Sunday, October 31, 2010

Is Your Information Safe? (companies) *

The scary subject of information theft or “cybercrime” has been growing recently, nearly as much as Information Technology itself is growing,  articularly in the emerging markets of developing countries like Brazil, where economies continue to register strong performances. With this dynamism, companies and individuals need to be more prepared for cybercrime because larger economies attract criminals, people who make some money illegally through information theft. Cybercriminals may even harm corporations with the publication of strategic data.

Because of the complexity of this subject, I will be addressing each aspect separately. First, we will look at information security for companies, and in next month’s article, we will consider the security of personal information.

In recent years, information technology and communication have evolved rapidly, causing organizations to use greater efficiency and speed in decision making. In this context, the importance of using security mechanisms for storage of information is vital to the survival and competitiveness of all organizations. In the past, the issue of information security was much simpler because the files containing the information were printed on numerous papers and folders and therefore could be locked up physically. But with the arrival of computers, this issue of information security became more complex because today most computers connect to the Internet, therefore opening the door to security vulnerability. Additionally, data in digital format are portable, and this fact makes these information assets attractive to thieves. And there’s more - many unsafe conditions can affect information systems such as fire, floods, electrical problems, dust, fraud, misuse of systems, social engineering, war, kidnapping, etc.

Unfortunately, what we are seeing today is that many companies don’t give due weight to the issue of information security. To deploy effective information security within an organization, issues such as risk analysis, definition of security policy, and a contingency plan must be addressed. However, often there is no awareness of the security issuefrom senior management. Or, if they are aware of the risks, they believe the costs of adequately protecting their information are too high. Therefore, they believe the best solution is to reduce as much as possible any risk to data while maintaining integrity and availability within the information systems.

One of the most important and fragile areas with information security is people because everything is interconnected, from the contingency plan to the security policy, which is linked to user awareness, and so on. Technical solutions don’t address all security, so it is necessary that concepts relevant to security are understood and followed by everyone in the organization, irrespective of hierarchical levels. We will talk more about the security of your personal information next month.


* Article published on Curitiba in English.