Having the right tools is only part of the battle
The number one question we get from prospective clients is “Do you do Cyber Security?” We understand why: cyber attacks are getting bigger, with entire systems and infrastructure needing to be rebuilt after ransomware attacks. Customer information is stolen, impacting the confidence customers have in you. As a business owner, it’s smart to be aware of the risk of a cyber attack on your business.
But there’s a problem: whenever media reports on cyber attacks, they use words like Cyber Security or Cyber Protection to describe the attack. Experts will say that they are “Investing in more Cyber Security”, but what they should really say Information Security instead. That’s because cyber security is just one piece of the puzzle of overall security. And what you’re defending isn’t really your devices, or your network, but your information. That’s what hackers want: your data, your customer data.
There are three main pillars of Information Security:
Technical Protection
Technical Protection comprises all of the tools businesses use to keep their networks and devices secure: from firewalls, to password protectors, to anti-virus blockers. Secure browsers, closed networks, encrypted email and communications, etc.
These tools are like a fence: they stop unwanted hackers, programs, and viruses (or at least, they slow them down) but they have nothing to do with what’s inside the fence. And while important, they can only do so much.
Administrative Policies & Procedures
Imagine that fence, surrounding your business. It might do a good job of keeping unwanted visitors out. But that fence has a gate, and if you don’t know how to lock the gate, the entire fence might as well be useless. Adding a team of security guards to patrol and watch the fence, then respond when the fence is cut or bypassed improves the fence’s effectiveness exponentially.
As a security firm, we can equip you with all manner of security tools. But to be secure, you and your employees need to know what your tools do and how to use them. More importantly, you need to know how to safely save your data and information so that if hackers get past your tools, you are still secure. You need to know not to log into personal accounts on company devices. You need to know how and when to make backups of your data, and where to securely store that data so that hackers can’t reach it.
And when an attack does happen, you need to know what to do, who to call, and how to prevent more damage from being done. We call those Security Procedures.
Physical Security
In the movie Oceans Eleven, the thieves need to gain access to the Bellagio’s network so that the casino’s security would have no idea they were being robbed. Instead of attacking the network by computer, the thieves did something different: they used balloons to block a camera, and an IT uniform to gain access to the servers. From there, hijacking the casino’s feed was as easy as pressing a button remotely.
It’s cool when it happens in the movies, but physical attacks to hack information happens all too often in real life. Physical Security measures include things like keeping doors locked, keeping your server room secure, and shredding important papers. Physical Security is a crucial, yet often overlooked, part of Information Security.
Learn more about Information Security
Sign up for our newsletter and receive our free ebook in your inbox
The world of IT and Information Security can seem like it’s deliberately confusing. In Cyber Defence 101: Choosing Your IT Partner, Principal Consultant Scott Birmingham walks you through the common questions you have and demystifies IT and Information Security systems.
Get your copy by filling out the form! Available as EPUB and PDF.