Get an insight into the five major principles of infocomm security to help you plan your own strategy for data asset protection at a level you can afford.
When investing in IT security, SMEs have to balance affordability with the potential damage that would be caused by the loss of valuable information.
More and more companies are using computers as a strategic business tool. So it is vital to make sure their IT systems are protected against security threats. When looking at investing in IT security, SMEs have to balance affordability with the potential damage that would be caused by the loss of valuable information. There are five major principles to infocomm security.
1. Define and Assign Roles
Businesses need to have an overall management framework that implements, operates, monitors, maintains and improves infocomm security. This typically includes organisational structure, policies, planning activities, responsibilities, practices, processes and resources. Essentially businesses should ensure there is clarity on who or which department is responsible for ensuring security compliance, reviewing processes and ensuring enforcement. In many companies, infocomm security roles and responsibilities are not clearly defined or assigned. Clearly defined and assigned roles make sure everyone in the company understands the role they play in maintaining the overall security of critical IT assets.
2. Ensure the Alignment of Security Policies With Business Objectives
Another key security practice is to ensure the adequacy of disaster recovery planning, incident management and training. This helps align security policies with business objectives. Businesses need to identify critical information assets, such as customer information and financial data and review threats to and the vulnerability of these assets. Businesses can then have a better understanding of their risk profile and prioritise efforts to address security risks. Security risks that could affect critical IT assets should be immediately tackled. For example, if a business is located in a flood-prone area and important sales order information is kept on a server on the premises, this is a high-risk area that needs to be addressed immediately.
3. Establish a Multilayer Framework
In cyberspace, hackers can be anywhere. Business infocomm networks are vulnerable to external and internal attacks. Businesses should not depend on a single-layer security approach. Many companies simply implement one security device, such as a firewall, at their Internet link to secure their network. But this will not protect them against an internal attack. A better practice is to adopt a layered approach that covers security for the network, servers, desktops and applications. Businesses also need to control both physical and logical access to infocomm resources and services for more comprehensive security. A process must be in place to report violations and suspicious access to valuable resources and services.
4. Strengthen the Human Link
The human factor is a critical link in the security chain of any business. People who are ignorant of infocomm security practices or are not infocomm security conscious tend to cause incidents. Establishing accountability for user actions and enforcing it is vital to ensure users understand the consequences relating to policy violations. For example, staff must be informed about policies regarding the downloading of non-work related files onto company computers and running unauthorised programmes on company laptops, as these can introduce malicious software. A good way to get these messages across is an infocomm security awareness programme for staff. For example, talks and training workshops can be organised, and education material such as posters and handbooks distributed.
5. Create A Business Continuity Plan
Disaster can strike without warning. A comprehensive business continuity plan will allow a company to recover and restore partly or completely interrupted critical functions within a predetermined time. Companies should develop and regularly test their business continuity plan to make sure it remains effective as the business model changes over time. Scenarios such as a regional power outage or fire at the office can be simulated to make sure a business can continue to function effectively. Any weakness identified can then be addressed and the business continuity plan updated immediately. As SMEs embrace infocomms to grow, it is critical that they implement security measures as an integral part of the process.
According to IDA's 2007 Annual Survey on Infocomm Usage by Enterprises, the top three most commonly deployed infocomm security measures by enterprises are Virus Checking or Protection Software (57 per cent), Anti-Spyware Software (45 per cent) and Firewall (44 per cent). Infocomm security is something that businesses cannot afford to neglect. Be safe by implementing some protective measures to safeguard your business.
- This article is contributed by the Singapore Infocomm Technology Federation (SiTF), a member of the Cyber Security Awareness Alliance.
- This article first appeared in The Business Times on 10 June 2008 and information is correct at the time of publication.
Back to SMEs' Spotlight
