Public Access

Community storytelling.

This post was created by a member of the Public Access community. It has not been edited for accuracy or truthfulness and does not reflect the opinions of Engadget or its editors.

Editor's Picks

Image credit:

Why your business needs an internet security policy

nalicej, @jalicintaa
10.26.16
6 Shares
Share
Tweet
Share
Save

Introduction
The internet has become a valuable resource in any business today. It has helped to ease communication, advertising, and sales among other business aspects. However, the internet has also become a major threat to security in a business. Any organization relies on information as an important asset. Therefore, keeping information safe from loss, theft, misuse or damage is critical. A business may take up measures such as installation of antivirus programs, and firewalls as well as physical security in a bid to protect their network. Unfortunately, this is not enough security since some of the things users do are the ones that leave a network vulnerable to outside attacks.

It is crucial to keep in mind that allowing access to the internet will expose a business system to threats such as hackers, spyware, social engineering, denial of service, backdoors, and viruses among other threats. Failing to control how users access the internet may result to loss of important information, stolen credentials, corporate espionage, and even stolen financial data. Some users may also misuse the internet which could result to legal issues as there are international laws that address how the internet and computers should be used. The electronic data stored in a business system is more vulnerable than printed data.

As businesses continue to become connected to the global market it becomes necessary to have solutions that will help minimize any possible threats. Information should be safeguarded using three concepts that include confidentiality, integrity, and availability. Many cases of successful attacks are continually being observed making it necessary to protect a business' network.

Securing information
Information is an important asset in any business, whether it is sensitive or vulnerable information. A business collects information for internal use and stores confidential information. Once business owners understand the type of data they deal with, then they can be able to formulate safety measures for different types of information. Before the internet became a major resource information could simply be stored under lock and key. The reliance on the internet for information exchange creates a need to properly secure the information whether in transit or stored.
Securing information involves maintaining the confidentiality, integrity, and availability of the information asset. To achieve information security in a business internet usage policy should be applied while making users aware of threats and how to avoid them. Unfortunately, it is not possible to entirely stay free from threats, but implementing a security system will reduce the impact of threats.

When information is shared with the authorized users it becomes valuable to a business, enabling it to perform its operations smoothly. However, users should know that a network system connected to the internet is open to attack by malicious attackers and automated programs. Automated attacks are able to easily attack a system since they can continuously replicate without the need for human intervention. It is good to keep in mind that attacks can also be carried out by seemingly trusted people. Some human errors done unintentionally may also cause serious damage to an information system. Human errors may be as a result of inexperience, making incorrect assumptions, and improper training of users. Therefore, employees should be considered a great threat to information security and should not be ignored when making security plans.

Risk Management
A successful security program should include a risk management process which is a crucial management function in a business. Although risk cannot be entirely avoided managing it will help reduce possible threat impact. A risk management plan involves identifying possible risks, measuring the risk, and formulating necessary measures to control the risk. All concerned parties should be involved in matters that deal with risk management. Proper training and awareness should be carried out by experts in the security field.

In planning for security a strategic plan should be developed to enhance other security measures. An internet usage policy should detail who should access the internet and for what purpose. General usage of the internet should be well detailed and should include disciplinary measures for those who do not follow set instructions. To ensure the policy is followed continuous monitoring should be conducted by the relevant personnel.

Although an internet usage policy is just a document, enforcing its application helps in protecting information. This is because it outlines the acceptable and unacceptable user behavior. All users despite their position in a business must comply with the set policy.

ear iconeye icontext filevr