Our approach is primarily about risk management. When we think about the information flowing between people we ask ourselves two key questions:

1. Do we know our risks?
2. Are we in control?

If we can’t answer “yes” to these questions then we move to explore measures we can put in place to bring risk levels down.

Risk exists everywhere when it comes to information security and the potential for this information to be mismanaged, misplaced, corrupted, abused, or stolen is always high. To perform any kind of activity in any kind of organisation, regardless of size, you 100% rely on the security of your information. In fact, you probably take this reliance for granted.

With this in mind, we look to frameworks and accreditations to make sure that we’re taking appropriate measures to safeguard any information we use. As part of this we have accreditation to Cyber Essentials, demonstrating our ongoing commitment to information security.

Cyber Essentials is a Government backed scheme designed to help guard organisations against cyber attacks. The framework and accreditation helps to identify and mitigate threats to an organisation’s security, but also demonstrates their commitment to said security.

Cyber attacks come in many different forms, the vast majority of which are very basic in nature and carried out by opportunistic individuals. Putting in place a solid defence against these majority attacks means that you are less of a target. Most attackers will move on if they quickly learn that an organisation or system is well covered. We work with Cyber Essentials to ensure that our defence against cyber attacks is in the best shape possible.

By law, Engage and all other organisations working with EU data must be compliant to the General Data Protection Regulation (GDPR). We have developed processes, policies and measures that are appropriate for us, but also for you.

We’re happy to work alongside you to put in place the requirements expected from the GDPR. Whether this is figuring out the right basis for processing, or working through finer points on data storage and protection, we make it our aim to ensure we’re 100% compliant and providing the most secure service.

In addition to working with accreditation standards we’re always keeping up to date with the latest security considerations from the community. A well respected document for developers and within software development is the OWASP top ten. The top ten represent a broad consensus on the most critical security risks to web applications and they’re always being re-ranked based on the most important threats at the time. We adopt this document into our development processes to ensure that we’re minimising the risks presented by these potential threats.

We also don’t stop at number ten either - there’s a saying in the security and development community that one day number eleven on the list is going to catch everybody out! Essentially, the OWASP top ten is just one of many resources we use to help inform us about security issues. We’re constantly looking to improve our knowledge and security in this area to develop the most secure systems we can.

Penetration testing, often just referred to as “pen testing”, makes use of a cyber security expert to attempt to find vulnerabilities within a system. This often involves a simulated attack on a system to identify any weak spots in its defences. Once complete, any issues are reported to our development team so that they can be fixed, ideally before systems go live, but certainly before anyone with ill intentions can exploit a threat.

Do you need to do pen testing? It’s certainly something we would advise for any system containing sensitive or personally identifiable information, especially now that the commercial ramifications for a data breach are so high. Either way, this is something we’re happy to help and advise you about.

We’re very committed to security and compliance at Engage. The team is constantly on the lookout for new cyber threats, and for ways that we can continuously improve our knowledge and system defences. The modern web presents a landscape where you simply cannot afford to take security and compliance lightly, and working with partners that give it the same credence and focus as you is extremely important. What’s more, it’s clear to see that issues and data breaches are being investigated and reprimanded. A recent article from the ICO explains a £500,000 fine handed out to an international airline for failing to secure its customer’s personal data. It’s more business critical than ever to ensure that you’re on top of your security efforts.