Written by: Griffiths & Armour on: 12 Jul 2022
Griffiths & Armour’s Cyber Security Approach
We have a strong commitment to the security, confidentiality, and continued availability of our client services. The key to these standards is the development, implementation, and continous improvement of our firms’ rigorous security management program, which forms the foundation of Griffiths & Armour’s cyber security approach.
To provide insight into our approach in managing and protecting both company and client data, we caught up with Griffiths & Armour Head of Group Technology, Dave Atkinson, who discusses our ongoing commitment to protecting our firm and clients from developing risks in the fast-moving cyber landscape.
How have you managed to embrace a Cyber aware culture within G&A?
We believe that the best way of protecting the group is to upskill our employees via multi-channel education. We hold externally delivered in-person workshops, tailoring the content to the audience. In addition to this we issue monthly online digital training, making sure the topic of Cyber security remains at the forefront of everyone’s mind. It is my belief that if you can educate people to understand a Cyber threat that could potentially affect them in their personal lives it becomes more relevant, therefore the strategy is to make all employees more robust not just for work purposes. We aim to educate all employees in this way to help them be more rounded when confronted with a Cyber issue.
Have there been many changes within the IT team to accomodate an increased focus on Cyber Security?
Yes, we now have a dedicated member of staff who is our Information Security Officer. Their role is to maintain our current posture whilst constantly looking to improve our position. It is then my responsibility to take these suggestions and look to gain support, be it collective or financial across the business; deploying at the right time to then maximise the benefit of the investment.
Are suppliers key to helping your posture, if so how do you know how to choose the right ones?
Doing your own research is crucial. Picking the right partners is key to a successful security posture. All suppliers must understand that they are an extension of your team. If integration between vendors can be attained they have to collectively work together to help manage our risk. We are fortunate to have some excellent suppliers and our collaborative approach is reaping benefits for the business. SureCloud have helped us greatly through our recent ISO 27001 accreditation because they are specialists in this space, their understanding of the framework has been invaluable making change relevant to our particular organisation.
Are there any frameworks that will help reinforce the focus on Cyber protection?
Yes. In recent years we have utilised the Cyber Essentials and Cyber Essentials Plus frameworks to help us increase the awareness of Cyber Security within the business. More recently we have been audited against the ISO 27001 framework as we feel this adds greater rigor to our business processes and delivers a greater level of information protection to the organisation and its clients.
How did you start to implement such a large framework?
We started with a GAP analysis against the standard, the output of which allowed us to formulate our starting point. We realised we had good working practices, but the framework forced us to bring them all together and fill in the gaps. It has been fantastic for the organisation and has made Information and Cyber Security a commodity that we can now all understand. We live in an ever-changing landscape of compliance, and this is only going to increase over the coming years, therefore we have decided to invest now in ISO 27001 and embed robust practices now to help protect our clients, ourselves and set a new benchmark for the future.