Safeguarding Your Online Brand Presence: Leveraging ISO 27001 to protect your business on YouTube and beyond

Recently, there has been a new measure of YouTube accounts being “hacked,” or “taken over,” and it can affect any channel if account holders are not aware of what to look out for. This latest hack starts with an email, or more specifically, a file download from an email that looks legitimate. According to  LinusTechTips, a consumer technology review channel affected by the hack, the email appeared as it came from a potential sponsor and looked indistinguishable from an actual trusted sponsor email. From this email, the “hackers” were able to take the current browser cookie information and use it to log into the YouTube account. The article about the LinusTechTips breach on TheVerge states that when this happens, YouTube cannot lock down accounts or prevent any way from the account being taken over. If YouTube cannot prevent these hacks, prevention is fully on the account holders and associated businesses. How can businesses keep on top of their accounts and other aspects of technology that interact with public facing media?

ISO 27001 is a standard for implementing information security-based management systems.  With ISO 27001 as the framework for the management system, your company will be able to examine current and potential risks and define processes to manage each aspect of mitigation. Whether your company is a large corporation or a small defined business, ISO 27001 can be realized based on your goals and size. For example, when it comes to emailed based YouTube account hacks, your company’s management system can implement requirements or change permissions that would best suit the company’s needs. And if those potential risks happen to turn into actualities, the ISO 27001 built management system will include a process to target the specification of the risk and move upward to mitigate or limit harm to public appearance, budget, and more. To keep with the YouTube example, with implementation of ISO 27001, your company can have a plan in place to control the breach, assess and put fixes in place, while collaboration of stakeholders moves forward with public relations and outreach to provide information.

If you are looking towards keeping data protected and have more privacy concerns, DQS also offers ISO 27701 which extends the ISO 27001 Management System to the Privacy Information Management System. This system will aid in keeping personal data more secure and maintaining privacy within your business. ISO 27701 will assist in keeping your business compliant with United States data compliance protections. Although ISO 27701 does not have requirements to completely comply with European General Data Protection Regulation (GDPR) regulations, it can be used as the foundation as your company advances to GDPR requirements.

If you are looking to pursue ISO 27001, and possibly ISO 27701, DQS can be the Certification Body to guide you toward your management system goals. DQS has specialists that are available to answer your questions or concerns throughout the process. Our auditors are industry-experienced with strong technical knowledge learned through real world hands-on experience. DQS also offers training for different levels of knowledge for standards through DQS Academy. Whether it’s a high-level stakeholder looking to learn the basics to the IT professional handling security, there is a training that can aid in bridging knowledge gaps. DQS Academy also has a soon-to-be-released ISO 27001 Update Course that will dive into the updates and changes from ISO 27001:2013 to ISO 27001:2022. Sign up for our newsletters and follow our social media pages to keep up to date with new course offerings.

So, if you’re looking to integrate a management system to aid in your information security, or would like more information, we are happy to speak with you. And if you’re unsure if you’re ready for ISO 27001, or looking to attend training to learn more, we can assist you with that as well. Contact us at sales.us@dqs.de or use the form below to contact us.