In order to understand the real importance of information security, you have to understand the value of the information and the consequences of that information being compromised in some way.
Typically, enterprises hold an awful lot of information in their systems, usually personnel information, salary and other financial information, and their business plans, not to mention all the actual working data that is held about company clients.
They could also be storing trade secrets, lots of research and other information that gives them the edge over their competitors.
More and more, this kind of information is being moved from paper to digital and electronic storage and processing, as well as transmission across networks, inside and outside the company.
Because of this, the inherent security risks are much higher now than ever before and the biggest challenge faced by IT admins is how to keep that information safe.
When we leave our homes, whether it is to go to work or down to the supermarket, we leave them protected in some way. We lock the doors and windows and set alarms if we have them.
The same principle applies to the information we store on computers and network systems. Should any of the information stored be compromised, it can end up in the wrong hands and be used for malicious purposes.
More often than not these days, it is a legal requirement that a company takes steps to protect and secure all of the information that they hold.
When that information is not protected properly it runs the risk of a security breach.
The consequences of this can be quite severe – massive financial penalties for a start, not to mention possible lawsuits, the loss of their reputation and the loss of business as word gets around. Recovery from such an information breach can actually take years and cost vast sums of money.
The average cost per record of an information breach is around $3-400 – if 100,00 records were breached, the total cost is $30-40 million! About 70% of that cost comes from the loss of business following the breach.
In 2006/2007 TJX Clothing company was subjected to an information breach.
More than 45 million credit and debit card details were stolen and almost half a million customer records, including driver license numbers and social security numbers, went along with it.
The breach was thought to have been as a result of a lack of protections on the Wi-Fi network, which left their information open for all to see. The final cost of that breach of information is thought to be more than $1 billion.
Information Security Measures
There are a lot of things that can be done to protect information, and all of these must be covered under the company IT security policy:
- Use of strong passwords and regular changes of password
- IT policy that informs all staff of the consequences of leaving information unprotected
- Computer and anti-virus software updates to be done regularly
- Only using secure applications that come from trusted sources
- All employees to be aware of policy regarding emails. Many enterprises have email protection in place, a program that will scan every email that enters and leaves the organization before it can be opened
- Information should only be stored on company servers that have their own security protection in place. USB drives, CD/DVD drives should be disabled so they can’t be used and all information should be stored in central secure folders
- Daily data backups – once a system has been infected or the hardware is lost, so will important information be gone. Regular backups ensure that normal business can be resumed as quickly as possible
- Protect all forms of information, be they digital or paper. Paper documents should be stored in secure file cupboards and shredded when no longer needed. Access should be given only to those who need it.