Not many years ago, the concept of data security was virtually unheard of. You had to protect desk-top computers, servers and communications equipment, but not data. It was enough to have a good antivirus program and firewall, to make back-up copies from time to time and to keep the server room locked. Connecting a business to the Internet was not usual, electronic commerce was just a gleam in somebody’s eye, and cyber-attacks and cyber-security were two expressions nobody had heard of.
Things have changed a lot in recent years. Internet connections are an essential feature of any business in its communications with suppliers, customers or its own management team. E-commerce has gradually established itself as a major source of income for many organizations. Procedures have gained increased productivity and efficiency as technology has been brought in. Nowadays it is possible to use data and information in way unimaginable not so many years back. We can put into our pocket amounts of data that could never have been thought of in the past. In a relatively few years technology has forced its way gradually but inexorably into every corporate sphere. Today it is inconceivable for any business, whether it is large, small, or even a sole trader, not to be connected to the Internet or to carry out all its procedures by hand.
However, as happens in the real world, this new virtual scenario is not all one great bed of roses; there are also risks to be aware of. Connection to the Internet and computerization of the world of business have stirred up hordes of nosey parkers, criminals and cyber-attackers keen to steal company data, damage systems, or use our infrastructures for their own benefit. E-commerce has to pick its way through a minefield of different techniques for on line fraud, and portability of devices has brought with it the risk of the theft of sensitive information if a lap-top or a smart-phone is lost. New data-processing systems have needed the development and application of legal mechanisms for protecting sensitive information like personal details, while the large number of staff connected to corporate networks brings risks arising from simple ignorance of what can happen. Above all, there is no way of putting the genie of this radical change back into its bottle: we can no longer envisage reverting to accounts kept in ledgers, handwritten documents, or sending all our correspondence through the post. This implies a great degree of dependency. Without technology, there can be no business.
To sum up, we have entered a new era in which we do not manage computer systems any more. We now manage information, and we do so throughout the whole business, from the smart-phone of a rep all the way up to the Director General’s equipment. This has made it obligatory for security to be extended outside the boundaries of the computer department to reach the rest of the firm. This covers Human Resources, Legal Department, Administration, Logistics, in brief, any department whatsoever in the organization. If anybody manages information, that person must apply security measures.
To this end, and with a view to helping businesses to manage data security in their organizations in an integrated and organized way and to the best possible standards, INCIBE has produced a complete set of materials covering every one of the range of aspects that Information security management requires nowadays. All of this aimed at facing the transition of our organizations into the digital world with the highest level of guarantees, confidence and, above all, cyber-security.
If you are unsure what issues might apply in your company, use the tool that we provide below. Through a series of questions, we guide you on topics that may be of your interest.