17 April 2023
As a technology company, you won't be surprised to find that we believe our world class technology is a key driver for successful data protection and security. But what may surprise you is that equally important is our culture.
Our desire for excellence is reflected in our holding the coveted ISO 27001 rating. This means our clients and their clients – the patients and clinicians who we help them serve – can be assured that our company, our people and our systems have reached the highest levels of information security standards.
The theory behind the rating is very simple – it's about identifying our assets, locating the risks to those assets and listing the mitigations that we undertake for those risks. But It's not an easy task achieving this – our systems are externally validated, meaning inspectors can come in and interview anyone of our staff or can look at any aspect of our business that they want.
Ask any expert on data security to tell you what they consider the main gap, the chink or the weak spot in a security edifice and it is almost always the people. Those with malicious intent will always be looking to hoodwink someone through an innocuous looking email, a benign looking website – these are the easiest gateways into a business.
It's all very well ensuring our IT systems have the strongest fortification in place, but it's also worth remembering that most people, even in a technology business, aren't technology experts. They're receptionists, administrators, sales staff, marketeers and accountants. And that's why we have a whole company policy in relation to our cybersecurity that involves our programmers, HR department, finance division, sales team and even our external contractors.
What does this mean? It's about ensuring that everybody in the company recognises the risks that they face in both their work and in their personal lives from digital malpractice. It means never turning off from the risk that someone may want to access the information that you hold, whether at work or at home. It means always following protocols in relation to the exchange of data. It means always being careful and cognisant as to the information that you are exchanging over emails or the Internet. Overall, it's a mindset that there are threats out there, always!
It's a common mistake to assume that the younger subsections of our workforce, the digital natives who've been brought up with technology from birth, are innately more protected from the risk of cybercrime. Actually, the greater your submergence into a digital world it's likely the greater risk that you face. So we place even more emphasis on educating those who conduct the vast majority of their daily transactions through the digital world to ensure they understand the risks that they face.
We're gearing up for the latest iteration of the ISO standard which we expect to be implemented in two year's time, but our work to prepare for this starts now. Yes, our technology experts work day and night to eliminate threats and to understand the latest risks to our systems. We have access to state-of-the-art, technology-led protection and firewalls. But the ultimate defence – the ingredient that leads to platforms that are robust and impenetrable save for those with authorisation – is a companywide culture of care, caution and constant vigilance.