Need of Information Security in Today's World

Sriram Naganathan, President – IT & Digital Initiatives, Liberty Videocon General Insurance Company

Information security is an asset to all individuals and businesses, is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Balanced protection of the confidentiality, integrity and availability of data are the essential pillars of Information Security. In the age of the Internet, protecting information has become just as important as protecting one’s property. Every day we take steps to protect the things that are important to us. We set the alarm systems on our homes, put our valuables in safes, and lock our cars. The reasons we do these things are simple - we don't want people, whom we don't know or trust, to get hold of our valuables, and also we don't want those valuables to come to any harm. Only some members of the family, yourself included, have the code to the alarm, the combination to the safe, and the keys to the car. This is just an example of one kind of security that we practice in everyday life.

In reality, there are many things that could be considered as information that we need to protect. We might have personal medical or financial records that we want to keep private. We usually don't want everyone in the world reading private emails or social media posts that we send to our friends or family. We also want to keep certain things, like our passwords, credit card numbers, and banking information from getting into the wrong hands. Information security isn't just about keeping secrets, though. It also records and tracks access to documents, which we don't want to be destroyed or erased or misused.

While equipment theft is a real problem, the most damaging aspect is the loss of data and software in an organization which may also cause reputational damage. Sources of damage such as computer viruses, computer hacking and denial of service attacks have become more common, more ambitious and increasingly sophisticated. The percentage of organizations reporting hacking incidents has trebled, with mobile devices as a new target. Not all breaches are the result of crime; inadvertent misuse and human error play their part too. Virus infections are still the single most prevalent form of abuse. Quite commonplace and just as destructive as crime, are threats like fire, system crashes, and power cuts.

Keeping one’s information secure is a responsibility that all employees share and fulfill by following the three pillars of ‘Data Protection’ in their daily actions. Every employee must imbibe these:

1. We protect our identity

2. We secure our data and devices

3. We detect and report data security incidents

The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher. On average, organizations that are found non-compliant with data protection obligations can expect to fork out at least 2.71 times more money getting into and proving compliance than if they had been compliant in the first place. According to a study, globally non-compliance costs for organizations ranges from USD 2.2 million at the low end to over USD 39 million at the high-end.

We can implement information security at an organizational level is by ensuring following steps:

1. Implement a culture of security – A top down approach of compliance to security and responsibility must be made visible to the entire organization. Engagement activities and on-job training for employees on the same will elicit awareness and sense of responsibility.

2. Adherence to compliance – Ensuring adherence to compliance of storage and destruction of confidential data is of prime value.

3. Implementation of document management – Creation of a comprehensive document management right from its creation to disposal will help protect important data. The organization must regularly review the data it creates/ collects, retains and disposes off in secure manner.

4. Secure off-site work information – In the era of flexi working, organizations must implement tabs on the information and the quantum of information an employee/ user is able to access when working from offsite locations. Implementation of safeguarding procedures and policies are necessary to plug any potential leak.

Protecting confidential organizational information assets is a journey rather than a one-time event. It primarily requires a structured way to identify crucial data, understand current business requirements, employ applicable access, usage and distribution policies, and finally monitor outgoing and internal communications. Ultimately, what is of utmost importance is to understand that the ramification of not establishing a system to secure non-public information from inside out can be really daunting. After all prevention is better than cure.