How 28,000 people twiddling their thumbs can teach us all a lesson


The University of Hertfordshire has just been quite badly hacked. Attackers took down their entire network and all their cloud-based services too. That left almost 28,000 students, lecturers and other university staff twiddling their thumbs.

They’re one of many higher education institutions to be targeted in the last year or so. The pandemic has led to a vast increase in their online activities, leaving them very vulnerable to costly, time-consuming, disruptive digital attacks.

And it’s not just an education problem.

Over the last year organisations of every kind have expanded their IT infrastructures to support new home workers. That’s created some very serious risks. Imagine if all your remote workers and customers were suddenly unable to log in for hours or even days.

Infosec’s a hot topic for us all

That’s why information security’s such a hot topic just now. Its benefits include:

  • Safeguarding your organisation’s brand and reputation
  • Protecting your bottom line from sudden, unexpected hits
  • Winning new business and entering new marketplaces

Of course, you already know this. And you’ve probably already taken steps to boost your own organisation’s infosec measures.

But have you done everything you can? And can you quickly and easily prove that to your customers and other stakeholders? In today’s uncertain and unpredictable world, how do you even know what good information security is?

We have the answer. Or rather, the ISO 27001 standard has the answer.

Showing you’re serious about information security

ISO 27001 is the internationally recognised standard for information security. It tells you what an information security management system, or ISMS, should include, and helps you set one up.

Because it’s an ISO standard, your ISMS can be audited for ISO 27001 certification. That’s a globally recognised guarantee that your organisation takes information security seriously. And if you don’t want to go for full certification, ISO 27001 compliance is pretty impressive.

Strengthening your brand

Being able to quickly and easily prove how secure your organisation is has obvious brand benefits. It turns the trust your customers already have in you into certainty that you’re doing everything you can to protect their information and, by extension, their interests.

And an ISO 27001 ISMS will literally strengthen your organisation. It’ll help you defend against infosec attacks and incidents of all different kinds. Maybe they’ll just bounce off. And if the bad actors do penetrate your networks, you’ll be all ready to counter them.

Protecting your bottom line

You probably already know the average cost of a data breach (in 2020 it was $3.86 million, according to the IBM “Cost of a Data Breach” report). An ISMS will help you dodge that bullet. But did you know that the average time taken to spot and contain one was 280 days?

280 days! Of course, not all of that’s working time. Most breaches go unspotted for a while. But imagine how long it’d take to go back over all those days to see what might have leaked. It’d be painfully tedious and costly. With an ISMS it’s much less likely to be an issue.

Winning new business

Big public hacks like the Hertfordshire Uni one are boosting global awareness of the need for information security. Organisations are setting higher infosec standards for themselves and their supply chain. Many are making ISO 27001 a condition of doing business with them.

That might be a challenge you’ve already run into. And even if you don’t need ISO 27001 compliance or certification to win your next big contract, it’s a safe bet that taking security seriously will give you an edge over your competitors. Everyone loves infosec certainty.

So how do you create an ISO 27001-ready ISMS?

If you’re at the beginning of your ISO 27001 journey, will help you implement your ISMS from scratch. If you’ve already started work on or have one up and running, it’s easy to migrate all the work you’ve already done onto our platform.

Our preloaded content starts you 77% of the way to ISMS completion. Our optional Virtual Coach gives you context-specific support, 24/7. And our Assured Results Method has guided everyone that’s used to it to first time ISO 27001 certification success.

So your organisation will never be like the University of Hertfordshire. It’ll never leave 28,000 people twiddling their thumbs and make the headlines for all the wrong reasons. And you’ll give your colleagues and managers, and current and future customers, world-standard confidence in your infosec measures.

Book your demo