All of that is so … pre-internet. Today, we live with all kinds of digital helpers. We don’t want to give up our conveniences, and yet, to enable them, we find ourselves sharing information over a medium originally designed to make sharing information easier — without much regard for security. There were no baddies back at the dawn of the internet – or, so many believed in those early days.
Enterprises face a complicated, seemingly ever-growing set of measures to protect what they value most: the information that lets them run their businesses. Often, this means your personal data, too!
Beneath the jargon and the technology details, a few principles can guide us to a better understanding of the threats to our information security, and how to handle them.
“We are no longer securing computers. We are securing society.”
Be aware of security threats
Foremost is being aware of threats. This does not mean giving into paranoia. It means accepting that with the ease and convenience of online life come some very real dangers. Corporate data gets stolen, passwords get cracked and lives can be ruined.
No enterprise wants to see its reputation damaged because it didn’t take threats seriously enough.
How essential is your data?
Before a company can decide on how best to protect itself and its customers, it needs to get a clear picture of the data it is dealing with. For instance, everyone has a digital payroll system now, right? That’s pretty sensitive stuff: personal information about employees and their banking information.
But it doesn’t stop there. How about online transactions, or even a company’s marketing plans for next year? Both can be critical. In the first case, the company is responsible for its customers’ payment information, such as credit card data; in the second case, no one wants their competitors to get wind of their new strategy for winning market share next quarter.
It is also true that maybe not every bit and byte of data on a demo system is crucial and will bring everything crashing down if it goes offline for a few days. Keeping an up-to-date catalog of data with realistic priorities assigned to each part is key.
In fact, an up-to-date catalog of corporate assets, both physical and informational, is the foundation for meeting any security standard, or for making any kind of plan for when things go wrong – see below for more on that.
How safe are the outside services that you’re using?
Who has access to the enterprise payroll system we talked about earlier? Can you tell who last logged in and took action in that space? Is it online? Are all your cloud service providers reliable, meaning do they have the right security measures in place? How about HR? Inventory? Does the enterprise do online transactions supported by a third party?
After all, a company’s digital presence lives not only on the servers it maintains itself. It also partly lives in the services it obtains from others.
Can just anyone read your data?
All your users have a unique user ID and password, right? Does everyone use a strong password? Multi-factor authentication?
How about those who work remotely: does the enterprise make sure that people have access only to the data they need to do their jobs? Can you tell who accessed which application, and when?
How about encryption? Is the enterprise’s critical data stored in a way that it cannot be read by just anyone? How about when it is being retrieved and updated remotely? Is the data encrypted while it is travelling over the internet (so you know, it can be intercepted!)? How about once it reaches a workstation? And let’s imagine that your CFO went on a business trip and lost his laptop – that is, had it stolen. That could have been an existential threat to the enterprise if the data on his workstation was just sitting there as plain text, protected only by a weak password. Luckily for you, your IT team made sure that everything was encrypted to prevent bad players from getting eyeballs on it. Furthermore, the data was backed up on a company server. Consequently, the problem was reduced to the inconvenience of replacing the lost laptop, rather than revealing company secrets.
There are many facets to this question and many ways to handle everything it implies. We do not have the space here to explore all the ins-and-outs, but developing an understanding of how our data can be accessed – both legitimately and not-quite-legitimately – is a good start to help make the right decisions.
Can you retrieve information that you’ve lost?
Oops! One of your servers developed a problem and stopped working. Maybe it has been acting up lately? Slowing down before an actual crash? Nothing to joke about, it happens. Equipment wears out. Maybe someone was too slow to schedule that upgrade they’d planned. And there’s always the question of the CFO’s lost laptop.
The real question is how long it will take for your IT team to get you up and running again from a backup?
What was that? Your back-up failed to restore properly? You didn’t test the restore procedure? Oh, dear. Or you did and it restored beautifully, but the data is from last Tuesday and a lot has happened since then? Maybe your company grew so fast that your recovery procedures failed to keep up. Well, congratulations on the rapid growth, but…
Do you have an information security plan?
What this really comes down to is whether or not you have a plan. Does your plan identify the threats you are likely to face? Are you worried about aging equipment or how to enable remote workers to do their jobs efficiently, yet safely? Ransomware? Are you protecting your website’s visitors against infection by malware?
Are you keeping your plan up-to-date? Let’s be real: it’s a challenge.
The right time to put an incident recovery plan in place is long before anything goes wrong and then to review it regularly. Once the fur starts to fly, you’ll be glad you did.
An information security starting point
This by no means is a comprehensive exposé on information security. There’s no room for that in a blog. But we can raise awareness and highlight a few key principles that you should keep in mind so that we all better understand what is at stake.
At Inoria, we are held to the highest standards by our customers who are leaders in their fields and some of the biggest technology providers in the market today. Our innovative contact center solutions and services must meet the same standards of excellence that our customers demand.
We strive every day to deliver the best, most-forward looking ideas so that our customers’ operations keep running smoothly, without interruption and with constant vigilance against whatever misfortune throws our way.