One of the most daunting questions for business owners and managers is “how do we secure the massive amount of information spread among our employees, clients and partners?” It is a question that can be overwhelming and in some cases costly. Extremely costly if your company has a data breach and valuable information is lost and potentially costly in the implementation of a security protocol that is in someone else’s hands. But it doesn’t need to be overwhelming or even costly if you understand some basics of information security.
What is Information Security?
Evan Francen, CEO of FRSecure says “information security is the application of administrative, technical, and physical controls to protect the confidentiality, integrity, and availability of information.”
In order to fully secure the information your company has, you need to have a full understanding of what information you need to secure, who has access to it, and how is it handled.
Known as “people controls,” these are your company’s policies, standards, procedures, training methods, awareness campaigns etc. A majority of all information breaches start here. Admittedly, one of the cheapest ways to secure your information but at the same time can seem confusing and restrictive.
Controls such as firewalls, anti-virus software, file permissions etc. should be driven by administrative controls and not the other way around.
Physical controls includes door locks, security cameras, alarm systems etc. If someone can easily steal your server, does it really matter what’s on it?
Essential Security Concepts
To protect your information you must have a sense of confidentiality. Ensure that only those people who are authorized to have access to information are allowed access to that information. You should also make sure that you have integrity to the information and make sure that it cannot be altered or changed without proper authorization. The availability of your information should be seamless as possible in order for your business to run smoothly. If someone needs access to information quickly but the person who is responsible for authorizing that access is on vacation, it might very well bring your business to a halt.
Many of these things can and should be implemented in an open environment of cooperation, consideration and with good communication. If everyone understands the possible likelihood of something bad happening and the impact it would have if it did, most people will happily comply to make sure that it never does.
KLH – Minneapolis IT Managed Services Provider
Scott Johnson COO, KLH