Day: February 24, 2014
SECURE YOUR INFORMATION, STRENGHTEN YOUR BUSINESS
Information is readily available today than it was before with the massive internet resources, increased cheap storage capacity, the phenomenal take up of Cloud computing and social media thus generating new threats and vulnerabilities. Technical equipment and systems are designed to be function and feature rich, not necessarily secure for instance; Windows PCs only had a built-in firewall recently! This means an increase in Information risks and a rise in security breaches for business systems.
However, all is not lost. Adhering to the basics will help to protect from many of the cyber-threats our information systems face today.
“80% of cyber attacks could have been prevented by having basic security in place” ( Paddy 2012).
A clarion call for SMEs to up their game
In all areas the number of attacks and, more importantly, the cost of these attacks has risen but the major impact is the cost on SMEs who are now seeing incident levels only previously seen by large organisations.
This is a worrying trend but perhaps not surprising. In general SMEs spend the least on protecting from an information security incident and are therefore an easier target.
7 BASIC SECURITY CONTROLS TO PROTECT YOUR BUSINESS
These basics will go a long way in Information systems more resilient.
1. Passwords – The use of strong passwords, regular changing of passwords and not reusing already used passwords will help. It is easy to forget passwords if they are changed too often but writing on a sticky note under the keyboard or on the monitor is not a bad idea.
2. Patching – Patching is paramount in protecting your IT hardware and the information it stores from today’s cyber criminals3. Anti-Malware – Install Anti Malware (Anti-Virus) and keep it up to date. In concert with patching anti-malware provides the best means of protecting against new types of attack.
4. Access – Restrict access to your valuable information to only those that need it.
5. Admin Rights – Remove ‘admin access’ from those that don’t need it. Microsoft has made good inroads with regards ‘built in security’ with their latest operating systems, so consider upgrading.
6. Firewall – Work behind a firewall that is switched on! Even the inbuilt windows firewall is better than doing nothing.
7. Encryption – In the ever more mobile workplace encrypting the devices that hold your valuable data becomes essential. Regardless of what the data is stored on (laptop, smartphone, tablet, usb drive or even a humble CD) it’s the data that needs to be protected so if you can’t encrypt the device you really need to consider whether the risk of having the latest (cool) device is worth the risk of losing that valuable data.
Don’t forget, once you have your systems protected test them to make sure the controls have been implemented properly and make sure nothing has been forgotten (Dave, J., 2013)
REFERENCES:
Dave J., 2013. Information Security for SME’s- Cyber threats, Information Security Incidents and Security Controls Retrieved from < http://www.ascentor.co.uk/tag/information-security-for-smes/> [Accessed] February 24, 2014.
Paddy k., 2012. Protect Your Systems from Cyber Threat with 7 Basic Security Controls. Retrieved from< http://www.ascentor.co.uk/2012/02/protect-your-systems-from-cyber-threat-with-basic-security-controls/ >.[Accessed] February 24, 2014.
APPROPRIATE INFORMATION SECURITY FOR SMEs
SMEs basically lack interest in Information Security Management and are incapacitated to do anything about it up to the present time due to lack of motivation and Information Communications Technology (ICT) not being operation critical for their existence and competitiveness. This is rapidly changing given the importance of SME’s to the UK economy and their increasing reliance on Information Technology , it is essentially vital for the UK business world to enable SME’s to do the Information Security they need as efficiently and effectively as possible.
There is increasing pressure building from legislation (for example Data Protection in the UK/EU) and industry Regulations (for example Payment Card Industry – Data Security Standard abbreviated as PCI-DSS) to affect Small and Medium Enterprises (SME’s) that previously only really concerned larger enterprises.
Recently, organizations like the Information Commissioners Office (ICO), the Information Security Awareness Forum (ISAF) and the Information System Security Association (ISSA) have started to turn more of their attention to the ISM deficit in SME’s.
The information security profession has “cut its teeth” on military and large enterprise infosec challenges. SME’s are the next “frontier”, and we need to identify what we can use and reuse profitably from the large enterprise infosec experience without reproducing too many of the mistakes made and identify what needs to be built from scratch due to the different SME perspective and changing environment.
To tackle this, research should be carried out on how we can leverage the lessons of ISO9001 and ISO27000 series of standards, CobIT and ITIL, and more recently the Information Security Management Maturity Model (ISM3) to develop something appropriate for the SME community in general.
REFERENCE:
Allan Wall (2014). Information Security for SMEs- Your Attention Required. Retrieved from http://www.itilnews.com/ITIL_Information_Security_for_SMEs_-_Your_Assistance_Required.html> Retrieved on February 24, 2014.
MSCISSUSANCOLE 