Not so long ago, the issue of information security revolved around keeping physical hard drives secure – and preventing the unauthorized movement of data. With the advent of cloud computing, however, the game has changed entirely. And as a result of the changes that technology have brought, it’s fair to say that information security now represents one of the greatest risks to any organisation.
The additional risks from cloud computing have been augmented by the rise in BYOD – Bring Your Own Devices. More and more employees now use a personal device for work purposes, whether a mobile phone, tablet or laptop. Against that backdrop, it’s immeasurably more difficult to ensure that data is kept secure.
Some of the breaches that we’ve seen reported recently highlight just how serious the situation is. A monumental data breach at the Office of Personnel Management saw the personal data of 21 million current and former US government workers compromised, leading to the Director standing down from their position.
Sometimes, the damage may be primarily reputational, but it can also carry a huge financial price tag. A recent report from the influential Ponemon Institute puts the average figure at a massive $3.8 million.
Thankfully, however, even the most serious of security threats can be addressed through a combination of initiatives within the organization.
1. Always deploy high end antivirus protection
It may sound like a very obvious piece of advice, but it’s amazing how many organisations look to save a few dollars by opting for less reliable – and less current – protection software.
2. Use strong password protection
We know that it’s a mild inconvenience to move away from birthdays and other predictable passwords, but a really robust password is the first line of defence against security hacks. And the big plus, of course, is that it’s completely free of charge.
3. Have a security plan in place
You probably have detailed plans in place for every other aspect of your business such as finance or marketing – and Information Security should be no different. It should be comprehensive in its scope, and should also be updated regularly and communicated through compliance training to reflect new threats, new technologies and new solutions.
4. Conduct regular audits of your information security measures
If it’s not measured, it’s not managed – so make sure you regularly audit the measures you have in place, and how they may have been compromised with the passing of time. It can often be helpful to have this process carried out by third party experts whose day-to-day job is spotting security weak spots.
5. Implement effective Information Security training
The issue of security is part of everybody’s job – not just those specifically tasked with IT security. It’s essential, therefore, that regular training is carried out to ensure that all staff member within your organisation are up to date with the latest information on securing your data.
Want to know more about successful Information Security Training?
At Interactive Services, we specialize in developing Information Security Training and a range of other compliance training solutions. Working with clients across many industries including financial services, retail, healthcare and technology, we deliver custom compliance training solutions. Our CLC (Compliance Learning Center) is a compliance product we’ve recently launched which consists of 60+ compliance learning modules.
To find out more about what we can do for your organization in this area, contact us today.