How to achieve cyber hygiene and avoid being cleaned out

We often talk about the importance of hygiene in business. Getting the basics right for your organisation is just like showering; do it well and no one notices. Don’t do it and people become aware very quickly!

There is probably no more important an area for business hygiene right now than Information Security. I was therefore pleased to hear Garry Bernstein reinforce a number of hygiene points during his talk at the Digital Leaders event in Brighton on Cyber Resilience.

After reminding us of the Mel Brooks, 15 commandments joke, Garry shared his experiences and reinforced his tips for cyber resilience with ten commandments.

His commandments included many of the fundamental things organisations and their supply chain would address in achieving ISO 27001, the recognised international standard for Information Security.

One of the participants also referred to the recent IoD (Institute of Directors) Publication with Barclays on how cyber security is underpinning the digital economy. It highlights why doing nothing is not an option.

However, it was later in the discussions that another attendee drew everyone’s attention to an often underestimated potential threat. He shared his experiences about an area of research that affects your cyber resilience, that of the common-or-garden office cleaner.

Yes, it seems that less than hygienic office cleaners are (allegedly) one of the most common reasons for breaches in information security.


Examples of how malicious cleaners can be hidden in plain sight included:

• Coming in when others are not around, working unnoticed.

• Having reason to be where most of us don’t go (under desks etc) so could easily leave key tracking and audio devices.

• Leaving with bin liners is not unusual.

• Individuals change frequently.

• Cleaning is often outsourced where due diligence on hiring processes may not always be carried out or as effective as your own controls.

The latest version of ISO 27001: 2013 emphasises the management of information security throughout the supply chain so one assumes you have this risk covered by adopting the standard.

If not you might want to have a little whiff and hope there is no need for smelling salts afterwards!

If you’d like to learn how achieving ISO 27001 is made simple, fast and cost effective with ISMS.Online visit and talk to us today.

We won't share your details with anyone else.

  • Receive our blog posts by email

    We won't share your details with anyone else.
    * = required field