and telecoms.

(Notably, it is not standard for the agricultural sector)

The benefits of certification are well established within industry, but why are they important for consumers? Many of whom are not aware of its existance.

Your data is more secure

There has been a 75% increase in data breach reports over the past two years, partly fuelled by an increase in cyber-attacks – 93% of large organisations have been targeted.

In this climate, it is essential that organisations take a systematic approach to data security.

ISO 27001 includes a systematic examination of security risks, including threats, vulnerabilities and the unique factors facing that sector and can reduce the risk of a breach by as much as 75%.

Though organisations without accreditation may have security controls in place, only ISO 27001 offers an independent verification of these practices.

ISO 27001 can reduce the risk of a data-breach by as much as 75%

Having these controls in place makes a data breach less likely, but what if there is a breach?

The worst case scenario isn’t so bad

In the event of a data breach, ISO 27001 provides a framework for mitigating the impact.

These include pre-planned processes for identifying and isolating breaches and protocols which inform staff on how to act. This means that your data is less likely to fall into the wrong hands.

Effective sponsorship by senior leaders is often the most important factor impacting the success of change projects, yet many organisations relegate data governance to middle managers with little or no authority over impacted groups.

At Agrimetrics, for example, a data-security team including the CEO and COO ensures compliance with these policies. Every member of staff will undergo training tailored to their role and responsibilities. Re-fresher training and communications provide reinforcement.

On the right side of the law

In early 2018 Cambridge Analytica made international news following revelations that it had illegally harvested user data and misused this data to advance several political objectives.

The problem is not limited to shadow-politics. A 2017 paper, presented at the Annual Ubiquitous Computing, Electronics & Mobile Communication Conference at Columbia University, found that 5% of the 800 apps surveys misused user data.

5% of surveyed apps found to be misusing user data

This is especially important for the agri-food sector. Whereas data governance in banking, pharmaceutical and telecoms companies is heavily regulated by Government – with huge fines for non-compliance – agriculture remains relatively unencumbered. Though many would see this relative freedom as an advantage, it also makes it easier for companies to mismanage user data – either intentionally or by accident.

In this climate – where heavy data governance regulations are not imposed – commitment to optional, independent accreditations like ISO 27001 should be key differentiator for users wishing to keep their data safe.

Everyone knows their part

The vast majority of data breaches – more than 2,000 in the UK last year alone – are the result of human error.

Not cyber-attacks; not whistle-blowers; not professional misuse; but human error.

This could be anything from a junior marketing executive naively ‘cc’ing’ hundreds of contacts to a sales manager leaving customer information on a trail. It could be much more subtle: a member of staff reading confidential documents in a public place, where sensitive information could be overlooked.

Human error is an unavoidable part of the human condition; it can, however, be mitigated. ISO 21007 ensures that what can be done, is done.

From compliance training for new starters to refresher training for existing staff, to a dedicated ‘data security team’ responsible for carrying out regular internal observations and audits, ISO 21007 provides the foundations for ensuring an organisations team is well aware of their part in ensuring outstanding data security.

It took Agrimetrics more than a year to become ISO 27001 accredited. We analysed every tool, process, and vulnerability; opening ourselves to regular audits and external verification.

‍

Benjamin Turner

Chief Operating Officer

Things are only going to get worse

Cyber criminals are not standing still. Technology is a rapidly evolving sector; data breaches are increasing; cyber-attacks are on the rise. Organisations seeking to keep their data safe must evolve too.

Traditional approaches to data security are no longer adequate; it is simply not sustainable for data-security to be relegated to a part time position, the 45thpoint on an aging to-do list of an overworked, non-specialist IT Manager.

For this reason, ISO 27001 includes a commitment to continuous improvement. Dynamic guidelines and regulations help ensure that companies stay ahead of the curve, backed by a body of knowledge and regular audits.

It is simply not sustainable for data-security to be relegated to a part time position, the 45th point on an aging to-do list of an overworked, non-specialist IT Manager.

Cyber criminals are not standing still. Technology is a rapidly evolv
Facilitating this is a cross-functional, data-security team; typically including skill sets from IT, operations and the sponsorship of a senior stakeholder – such as the CEO. This team is a key part of a successful data-security strategy, ensuring that it remains a priority, with sufficient resources – both time and money.

Decision time.

Your data is valuable. It’s because your data is valuable that many organisations want to collect it.

In many cases, sharing your data is mutually beneficial. At Agrimetrics, for example, customer-provided data has been combined with publicly available information to create tools which can accurately predict optimal harvest dates and yield estimates; cutting costs for farmers and reducing food waste.

However, the inherent value of your data is precisely what motivates nefarious individuals to seek to acquire it illegally, unscrupulous organisations to use it improperly, and ambitious, but naïve companies to leave themselves – and your data – open to attack.

ISO 27001 exists to provide an instantly recognisable badge for outstanding data security practices.

It is up to consumers to insist on higher standards of data security with the organisations they engage with; to help forge a safer environment where all of our data.

‍

March 30, 2022