The Growing Importance of Information & Cyber Security
Information security (Infosec) and Cyber security (Cybersec) – are two sides of the same coin, that is, data security. However, they as different as oil and milk. Users tend to use both the terms interchangeably. Things go worse when users adopt the same level of strategies for information security as for cyber security.
Here is a brief breakdown of what the two data security concepts mean in real life.
Information security in simple terms
Information security, on the other hand, deals revolves around data security. It covers the aspects of data integrity, confidentiality, and availability. For instance, a large number of paper records stored inside a filing cabinet is your data. Ensuring it is kept safe from destruction or loss due to fire, natural calamities, theft, etc. is information security.
In the present day world, since most of the data is in the digital form, the measures taken for ensuring their safety is also referred to as Information Security. It has entirely different responsibilities and functions compared to cyber security.
As said before, infosec revolves around data integrity, confidentiality, and availability.
Data integrity: keeping the data safe from all kinds of modification, alteration or destruction
Data confidentiality: Ensuring that access, knowledge or disclosure of data is made only to such people who are allowed to do so by right
Data availability: Ensuring that the safely kept data is always available when required in the exact form and structure it is stored in.
Cyber security in simple terms
Cyber security relates to ensuring safety and security for data and digital assets. Let’s take the same example of the filing cabinet. Ensuring that only authorized personnel who have the right to access the records are accessing the cabinet is cyber security.
In the online realm, it means user rights, server protection, Firewall protection and so on. No third party who is not related to the organization or has no business snooping around the data is given access to it.
The common thread that connects cyber security and information security
Infosec as well as cyber security, both take the value of data at paramount importance. In information security, unauthorized access to data in any form, be it online or offline is the central point. In cyber security, ensuring that there is no unauthorized electronic access to the data is the central point.
How to ensure data security through information and cyber security?
Infosec and cyber security go hand in glove to help an organization protect its data from any form of loss or unauthorized access. With concepts like BYOD, cloud storage, mobile apps, etc. becoming part and parcel of daily work, organizations have to take proactive action to safeguard their data.
Check out these simple and effective ways your organization can ensure data security.
· Implementing password hygiene
Telesign, a mobile identity company conducted a survey on 2,000 users in UK and USA to see how good people are at password keeping. The survey threw an alarming statistic that at least 3 out of 4 use duplicate passwords for accessing and modifying sensitive organizational data.
The need of the hour is to demand users (including employees) to secure their user accounts with long passwords with alphanumeric combinations. Easily hackable passwords like ‘123456’, pa#sword, qwerty, dragon, etc. should never be allowed for use. If possible, a list of common and easily hackable passwords should be circulated with the users to help them create better passwords.
· SSL encryption
SSL Encryption has become popular as a fail proof to ensure information and cyber security. Still, only 25 of the world’s top 25 websites use SSL encryption (as denoted by a green HTTPS sign on the address bar).
Google is now pushing the encryption movement to the next level by making a mandate for all websites to ensure SSL encryption. In the near future, websites without SSL encryption will have weak search engine rankings, will fail to work properly across popular browsers and most importantly, will fall prey to hacking attempts.
The best way out is to configure your website with a reliable SSL certificate. The trust seal of an SSL certificate will also inspire confidence in customers and help increase conversions.
· Offline data storage
Dropbox – a popular cloud storage platform recently suffered a security breach. Hackers stole account information of more than 70 million users, thus leaving the future of Dropbox in jeopardy.
Can such kind of sensitive information loss be prevented? Of course yes. If your organization has the practice of storing sensitive information in offline server or data storage units, this kind of security breaches can be prevented.
· Security audit
According to Verizon’s 2016 Data Breach Investigations Report, privilege abuse is the most common information security threat. More than 80% of 11,000 incidents analyzed by Verizon reported the unprivileged use of credentials being the cause of data loss.
Conducting regular security audits and reviewing who has right to do what will help eliminate the risk of unprivileged use. A security audit cycle itself can be created with employee participation to screen and identify potential lapses where unprivileged usage is possible.
· Change access rights periodically
One person having the right to critical information for a very long time is as easy as it can be for hackers to penetrate the system. Ideally, the access right along with the passwords must be changed periodically to keep the system strong and secure from external access.
The PwC US State of Cybercrime survey estimates organizations that do not exercise proper security control measures to incur as high as 4 times the cost due to security issues.
Should your business suffer such unnecessary costs? It is better to be proactive and set up sound information and cyber security measures than spend money recovering lost data and reputation! Not to mention the loss of profits that such security breach will cost current operations.
We don’t know how quickly Dropbox will be able to regain its lost reputation as a secure storage platform. But we do know that putting tight information and cyber security measures in place is a task easily done.