Information is power: businesses depend on information to function, and also on the technology permitting it to be managed – computers, mobile phones and tablets, databases, communications lines and all the rest. We have become so accustomed to these advances that we take them practically for granted.
However, have you ever thought about what would happen to your firm if you suddenly lost all the information about your business or the ability to access it? How good is the cyber-security in your company? Your organization might well be exposed to threats that you cannot even imagine:
- That computer room situated right underneath the toilets of the floor above.
- That antivirus program bought in 2011 and never updated since.
- That customer database stored on a single machine, without anybody keeping a back-up copy.
- That access password for the billing program that is written on a post-it note stuck to the screen of a machine, just in case it gets forgotten.
- That lap-top with confidential information that more than once was nearly left behind in a taxi.
People unconsciously spend the whole day, from getting up until going to bed, constantly assessing risks, their consequences and the likelihood of their happening. Will the bus to work arrive late? Will we forget our partner’s birthday? Will we lose our wallet? Will our car be towed away because we are double parked?
Nevertheless, we do not always apply this to business matters. There is a very famous quotation that says that what is not defined cannot be measured. What is not measured cannot be improved. What is not improved always gets worse. Information security is no exception. Hence, we need a serious and objective approach to data security that will allow the risks to which we are exposed to be determined in a reliable way, as also how exposed we are to them and what the consequences are. At the present day, there is no point in trying to leave getting an insurance policy until the house is on fire.
To help businesses to evaluate the state of their cyber-security and progress to higher levels of protection, INTECO has made available a self-assessment kit specially designed for the purpose. Users are guided through a set of questions to determine the security status of their information, the threats to the functioning of their firms, and the aspects that should be improved. All of this is intended to start measuring, so we can start improving.