Information is one of the most important organisational assets
Information security means ensuring the confidentiality, integrity and availability of data and protecting information and systems from unauthorised access, use, disclosure, disruption, modification or destruction. This has become more prevalent with the introduction of the Protection of Personal Information (POPI) Act. King IV has also placed greater emphasis on IT governance.
All organisations need to secure their data to ensure business continuity, reduce reputational damage and safeguard against non-compliance with laws and regulations. There are various processes which can be used to protect data stored in computers, portable devices, mobile devices, cloud platforms and various data media.
Security is everyone’s responsibility
An organisation may have the best security structure but if employees readily give out their passwords or let others tailgate them through secure doors, security is compromised. Companies must encourage users to read security policies and regularly conduct awareness training. Best practice also recommends the establishment of information security roles, periodic reviews of user access and monitoring network activities.
Safeguarding electronic communications
Social media, mobile phones, emails and the internet are a normal part of life but can create vulnerabilities to hacking. Practices such as phishing involve emails purporting to be from reputable companies to induce individuals to reveal personal information such as password or credit card numbers. Avoid clicking on links in electronic communication from an untrusted source and do not use personal accounts for business workflows. (University, n.d.)
Cryptography and passwords
Weak passwords can also create vulnerabilities. This can be avoided through practices such as password complexity, regular password changes, inability to reuse a password within a predefined period, password lockouts and checking staff audit trails.
Secure your computer
Software updates are important for all operating systems, platforms and browsers. The service providers of these platforms release the latest versions of updates and patches against spyware, viruses, spam and website spoofing. The following measures are useful:
• Antivirus software;
• Anti-spyware software;
• Complex and secure passwords;
• Checking browser security settings
Internet of things (IOT)
IOT encryption helps to maintain the integrity of systems, servers and cloud storages and prevents data sniffing by hackers. Management needs to understand that the potential impact of an IOT application systems outage and whether adequate measures are in place. Qualified IT security specialists should ensure that appropriate application systems are installed and secured (Somayya Madakam, 2015). Most companies outsource their information security function to expert service providers.
Inconsistent enforcement of policies
Many organisations underestimate the importance of information security and do not have policies and procedures in place, which makes it difficult to track down violations.
Employee awareness of information security is crucial. Many organisations do not conduct information security awareness during induction sessions with new employees, which puts confidential information at risk.
The following information security recommendations are proposed:
• Define crucial data in your organisation;
• Develop information security policies, procedures and processes and stick to them;
• Ensure employee awareness of information security practices;
• Install appropriate protection programmes;
• Back up data in case of data loss or modification; and
• Regularly assess your IT environment, including an independent audit and penetration tests.
By Zandile Precious Xulu – Junior IT Consultant at Ngubane & Co.
Somayya Madakam, R.R. (2015). Internet of Things. Computer and Communications.
Topalov, T. et al. (2015). An Overview of Essential Security Measures for Competitive Organizations. Inquiries Journal/Student Pulse, 7(10). Available: http://www.inquiriesjournal.com/a?id=1269.
UK Essays. (2013). Importance of Information Security in Organizations. Available: https://www.uniassignment.com/essay-samples/information-technology/importance-of-information-security-in-organizations-information-technology-essay.php?cref=1.
University, C.M. (n.d.). Computer Service Information Security Officer. Available: https://www.cmu.edu/iso/aware/presentation/tepperphd.pdf.
Business Essentials is Africa’s premium networking and business directory.
Read more from our Press Room:
Will it be a YES! to the proposed changes to the B-BBEE Codes?