Cyber attacks are becoming more sophisticated – and more frequent. That’s why protecting member data is a top priority for us at LPPA.
From robust systems to expert oversight, our IT Service Manager, Paul Stokoe, shares six key ways we’re keeping your information safe.
1. Cyber security strategy
- Layered defence model: our systems use a layered approach to security – protecting everything from the outer perimeter to the data itself. This means that even if one layer is compromised, the others are still there to keep things safe.
- Trusted cyber accreditations: we’re certified with the standard, ISO 27001, and the government-backed accreditation, Cyber Essentials Plus. This means we meet trusted UK and international standards for cyber security and information management.
- External testing processes: to keep our systems secure and up to date, we bring in external experts each year to test for any weaknesses, and we regularly update our servers and devices – making sure critical fixes are applied within two weeks.
- Advanced firewall protection: we use advanced firewalls that block anything unfamiliar by default, and follow strict processes to control any changes. This helps to protect our network’s perimeter from threats.
2. Training and assessing
- Observing user behaviour: we use a range of AI-enabled software to keep an eye on user behaviour, detect anything unusual and provide tailored training, especially after simulated phishing tests. If an employee keeps failing the tests, we follow escalation steps, while those that are successful are rewarded to encourage good behaviour.
- Mandatory awareness training: our employees receive regular mandatory training to help them spot phishing emails, create strong passwords and respond effectively to security incidents, including simulated breach scenarios.
- Regular desktop exercises: we undertake scenario-based exercises that test our plans to handle a cyber attack, including the stages of detection, containment and recovery.
3. AI and behavioural monitoring
- Managing risk: we use several AI tools to spot potential hacking attempts (such as unusual online activity or suspicious login patterns) and alert our IT team to any threats.
- Enhancing call privacy: we use AI tools to filter out background noise during customer calls, helping to protect members’ privacy.
4. Data protection agreements
- Third-party safety: we use supplier checklists and accreditations to help reduce risks when sharing data outside the business.
5. Backup strategies
- Immutable backups: we use immutable (unchangeable) backup processes to prevent tampering. Offsite backups are also encrypted and stored in a secure data centre.
- Firewall restrictions: our backup appliances are protected by IP restrictions and secure credentials.
6. Monitoring and incident response
- Security operations centre (SOC): we use this centre to monitor LPPA’s systems 24/7 and alert us to any signs of compromise.
- Monthly service reviews: we hold regular reviews with our SOC provider to analyse incident trends and refine detection capabilities.
- Working group meetings: attended by people from across the business, we hold these meetings to focus on LPPA’s cyber security. They aim to highlight any areas of concern and address risks as and when they arise.
- Threat intelligence: access to the latest cyber threat intelligence as it happens, including from our SOC, NCSC (National Cyber Security Centre), allow us to remove threats at the earliest opportunity.
Data protection privacy policy
At LPPA, we’re committed to keeping data safe. If you want to know more about how we use, share, and store your data, click below to view our privacy policy.
