What is Information Security, and why do you need it?
Information Security (InfoSec) is the protection of data and information. This protection can be while the data is stored, while being transmitted over any given network, or even while being processed within an application. In addition, the data should maintain a level of confidentiality, integrity, and availability. Security threats towards this data can come in many forms. Here we will talk about some common ones, and some newer threats becoming all too common.
External threats are maybe the most commonly thought of threat, and there are plenty of examples. The term “hacker(s)” has become the blanket term for anyone that tries to gain unauthorized access to technology. Theft or destruction is not the only reason for hacking, but whatever attack is launched, the hacker is usually looking for some type of monetary gain. One of the most recent external threats is ransomware. This attack uses a software application that encrypts all of the user’s data on a hard drive, and the user then cannot access the data without paying the ransom to get the encryption key. This type of threat is becoming the new normal, as encryption software is becoming more readily available to end users. Also, the data on the respective hard drive is a total loss without the encryption key, so this is a great reason to have backups of all data, and even having multiple backups at several locations.
Internal threats are less thought of, as most end users do not understand the cost of data loss, unless it happens to them. Some internal threats are targeted, and others are unintentional. Targeted attacks can be done by any employee, or ex-employee, that has access to the data with a legitimate user ID/password. This user can then steal the data, or erase the data, and thus the attack is successful. Some unintentional threats are when users are working on files, and the file is accidentally deleted as part of a larger folder clean up, or when a file, or folder, is moved by accident due to a mouse being drug across the screen with errant clicks. Again, having a good backup system in place can help in these scenarios, but also, having other system functions in place can assist.
Information Security should be an important part of doing business. Data can be the most valuable part of some businesses. Having a backup system in place will help in keeping data secure. In addition, user training should be a part of Information Security, so that employees can understand the importance of the company data, and how attacks can happen.
“Information Security is the protection of data and information.”