In this post, we are going to illustrate the definition of information and information security, the importance of information security and the role which organizational employees have to play, different types of cyber crimes that breach the safety of information, and finally, the ways that we can follow to ensure the information security.
This post will help you to understand the nature of the potential information security threats facing organizations today, recognize why we need to protect the confidential information entrusted to us, understand our responsibilities in supporting our information protection policies, properly handle possible or actual information security incident or data loss, be aware of the existence of the Confidentiality, Integrity, and Availability (CIA) model as the three most crucial components of security, and gain understanding on what are the specific actions to safeguard our information security.
What is Information?
Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected. Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected. All information is valuable but the increasing reliance on sophisticated processes and technology makes it ever more critical to us and an ever more tempting target for those wanting to exploit it. Information can be created; destroyed; processed; lost; stored; transmitted; corrupted; stolen.
What is Information Security?
Information security is sometimes abbreviated as infosec and is a set of practices designed to secure data from unauthorized access or modification as it is stored or transferred from a physical device or location to another location. Sometimes you call this data security. In other words, we can say all the processes and practices we can implement to protect our network, computers, applications, and data from attackers on the C-I-A triad. Efforts to maintain information security while knowledge has become one of the most important assets of the 21st century are becoming increasingly important. As the number of billion dollars of loss associated with Cyber Crime, we should essentially be careful about information security. Unfortunately, information security can be compromised due to the lack of knowledge and understanding of how to work in a comprehensive manner.
In an organization, we have to take information security very seriously. We can implement several controls in place to protect our assets, and securely handle the data of the organization. But the individual employee is the most important line of defense in all these controls.
Administrative Control
- Policies
- Procedures
- Guidelines
- Employee screenings
- Change control
- Security awareness trainings
Technical Control
- Access control
- Encryption
- Firewalls
- IDS
- IPS
- HTTPS
- Physical control
Physical Control
- Restrict physical access to resources and premises
Most importantly business survival depends on information security therefore each and every employees have a responsibility to help the organization to
- Protect information from a range of threats
- Ensure business continuity
- Minimize potential financial loss
- Optimize return on investment
- Increase business opportunities.
Know Your Enemy & Protect Yourself
There are several parties who can commit a cybercrime. Those are,
- Terrorists: The resulting cyber attack can affect voting processes, electrical grids, and the shutdown of important government facilities.
- Insiders: Estimated billions in losses and internal frauds.
- Common thieves: Why did you rob the bank? That is where the money is.
- Hacktivists: Anonymous people who force political opinion and agenda.
- Foreign nations: Stuxnet, Sony attacks, WannaCry
- Organized crime: Traditional mafia is outsourcing cybercrime to freelance criminals.
Basically, controls can be applied in an effort to protect the Confidentiality, Integrity, and Availability of information as the information security is based on the C-I-A model.
Confidentiality
Those are measures taken to prevent sensitive information from unwanted people while ensuring the right people have access to it. Employees in the organization must be aware of the risk factors, threats, and how to guard against them.
Integrity
This assures that sensitive data is trustworthy, accurate, and consistent. Security measures are taken to ensure that sensitive data is not being able to modify by unauthorized users.
Availability
If an organization went offline for a short amount of time, there may be a significant loss. Therefore, keeping the business operations is critical and we need to ensure that those who need access can maintain this access at any time.
How Can We Protect Our Facility?
Most of the time, a successful attack may originate with the attacker on the premise. Attackers can use a physical attack as sounding a fire alarm and causing the building to be evacuated. Physical access to the organization's buildings can lead to theft and allow them to launch a network attack. Regulations and laws need to be applied even in the event of an emergency and sensitive data must be protected. We can get the following actions to keep our facilities still protected.
- Employees as live beings in the organization should be on alert for who enters and exits buildings.
- If the organization provided access cards to the employees, you can consider employees not wearing access cards and accompany them to the security office.
- Employees can watch out for suspicious characters hovering around the workplace and the building premises.
How Can We Protect Our Network?
Network attacks are the most common technical threat. This can be a denial of services taking servers of the organization offline. And it can be lead to compromise of customer data resulting in loss of revenue and lawsuits. We can take the below actions to protect our network.
- Use secure protocols when transmitting data. ex: HTTPS rather than HTTP
- Protect physical access to systems by locking computers.
- Do not connect unknown systems to the network
- Scan all files before you download and download from only trusted sites.
- Encrypt your emails and sensitive files.
How Can We Protect Our Identity?
Personal Identifiable Information which also known as PII is any information that can lead to locating and contacting an individual and identifying that individual uniquely. PII may be full name, mother's maiden name, identification number, address, phone number, driver's license/road tax, biometrics, or other uniquely identifying characteristics. Information sharing leads to compromise as we share more and more about ourselves through various platforms. Our responsibility at work to protect the PII of customers as we protect our own PIIs as well.
Identity theft starts off with the attacker acquiring little information that ultimately leads to a wider array of information. It is the crime of obtaining the personal or financial information of another person for the sole purpose of assuming that person's name or identity to make transactions or purchases. Identity thieves may steal employees' and/or customers' data or even the organization's identity, putting its reputation at a risk. This may lead to
- Financial ramifications: Thousands of dollars in debt accrued in your name or scarred credit history or additional cost to resolve financial errors (legal fees etc.)
- Life-threatening complications: Medical mistakes due to misinformation linked to your name or trouble getting prescriptions if someone else has already claimed it under your name.
- Potential criminal charges: An identity thief may break the law while using your identity, leaving you to deal with the ramifications.
How to secure your personal info
- Be careful of your wallet as it contains all your sensitive information such as your identity card and driver's license.
- Review your receipts and compare it with account statemes.
- Shred receipts, credit offers, account statements and expired cards to prevent dumpster divers from getting your personal information.
- Store personal information in a safe place at home and at work.
- Watch out for shoulder surfers specially with coded-access to buildings when using ATMs.
How to secure your work place
- Sensitive information must be kept secured.
- Ensure the firewalls and virus-detection software are constantly updated on your home or your work computer.
How Can We Protect Against Malicious Websites?
Attackers make millions of dollars by tricking end-users. Rogue websites are used to collect information, intercept information, and distribute malicious software such as keyloggers that track all your keystrokes. In browser hijacking, if a site will not allow you to access any other sites and has homepage or search engine been modified without your permission, be suspicious. You need to be careful about websites "Buy Now" offers and pop-ups,indicates trouble and often "free downloads" install spyware or other applications on your system. Some websites will say that they have "Scanned your computer and havedetected viruses" should always be treated with suspicious. Poorly built websites where it is difficult to find the information you are looking for may be malicious. And if every link seems to lead to an advertisement, find more legitimate website to conduct your business.
- Avoid using suspicious websites.
- Use secure protocols like HTTPS.
- Do not ignore any security warnings that can save you from virus attacks.
- Do not download files from peer to peer sites. ex: BitTorrent.
- Do not change your browser's default security settings.
- Contact your security team if you have to face a difficult situation.
How Can We Protect Our Mobile Devices?
Portability makes mobile devices vulnerable and the Bluetooth is inherently insecure. Applications ofter share information with other applications across different platforms. Apart from that, contacts and other sensitive information are often easily compromised. We can take the necessary actions below to protect our mobile devices.
- Use strong passwords or passcodes.
- Disable Bluetooth when not in use.
- Backup and protect data.
- Enable remote wipe function and consider the "Find your device option".
- Be cautious about what you share.
- Download only secure applications.
- Do not enable information sharing between apps unless necessary.
- Don't connect to a working system or work network with personal mobile devices unless you have express access.
- Report anything which is not trustworthy, to the security team.
- Do not root or jailbreak your devices to leave devices open to vulnerabilities.
Good Information Security Practices
- It is better to shut down your personal computer when you are not in use and it is the best way to keep your security threats away from your valuable data/information. You can lock or log off the PC as well if you leave it for a short while.
- You can keep your systems/os patched and up-to-date.
- You can use strong credentials and protect them by not exposing them to any other.
- You can encrypt sensitive files to make sure the confidentiality of data.
- You can double-check the information that you are going to share or expose to others.
- You should never let anyone access your system with your own credentials.
- You should be on alert of persons looking for information and physical access to buildings.
- You should disable unsecured mechanisms.
- You should report any security breach or potential security concerns to your security teams.
- You should trust and use your own knowledge/intelligence if you are uncomfortable with anything.
Post a Comment