Blog


← Back to BLOG

28
May
2020

Security Beyond CIA

Information Security is as simple as Confidentiality, Integrity, and Availability

As businesses select hardware and software that is vital to operate, remember that these essential devices and applications increasingly become a target for attacks. Businesses want to be able to function with confidence.  

Will data be kept confidential? Is Integrity ensured? Is essential data available?

After you look through the initial responses to these questions, ask another question -- How? 

How is my data kept confidential? How is the Integrity ensured? Are audit logs maintained to demonstrate the claims of integrity? If my data is available, how do I make use of it? If there is a backup of the data, how long until I can access the information?

Data storage and backups need to be performed in a secure way. It is important that data is accessible and the ability to restore is paramount, in parallel it is also important that such data is kept in a confidential state and that unauthorized users are not able to read or manipulate data. This is where we need to look a bit beyond the simplistic view of CIA.

CIA + P3 - Every Security Solution Requires a Process, Plan and Practice

The process should provide protection for the organization’s most sensitive data. Businesses who have requirements to keep customer or client data secure, should limit the number of people who have access to the data.  There are steps for authorization, documentation, and secure management of the data being accessed.  These steps should be administered by the relevant IT professional or business manager and should include a way of providing high level security including the appropriate permissions.

The plan is a vital part and the best first step of protecting your business.  A cyber security defense plan is essential and something many small businesses tend to skip.  Can your business afford to skip this necessary step?  Identify and map your digital assets, the risks they face and the people responsible for managing those risks. 

Basic Simple Ideas to Consider When Creating Your Cyber Security Plan

1.   Switch to a secure email that is swept for viruses, archived and kept secure such as Microsoft Office 365

2.   Move data to a central file server

3.   Discourage staff from storing information on their local PCs

4.   Backup vital data every day with local copies and in the cloud

5.   Store critical customer and business information in a centralized location online such as SharePoint

6.   Limit employees data access to their own project files

7.   Restrict access to business information like human resource data, accounting and payroll to a limited number of people on a need-to-know basis

8.   Encrypt all company laptops in case they are lost or stolen

9.   Audit and document all physical security, locks, and alarms once a year

10. Updating your internet use policy with lawyers and train all staff

11. Ensure everyone in the company is familiar with all IT security policies and procedures

12. Hold annual employee training to keep security knowledge fresh

13. Spot-check regularly to make sure IT security is being taken seriously, and all protocols are being followed

All it Takes is One Employee to Cause a Data Breach

The practice is just as important as the process and the plan.  Be sure to practice your plan just like those fire-drills in school on the sunny days in elementary school. Cybercriminals are diligent in finding new sophisticated methods to trick unsuspecting individuals into putting themselves at risk.  Continuous education and monitoring to keep security top-of-mind and help strengthen the weakest links before it is too late.  It is extremely important that you include your entire organization in this practice step for two reasons.  One, most security breaches are the result of a team member making a simple mistake that leads to the crisis and two, everyone in the organization must respond in a rational manner to navigate the crisis.

As computing and networking resources have become more and more an integral part of business, they have also become a target of criminals. Organizations must be vigilant with the way they protect their resources. The same holds true for us personally as digital devices become more and more intertwined with our lives making it crucial for us to understand how to protect ourselves.

If you need assistance in charting a course for your organization's information security, contact navitend today at 973.448.0070 or info@navitend.com.

Testimonials

  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance
  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • navitend’s approach to customer service is greatly appreciated here at TeamPar.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

    Debbie Broslawski TeamPar
  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics