Article By Ricky Peterson
In this time of instability in the economy, information security is being pushed to the front of many companies. The economy has caused the presence of information and identity theft to increase substantially.
Studies show that most companies are “protecting the information function from budget cuts” which is a hopeful sign, but is it enough?
The most recent Global State of Information Security Survey says that, although information security budgets are not being slashed, CEO’s are expecting much more from them.
This could pose a problem if the CEO say make it work, and then leaves the security personnel to do what they please. Does this seem unlikely?
According to an article from computer weekly, there is a major disconnection between information security personnel and the upper management of the company.
According to the Ernst and Young global security survey, almost one-third of information security professionals never meet with their board of directors.
The CEO’s of companies need to take a more active role in the security of their information.
KEY FINDINGS
- Fraud
- Identity Theft
- Phishing
- Global Visibility
- How Secure am I?
- Compliancy
- Cost
- Social Networking Fears
- Two-factor authentication
- Encryption
- Hosted security
- Internet filtering
- Low footprint anti-virus
- BACKGROUND
For as long as there has been information security in a company, budget has been a problem. Many companies believe that their information is protected enough.
Others think that there are bigger companies out there so why would someone try and steal their information. Thoughts like these cause companies to put information security up on the chopping block first.
A statistic from spendonlife.com reveals that identity theft affected over 10 million people last year. This shows us that information security is not a trivial matter.
Another matter to watch closely is social networking. This is a concern due to the unprecedented growth rate of such sites. Information may be leaked intentionally or unintentionally via social sites.
An example was an over enthusiastic Microsoft employee recently let a few details about Windows 8 leak via a blog site. He more than likely meant no harm but the consequences of his actions may be detrimental to the company.
Attacks against your networks and computers must also be taken into consideration. Many companies are moving away from on site server banks and are going toward virtualization and cloud computing.
Many experts suggest that this will aid in security and data loss prevention.
STRATEGIC PLANNING ASSUMPTIONS:
- Virtualization
- Malware
- Offsite information storage
ANALYSIS:
Based on research the two biggest concerns for 2010 are the growth of social networking and the lack of funding. Social networking is a hot topic within companies this year. With the massive growth of blogs, Twitter, Facebook and Linkedin, it’s hard not to take notice.
Many companies realize the potential for marketing and PR if they utilize these sites. Allowing employees to utilize these sites can also improve employee satisfaction and improve their reputation as a hospitable and ethical company to work for.
The problem that arises is how do they keep employees from publishing things that should not be public. For that matter, how do they keep employees from using the social networking sites to connect with other companies and maybe sell trade secrets or be coerced into taking a different job with another company and carrying vital information away with them?
The other big concern is funding. The usual trend is when the time to write the budget comes around and they see something, somewhere, needs to be cut, Information Security is at the top of the list.
The reason for this is that it is hard for a CEO to see the long term benefits of a concrete security plan. Since information security has no momentary return, the only tangible thing in that is the funding going out.
If an Information security department is serving its purpose well, then there appears to be no reason to have one. If it is doing poorly, then the company may question why they are shoveling money into something that is not working.
IMPLICATIONS:
- Social computing can help and hurt your business
- Unnecessary budget cuts can cause great harm to your company
- Cloud computing can help protect your data but be careful
- Information theft occurs far too often and it can happen to you.
- Being too strict in regards to social networking may hurt more than you think
RECOMMENDATIONS:
- Create a plan for your company regarding social networking
- Let employees know what they can and can not say or do
- Be reasonable in your restrictions but firm on your rules
- Allowing some freedom may be great networking for your business
- Just because you haven’t been attacked yet, do not think yourself immune
- If budgets need to be cut do not look to Information security first
- If they can be cut elsewhere without causing too many problems avoid restricting info security as much as possible
- Cloud computing an outsourcing servers to other companies can help protect vital data by storing it in numerous places
- Be sure to check the company you are going to do business with
- Make sure they are reputable and have solid machines and security
- If using local servers and computers, invest in a low profile anti virus
- This type of software does not horde computing resources and protects your systems while still allowing your employees to be productive
The author, Ricky Peterson, is an Intern at Fortalice working under the tutilage of Theresa Payton.
