Info Security Management
Information Security Management
In businesses today, information held electronically in computers such as accounts, personnel records, product drawings, manufacturing data, sales/marketing campaigns and email, is more important than the hardware which houses it. Such information is vital to the continuing running of the business and yet it often is less secure than the £50 in the petty cash box.
If someone stole your petty cash you’d soon find out. But if someone stole a copy of a data file, for instance your customer list, would you know immediately? An effective information security management process is essential in order to protect this vital resource.
The objective of information security management is to implement appropriate measures in order to eliminate, or at least minimise, the impact that security related threats can have on your organisation. Crucial risks to the business need to be understood and made secure. Although these risks can change on a daily basis, if handled correctly, the benefits will soon be realised.
To address these risks, here are examples of ways in which ibd advisors can benefit your organsation:
- IT risks are identified and practical measures implemented to reduce potential incident impact
- The potential for business disruption is significantly reduced, as well as avoidance of potential damages and losses
- Maintaining confidentiality of personal data helps build your reputation as a trusted employer
- Ensure legal compliance (particularly for Financial Services sector)
- Competitive advantage in compliance for Public Sector tenders
- Promote a professional and respected image with partners, customers and suppliers
- Security provides your organisation with greater stability to consider plans for future expansion or diversification
At ibd we have a number of specialists who can design, implement and maintain a logical set of practical procedures and systems. These will be tailored to your needs to manage potential risks to your vital business data. If appropriate, they can provide a route towards a UKAS approved accreditation to the formal ISO/IEC 27001 standard.
The bi-annual Infosecurity report recorded that the average total cost of a typical UK company’s worst security breach incident has risen from £10,000 and £20,000 in 2008 to £27,500 to £55,000 in 2010.
Lack of attention to Information Security Management will leave a company at risk from a variety of threats, both internal and external. Engaging with an ibd adviser will help ensure that:
- All operating systems and applications are up to date.
- Anti-malware is installed and effectively used to prevent attacks by viruses, trojans, spam, worms, keyboard loggers and spyware.
- Policies regarding employee use of email and the internet are in place to prevent misuse and company liability. Including the use of social networks, instant messaging etc. relating to a business context versus private.
- Confidential or business sensitive files are secured using encryption.
- System access controls are established to restrict access to confidential peer information, or valuable customer data. Prevention of ex-employees or those under disciplinary procedures from removal, corruption or passing on data to unauthorised users.
- System and mobile device firewalls are put in place and demonstrated to be effective.
- Offsite back up of data is secure and a recovery exercise conducted to prove effectiveness.
- There is compliance to the Data Protection Act. Breaches, whether intentional or accidental, can lead to criminal prosecution and fines.
- IT best practice is introduced to all employees.
- The provision of data access should normal business access be denied, eg, fire in locality.
There is always a temptation to avoid taking action until the need becomes urgent, but as in so many areas of corporate risk, pre-empting the danger can save a business in the long term.
Talk to one of our Info Security specialists at ibd, who can assess your risks and advise on the most economic way to mitigate potential damage to your business.