Information Security is the same as Information Technology – right? So, it is up to the boffins in the IT department to keep the computers safe from those hacker people I hear about on the news all the time – right?
Let’s take a step back, What is Information Security? What is Cyber Security? What is Data Security? – take a breath and let’s take another step back. Security is about protecting something from someone and we all have a part to play in security in our day-to-day lives. For example, think about the school route and precautions we take to ensure that our little special ones are safe at school. Before we left the house, we shut the windows, alarmed the house and locked the door. There is no 24/7 security guard involved or any policies or procedures to adhere to, but we understand the basic principles of security. The whole process was to stop somebody getting access to something they shouldn’t.
Our original set of questions focuses on something either you call it ‘information’, ‘cyber’ or ‘data’, whether it is tangible in your hand or not because it is in the digital world of ones and zeros. The latter point makes you assume it is those boffins in the IT department but in fact, you are the ones with the power because you are the one handling client information, HR information, payroll or even the one who opens up the shop to the public to purchase the products. In fact, you are the one involved in security, just like the home you left this morning for work.
Now the penny has dropped for you and you understand you are part of the bigger machine, you are now asking yourself, “What I am going to do with this newfound power?”.
Cue, the Information Security Officer!
Every business should have somebody either internally or externally that understands the organisation’s approach to security, (and not just IT security). That somebody will be in a position to train you on how the organisation manages information security and how you arm yourself against the bad people, also known as hackers.
That’s not all.
That information will transform how you see the world, not instantly but it will. How? Good information security practice encourages reporting of something called ‘events’ and ‘weaknesses’, giving you even more ability to point out something that might go wrong that could affect how good the security is at the organisation you work at.
“Did you know that the emergency door doesn’t always lock?”
No panic stations, but that door can now be fixed and the physical security integrity restored without an actual incident, therefore the information / data remains safe because of YOU!
Do not wait for IT, find out about your organisation’s information security management system and who is your local information security officer. Is there more advice you can get externally?