Are You a Business Owner or Manager? If So, You Had Better Know About Information Security

You, as a manager or owner, have the duty to secure confidential information. Why? Cybercriminals and other digital intruders are looking for easy marks and cybercrime is on the rise. You and your organization are targets.

Many laws and regulations also require that you be diligent. Lack of awareness can't be used as an excuse. Failure to address information security is clear evidence that you have been irresponsible. You may even be fined or found to be liable in a lawsuit. Regardless, your business can be irreparably harmed by security breaches.

You put yourself and your business at risk if you ignore information security. Managers and business owners are responsible for the confidentiality, integrity and availability of information under their span of control.

Owners and executives are the only individuals with the authority and responsibility to assure the protection of information assets. Managers and owners have the clout to design, review, monitor and implement information security plans. Organizational leaders must be the ones to specify information security plans and hold employees accountable.

Business owners and their management teams have a fiduciary responsibility to their customers, clients, and shareholders to protect confidential and sensitive information. Many state and federal statutes now require that information be protected and have specified that reasonable measures be taken to secure digital assets.

The author, an information security specialist, grows weary of trying to convince business owners that it's in their best interest to secure mission critical data but is still trying.

Here are a few cyber security precautions that an owner or manager must consider doing:

1. Treat the securing of confidential and sensitive information as a business process just like accounting and finance.

2. Take inventory of all information assets to include an understanding of how each asset is used.

3. Identify the vulnerabilities and threats faced by your company. Conduct a formal risk analysis.

4. Develop and implement a formal information security plan.

5. Begin and follow through upon a strong information security training for all employees.

6. Follow security best practices that align with professional standards.

7. Conform to your state and federal regulatory environment.

8. Create a business continuity plan that assures the continual operation of your business.

9. Document your due diligence efforts.

10. Review and assess your security posture on a continuing basis

The type and volume of information that businesses and organizations hold today is incredible. Much of it is critical to the long-term success of an organization. Cybercriminals are doing their best to steal, damage or deny companies the use of their resources. Business owners and mangers must now stop treating the privacy of the security of electronic information they have as an afterthought.

The key to a successful security plan is the owner or manager. Employees, suppliers and customers take their cues from leadership. The attention paid to keeping an organization secure determines the safety of digital assets.

Failing to treat information security as a business process guarantees that the organization already suffers from significant vulnerabilities. The company is destined to suffer major losses when risks are realized and significant financial losses or legal liabilities occur.

Dr. William G. Perry is an information technology specialist with significant experience as a university professor, author and contractor for various federal agencies. Perry is also the own of Paladin, an information assurance organization. http://www.paladin-information-assurance.com


 By William G. Perry, Ph.D.


Article Source: Are You a Business Owner or Manager? If So, You Had Better Know About Information Security