Why information security is so important in business? - May 16, 2015

Why information security is so important in business?

It is not an overstatement to say that information security is one of the most important things in business life, as we are working with our most valuable data. Sometimes we have to share our personal information (names, addresses, etc.) or banking data to do successful business, such as signing a contract, investing, trading on the stock market . Day by day, more and more of this data is exchanged on the internet, while all of us have heard of news of stolen credit card numbers, hacked bank accounts where great amounts of money were lost, or leaked company secrets. What can we do to avoid these situations?

First of all, information security depends mostly on the people, not on the technology - as security experts usually say. Most companies implement antivirus and firewall software, some restricts user rights on the company computers, but even the best and most secure systems are vulnerable when there is a careless employee, who forgets to do his or her part of keeping information secure.

Violating a secure system is easier than one would believe: a lost USB drive can leak sensitive data. Even an opened and forgotten document on a computer screen can do the same. Just like a contract or plan left on the table can reveal our most secret company information, like a new product plan to an unauthorised person. One could say that their office is always closed after hours, but every office needs cleaning, which is made by a person, and there might be an endless list of people who can have access to information like this.

Another thing that experts say is that the greatest danger is not outsiders, but employees, since they can access to crucial data even easier than people who are not involved in your business. Just for the record: the most popular passwords in 2014 were “123456” and “password” – so it is not hard to imagine how easy it is to hack an account with a passphrase like this.

This is one of the reasons why certificates like the ISO / IEC 27001 are paying great attention to the “small” details like this and see things as a whole. Information security is not only about technical details, but about a whole security management system that a company has to implement. A system that always checks and analyses itself, calculating risks and gives proper answers to them. This is utmost important since security is not a snapshot, it is not forever, but a long term goal and we always have to fight for it for our own good.

Disclaimer: Innovative Securities is an ISO / IEC 27001 certified company, which means that we are now among companies, which use the most secure systems globally.