Information Security is as simple as Confidentiality, Integrity, and Availability (CIA)
As businesses select hardware and software that is vital to operate, remember that these essential devices and applications increasingly become a target for attacks. Businesses want to be able to function with confidence.
Will data be kept confidential? Is Integrity ensured? Is essential data available?
After you look through the initial responses to these questions, ask another question -- How?
How is my data kept confidential? How is the Integrity ensured? Are audit logs maintained to demonstrate the claims of integrity? If my data is available, how do I make use of it? If there is a backup of the data, how long until I can access the information?
Data storage and backups need to be performed in a secure way. It is important that data is accessible and the ability to restore is paramount, in parallel it is also important that such data is kept in a confidential state and that unauthorized users are not able to read or manipulate data. This is where we need to look a bit beyond the simplistic view of CIA.
Every Security Solution Requires a Process, Plan and Practice (P3)
CIA + P3
The process should provide protection for the organization’s most sensitive data. Businesses who have requirements to keep customer or client data secure, should limit the number of people who have access to the data. There are steps for authorization, documentation, and secure management of the data being accessed. These steps should be administered by the relevant IT professional or business manager and should include a way of providing high level security including the appropriate permissions.
The plan is a vital part and the best first step of protecting your business. A cyber security defense plan is essential and something many small businesses tend to skip. Can your business afford to skip this necessary step? Identify and map your digital assets, the risks they face and the people responsible for managing those risks.
Check out these simple steps to do when creating your Cyber Security Plan
1. Switch to a secure email that is swept for viruses, archived and kept secure such as Microsoft Office 365
2. Move data to a central file server
3. Discourage staff from storing information on their local PCs
4. Backup vital data every day with local copies and in the cloud
5. Store critical customer and business information in a centralized location online such as SharePoint
6. Limit employees data access to their own project files
7. Restrict access to business information like human resource data, accounting and payroll to a limited number of people on a need-to-know basis
8. Encrypt all company laptops in case they are lost or stolen
9. Audit and document all physical security, locks, and alarms once a year
10. Updating your internet use policy with lawyers and train all staff
11. Ensure everyone in the company is familiar with all IT security policies and procedures
12. Hold annual employee training to keep security knowledge fresh
13. Spot-check regularly to make sure IT security is being taken seriously, and all protocols are being followed
All it Takes is One Employee to Cause a Data Breach
The practice is just as important as the process and the plan. Be sure to practice your plan just like those fire-drills in school on the sunny days in elementary school. Cybercriminals are diligent in finding new sophisticated methods to trick unsuspecting individuals into putting themselves at risk. Continuous education and monitoring to keep security top-of-mind and help strengthen the weakest links before it is too late. It is extremely important that you include your entire organization in this practice step for two reasons. One, most security breaches are the result of a team member making a simple mistake that leads to the crisis and two, everyone in the organization must respond in a rational manner to navigate the crisis.
As computing and networking resources have become more and more an integral part of business, they have also become a target of criminals. Organizations must be vigilant with the way they protect their resources. The same holds true for us personally as digital devices become more and more intertwined with our lives making it crucial for us to understand how to protect ourselves.
We are offering a Complimentary Human Security Assessment which will give you insight to your employees security strength. Turn your weakest links into your strongest defenses!
If you need assistance in charting a course for your organization's information security, contact navitend today at 973.448.0070 or info@navitend.com.
Contact us at 973.448.0070