Wavex Technology is proud to announce that the entire company is now officially certified to the internationally recognised ISO 27001:2013 Information Security standard. This standard ensures that Wavex’s Information Security management System (ISMS) is compliant with the leading standard for information security.

 

ISO 27001 certification recognises Wavex’s dedication to managing information security using risk based management whilst considering the Confidentiality, Integrity and Availability of information. The framework of the standard allows Wavex to not only  address technical risk but encompasses processes and people risks too. The standard guarantees the robustness and quality of Wavex’s ISMS. Wavex’s information security objectives are highlighted within our High Level policy which can be found here.


We are constantly challenging ourselves to improve our service and provide the highest security and privacy standards that meet or exceed the needs and expectations of our customers. The certification incorporates any legislations required to manage information and ensures that Wavex are always complying with GDPR and other regulations.

 

A rigorous external assessment audit conducted by the independent certification body (Certification Europe) who are certified by UKAS (The United Kingdom Accreditation Service), shows that Wavex have met the criteria set by the ISO27001 framework. The certification against the ISO 27001 standard adds an additional certification to our collection, alongside our existing Cyber Essentials Plus standard and numerous awards.

Getting a company-wide accreditation to ISO27001:2013 is a lengthy process. Whilst some organisations choose to include only certain processes, departments or platforms within the scope of the certification, or use non-accredited certification bodies, Wavex Technology firmly believes security is only as strong as the weakest link, as such we have opted to include the entire organisation within the scope of our certification.

Here is what Gavin Russel, CEO of Wavex Technology said about the achievement:

“I am delighted we have achieved the ISO 27001:2013 certification which helps validate our other security and vulnerability services. It is the result of a huge amount of team effort as we continue to strive to provide the best-in-class IT services to our clients. Our recent ISO 27001:2013 certification will ensure Wavex has world-class information security management system in place. To ensure we, and our clients, meet this high standard we have are also built the capability to manage this certification (and many others) within APEX® using our Governance, Risk & Compliance (GRC) module which provides our client’s strong adherence to information security standards.”

What are the benefits to Wavex customers?


Being ISO 27001 certified is testament to the fact that Wavex prioritises information security. But it also ensures the following:

  • Our customer’s data is rigorously protected and allows for secure exchange of confidential information
  • We proactively assess, minimize, and eliminate risks and vulnerabilities
  • We’ve created a culture of security within Wavex. So, security is an inherent consideration in the way our employees work, not something we look at every few months when an audit is due.
  • Operational excellence when it comes to our IT, HR, and information processes
  • On-going management through our APEX® platform



Click on the image below to view our accreditation certificate:
 
0

Staff Productivity, Thought leadership

Summary

Remote working used to be limited to simply taking your documents in a briefcase home with you to review in the evening. Yet, as communication infrastructure has improved (with the amount of homes with superfast broadband connections topping 10.8 million last year), workers now desire an almost identical experience at home to working in the office.


This year is thought to be something of a tipping point when it comes to remote working, with more than half of businesses in the UK now offering remote working policies. It is a trend that is likely to continue too, as the same research by the Work Foundation at Lancaster University[1], predicts that by 2020 some 70 percent of organisations will have followed suit.


The popularity from both a business and worker perspective is not hard to see. For businesses, allowing home working can reduce bricks and mortar expenditure considerably, as less office space is required. From a worker’s point of view, they’re able to save money by reducing their commute, and able to work in a comfortable environment with less distractions.

Proceed with caution

However, it’s not simply a case of allowing any employee with a laptop, internet connection and desire to work in their pyjamas the option to work from home. You need to proceed with caution. Before this option is offered, there needs to be a certain amount of technology investment undertaken to ensure that they, and your business, are safe from the latest wave of cyber security threats.


To do this needs a range of technologies working seamlessly together to provide secure access while not impacting end user experience. The best form of authentication is currently two factor; which your users will be used to from when they bank online. It ensures that access is only provided when a user meets two separate authentication criteria, often a password and a unique, temporary code provided to their mobile handset via SMS.


Once your employee is connected, the data between their device (which could be anything from a traditional PC to a tablet or mobile phone) and your organisation’s servers must be encrypted. As older cryptography techniques have become easier to hack, connections should now be secured using IPSEC with DES or 3DES. This means should a hacker be able to intercept your data, it should be unintelligible.


While simple passwords to crack – such as 123456 or password1 – are never recommended, the advice around passwords has somewhat evolved. The National Institute of Standards and Technology now recommends[2] focusing on usability and practicality as opposed to an overly complex password that your staff will only have to write down in order to remember it!

Accessing data

The technologies used by remote workers to access the information they need to undertake their day-to-day operations from home has needed to evolve. Simply allowing your staff to access the file repositories on your network from home as they would in the office, could leave you open to being infected should their laptop or home PC be carrying a virus. It is just not practical to rely on the IT department to secure the myriad of bring your own device (BYOD) personal end-points that remote workers use; therefore, other solutions have become necessary.


Many organisations have started providing specific remote desktop solutions via the cloud. These send a live snapshot of your office desktop to a remote device. If a user clicks or types, these interactions are reflected on the server. This means no applications need to be installed on the remote device and it provides a barrier for viruses to traverse from the remote workers device back into the corporate network. However, if the user is offline or their connection drops it means they can’t work.


The third, and often better, solution is to provide access to all files via a web server through a browser. This will generally use the SSL (Secure Sockets Layer) protocol to establish an encrypted link. Because so many devices now support web browsing, this provides many more ways to work remotely.

The new 9-to-5

With the advancements of technology and the push for the ability to work remotely coming from both sides, the traditional work and life balance is becoming increasingly blended. Work emails can be sent straight to mobile devices, work can be completed anywhere thanks to laptops, and the days of a simple 9-to-5 existence are but a distant memory.


Seeking the right balance between usability and security remains a great challenge though. Mobile Device Management (MDM) technology has become a critical way for IT departments to manage all the additional endpoints brought on by the remote working trend, and provides a means to instruct devices to delete any sensitive data should the device be compromised.

 

[1] http://www.telegraph.co.uk/connect/small-business/scaling-up/staples/working-from-home/

[2] https://pages.nist.gov/800-63-3/

0