Today we live in highly connected world. We are using technology to access anything at anytime from anywhere. With this globalization and easy access, there are growing concerns about unauthorized access and malicious use of information.
In the recent report of Allianz Risk Barometer for 2019, the risk sitting at the top position was “business interruption” for the seventh year in a row with 37% of responses and most importantly it was joined by risk of “cyber incidents” with equal 37% responses for the first time.
We still remember the havoc created by Ransomeware attack and the kind of damages it created worldwide.
As a pursuant of distance MBA and future manager, you must be aware of growing threat on information security. Let us understand some of the critical aspects of information security.
Information Security
Simplest explanation of Information security is about protecting data or valuable information from unauthorized access. But that is not all. Information security has not just remained as some act which one can do whenever needed.
Information security or infosec is a practice of preventing or reducing probability of unauthorized access, use, disclosure, modification, inspection, recording, and destruction etc. of information.
Why information security?
Imagine user name and password of your banking account is stolen by a person with malicious intent. You may have to suffer a big financial loss. We know that we have many such critical data points which are personal information like username, password, identity cards, credit cards etc. We need to protect these so as to avoid financial losses.
For businesses, this problem of protecting valuable data is with multifold severity. Businesses not only store their own data but also the data about their customers. Businesses have information about their products, patents, unique procedures, things like source code, drawings, maps, strategies, financial information and most importantly confidential information about their own customers and clients.
If this information is not adequately protected business may incur not only financial loss but this can also result in erosion of goodwill and possibility of litigations also.
Every business organization small or large have to ensure that information security program or practice is in place so that the business can continue as usual. Implications of not taking adequate measures can be disastrous.
This is not one time activity. It is a continuous practice which needs to be followed by the dedicated team. It is like guarding our fences by the army from enemies and intruders. Irrespective of taking lot of such measure, there are incidences where a small loop hole was exploited to gain unauthorized access.
Latest information security incidences
Here are some of the latest security breaches happened in 2019 and more which you can find on internet. I am including some of them here to show gravity of the situation.
- In January 2019, Blur the software which secures all the personal information you put online faced an information security breach. The breach impacted around 2.4 million users. Exposed information included user first name, user last name, some password hints, encrypted password.
- More than 24 million mortgage and banking documents were exposed publically in an online database for minimum duration of two weeks. This data was from a company Ascension which works in data analytics in the financial services domain. The exposed information included names, addresses, dates of birth, Social Security numbers and so on.
- Alaska’s Division of Public Assistance suffered hacking attack which exposed names, social security numbers, date of birth, addresses, health related information, and income data for the people who applied for government programs. The data of about 100 thousand people was accessed.
- A leading title insurer in the U.S. real estate market named First American Financial Corp became victim of massive data leak in month of May 2019. Around 885 million personal and financial records were found unprotected on its website.
Implementing information Security means ensuring CIA
Protecting data or information means protecting its confidentiality, integrity and availability. This is called as information security triad or CIA.
Confidentiality: Protecting credit card data of your customer. Data breach in this case may cause loss of goodwill, invite litigation and business loss.
Integrity: Protecting company data from unauthorized modification. Failure to maintain integrity would result in wrong accounting and financial information. This would affect company from many different ways.
Availability: Ensuring that authorized person can access the data whenever required. Unavailability of website to sell the product due to hacker attack can result in huge losses.
What is in there for pursuant of distance MBA
As we have seen from above examples, information security is becoming a big concern for every organization. Threat to information security does not vary according to the industry or domain. With digital economy, it is getting into limelight. Along with value of data due to security breach, loss of reputation and possible litigations are some of the important issues.
Now, companies have to start doing active risk management based on the kind of business and other risks they are exposed to. Based on their size, organizations are doing investments in technology to strengthen information security, backup and restore mechanisms, implementations of business continuity and disaster recovery plans.
As a manager, one must be aware of the information security and its impact. If ignored, it can threaten the very existence of the business itself.
