No matter how small or large your company is, it is important that you have a plan to secure your information assets. Information security, also referred to as InfoSec for short, is the practice of protecting information from unauthorized access. This also includes, preventing unauthorized disclosure, use, modification, disruption, recording, and inspection of information.
Essentially, information security is the general term used to describe the process of protecting information assets, regardless of what form the given information may take. For instance, information that resides in a book is considered physical, while information in an electronic device may not be.
In business, it is not uncommon for organizations to collect customer data. Sensitive company data or information assets are also stored internally. This is largely why it is important that organizations pay attention to information security.
The Importance of Information Security
Data held on computer systems are usually critical to the operations and overall business of an organization. However, it is common for some businesses to neglect security until their data assets become threatened or otherwise stolen.
The purpose of information security is to preserve confidentiality, integrity, and availability. Let’s take a look at them quickly.
- Confidentiality – This ensures that only those with the right to view your information have access to them. This will help protect your company from internal and external threats.
- Integrity – This ensures that your data is reliable, accurate, and processed correctly. Accurate and reliable data will help your employees meet and/or exceed company expectations.
- Availability – This ensures that data can be accessed whenever it is needed or when it is requested. Thus, improving overall efficiency.
Types of Information Security Threats
There are several information security threats and as IT systems become more advanced, it is crucial that we can clearly identify these threats so that we may stay safe. In a 2013 TEDx presentation, Anish Bhimani, Managing Director and Chief Information Risk Officer of JP Morgan Chase, grouped potential security threats into two categories. These were disruption and fraud.
Disruption – This group consists of “hacktivists” and people who may hate big businesses or individual companies. These people can cost an organization a lot of dollars. Some examples are service attacks, website defacements, email hacking and other disruptions.
Fraud – This group of people are more focused on stealing money and intellectual property. This includes identity theft, banking information theft, and other information that may lead to cash.
One recent event in regards to information theft is the email hacking of Colin Powell, former top diplomat to USA’s former president George W. Bush. According to the NY Times, Colin’s email was breached and leaked online. You may be able to imagine the potential damages that have occurred.
Owning a Culture of Security Awareness
Information security has to be part of the day to day thinking of your employees. It has to be thought of and seen as an important aspect of your organization’s success. Although, IT generally handles the technical aspects of security, your employees should also be made aware of the many risks that are out there.
A good way to foster a security culture is to integrate it into your training programs. Everyone in an organization must recognize that they must be diligent when handling data, such as confidential client information. A strong security culture will instill a shared responsibility among associates.
How is your organization addressing information security? Let us know in the comments below. Additionally, you may contact us directly.