Cyber Security in Pharma: Practical Ways to Manage Risk and Gain Competitive Advantage

In my last blog, I talked about one of the key ways I believe Pharma companies can differentiate themselves from their competitors, as well as addressing challenges around GxP and GDPR compliance, and that is by tackling the thorny issue of cyber security.

We only have to open a newspaper or turn on the news these days to hear about some new cyber threat which has caused major disruption to businesses, and there is increasing pressure in Pharma to ensure that everyone in the supply chain has taken adequate measures to protect their business from cyber threats, since it only takes one organisation in the supply chain to be unable, for example, to ship product, for widespread disruption and reputational damage to occur to all parties.

So today I wanted to talk about practical ways in which pharma companies can implement effective cyber security policies, processes and technologies that will dramatically reduce their risk and help to elevate them above their competitors and put them at the front of the queue to win more contracts.

Firstly, I would say that it is vital that a joined-up approach is taken to cyber security management, as in the ever evolving threat landscape, it is nowhere near enough to just be relying on one or two technical measures like some anti-virus software and a firewall. Rather the company’s cyber security strategy must involve the Board, as well as technical personnel, and be formulated as an integrated suite of risk management measures encompassing business processes, technologies, staff training and procedures.

As a starting point, I always recommend that pharma companies we are working with look at the Cyber Essentials scheme, a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. Whilst by no means protecting against every possible threat, the cyber essentials scheme does provide a framework for good practice around cyber security, covering five technical controls:

1. Boundary firewalls 
2. Secure configuration 
3. User Access control 
4. Malware protection (including Ransomware) 
5. Patch management 

Already the government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme, and there is no doubt in my mind that this will become the de facto standard which one day every business in the UK will have to achieve, as organisations increasingly demand that everyone in their supply chain is certified to at least this minimum standard of cyber security management. In the interim period though, those Pharma companies who choose to implement these types of standards and accreditations early on, are immediately giving themselves a competitive advantage, by presenting themselves as a low risk option to their potential customer and winning more points in tenders by demonstrating they are taking cyber security threats seriously and acting accordingly.

We are already in the throes of working with several of our clients to Implement Cyber Essentials, which, aside from the obvious commercial benefits, they see as having a plethora of other business benefits including assisting with MHRA and HIPAA compliance, demonstrating care of personal data for GDPR compliance purposes and ensuring that their company’s risk of suffering costly downtime and/or reputational damage is minimised.

Whilst Cyber Essentials won’t protect your business against every possible cyber threat – and in my next blog I will go on to talk about the different types of threats that exist in more detail, and some of the more sophisticated ways you can mitigate the risks around these threats - it certainly provides a very good foundation as the first step towards good practice in cyber security management.

If you would like more information on the Cyber Essentials scheme or you would like to explore ways in which you can successfully manage your business risk around cyber security and gain competitive advantage, please do not hesitate to contact me on 0118 920 9600 or email james.stratton@connexion.co.uk when I will be happy to arrange a no obligation conference call to discuss how Connexion can help.

--------------------------------------------------------------------------------------------------------------------------

Established in 1994, Connexion Ltd provides IT consultancy, IT services and IT support to mid-size Pharmaceuticals, Clinical Research organisations, Biotechnology and Medical Device companies throughout the UK. Our focus is on delivering IT solutions that create real value to our clients' businesses. Working closely with our customers’ in-house IT Managers, our structured and managed approach to delivering IT is paramount in ensuring our clients can maximise the business advantages technology can offer them, whilst minimising their risks and maintaining regulatory compliance. For more information about our services for pharmaceutical businesses please visit our website http://www.connexion.co.uk/pharmaceuticals/