Tuesday, December 7, 2010

10 Tips on Information Security- As a Responsibility

Information Security Is Everyone's Responsibility
Today we are living in a world, where everything we do; it is an information to someone else. This information have a set of protocols which include characteristics of Sharable, Confidential, Internal, External, Reliable, Authorized and Unauthorized. Forget about Nations’ struggling with the unauthorized usage of wrongly attained information in the name of Open Journalism; Corporate’ and Individuals also have a strong responsibility to protect the privacy, confidentiality and integrity of the Organizations as well as of all Stakeholders involved in the business which includes our valuable customers. These tips are common to every user who has access to electronic data.

1. Employee authorized properties that include Access to a Business facility – both physical like Access Cards and Badges, and also digital assets like Remote Access keys, Active Keys, Smart Pins etc should be duly secured. No tailgating or proxy usage of assets.

2. Printers /Scanners and Conference boards are one area that is widely forgotten. We leave behind wrongly printed papers without throwing them in the shredder and discarding properly. Leaving behind confidential data on the Smart Boards/ Conference rooms, without closing them properly is a risk. This information can be misused. Hence a word of caution

3. Our workspaces which includes computers and laptops have to be password protected and screen locked every time we step out

4. Usage of Authorized Software and only permissible Internet sites access is to be followed if instructed to do so, to safeguard the best interests of business.

5. Do not forward any emails or information that had been marked as Internal or Confidential. Sources of information to the open world are large and you don’t need to contribute to your own chaos

6. Updated Anti-Virus Software have to be in all the systems that you access. Especially in client network, it would be embarrassing to spread viruses from your system

7. Important for all employees to have an understanding of the Security Awareness initiated by the Organization. Completing of appropriate courses and trainings to this effect becomes important. Please be aware of any customer Non Disclosure Agreements that you would have to sign as part of your job responsibility. Be sure to understand the contents.

8. Be aware of the Incident Reporting Process and be proactive to inform any security lapses., both physical and digital to the concerned people immediately.

9. Periodical backups of data, preserving data using encryption passwords will save our face value at times of loss of laptops, or data getting stolen. Server backups and maintenance logs will help trace out any unnecessary activities happening in the Organization with the help of Security Administrators. So tighten this process.

10. Last but never the least, Individual Integrity is the top most important aspect. If you decide to cheat, or break a trust, it’s up to the individual…but remember no one is going to protect the unwarranted activity and one day the truth is the only thing that will be lived.

It takes several years to build a reputation and just seconds to break it…..Same applies to Organizations, Entrepreneurs, Professionals, Individuals and in our personal lives too!

Both Knowledge and Information is Power….as long as it is rightly put to use!

No comments: