ICAS launches a new cyber security hub
In recognition of increasing concerns about cyber security, ICAS has set up a new online cyber security hub to help members navigate to relevant resources.
The range of resources is primarily targeted at SMEs. In conjunction with cyber security specialist, Mitigo, the cyber security hub outlines:
- Why cyber security is important
- Cyber risks
- The cyber risk management process
- What to do if a cyber risk is identified
- Links to further resources and where find guidance.
Cybercrime is a serious and strategic risk for all organisations, regardless of their size. Cyber security is a board priority that should be amongst the top risks on the business risk register. It is not just a concern for IT.
Greater awareness and expertise will help you to manage cyber security effectively. Risk exposure is more pervasive than IT systems. It includes operational systems such as production, communications and physical security. Methods of attack are constantly changing and are becoming increasingly sophisticated. Your defences need to evolve to keep you protected, therefore, periodic assessment is important.
Cyber risk management
Mitigo explains the three key steps of cyber risk management:
- Cyber assessment to help you assess your current risk and vulnerabilities.
- Controls and defences to ensure your technology is safe and secure.
- Periodic assessment including ongoing testing, assurance and support to keep you cyber secure.
The risks and vulnerabilities for accountants are varied, but commonly include the following:
- Phishing attacks.
- Unsecure remote workspaces.
- Insecure and poorly configured cloud email accounts.
- Inconsistent cyber and security training.
- Supply chain weaknesses.
What happens if a cyber risk is identified?
CAs have access to an emergency helpline offering support from cyber security specialists Mitigo. If you have either suffered or suspect you may have suffered, a cybersecurity incident, you will need to act quickly.
This helpline provides a rapid response, containment, and investigation service. They will assist you with reporting obligations to regulators, the Information Commissioner’s Office, ICAS and to your clients.
A key source of guidance comes from the UK Government’s National Cyber Security Centre (NCSC). They offer tailored guidance for large organisations, SMEs, public sector and technical experts.
ICAS has also published a range of resources and articles to help you:
- Understand the essentials;
- Find good practice including board toolkits, briefing packs, guides for small businesses and charities;
- Locate guidance on how to identify and manage risks; and
- Access training and cyber essentials certification.
Find out more – access the ICAS cyber hub and additional resources.
CyberScotland Week takes place from February 27 – 5 March 2023. Keeping everyone cyber aware and resilient is their mission, more information can be viewed on their website.