Information security and why it matters to you
You are busy doing your job. You may give little to no thought about what happens to the information you generate. However, information security is critical whether you are a start up, an entrepreneur, or a global enterprise. Every business creates, uses, and disposes of information. In today’s world every piece of information could be a financial and legal liability. Protect yourself and your business from identity thieves, internal fraud, and privacy breaches. Take common sense steps now to secure your physical and digital data.
Components of information security
Information security is a broad topic that can seem overwhelming. To help you better see how it can be implemented in your business, we like to break information security into three key components: confidentiality, integrity, and availability. Think of these components as goals. The way you achieve these goals can be scaled to the needs and resources of your organization. Keep this in mind as we delve into the details of information security.
Confidentiality
Confidentiality is about protecting information from unauthorized access. This means you need some type of security, but confidentiality is more than security, it includes processes and training. For instance, you may have a file room that is locked. That is security, but if you have no clear, written process or training for when items are placed in the file room or who has access to the file room, you cannot guarantee to any reasonable degree that the information is confidential. For true confidentiality that will meet standards of reasonability, you must have written processes, active training, and security measures to protect, limit access to and track access to both physical and digital files.
Integrity
Integrity is all about preservation. It does no good to protect confidentiality if the data is degraded and useless when you need it. In certain contexts you may be called on to prove the integrity of your data, specifically in legal situations. For physical files you need to protect them for water and high humidity, fire, and pests. For digital documents you need to have back up systems and duplicates. There are software solutions that check the integrity of digital files and can restore to previous versions if errors are detected. Depending on the size and needs of your business you may need to consider this type of system.
Availability
Availability is the counter balance to confidentiality. Protecting and preserving information is critical, but you must also make data available to authorized personnel when they need. To accomplish this you need some type of indexing system. This will show where different files are located, identify who is allowed access, and track all access. Again, keep in mind that your system can be as simple or as sophisticated as your business requires.
Before we move on it is important to note that while in an ideal setting each of these three components would be equally important and in balance, in the real world one may need to outweigh another. For instance in the banking and financial world, integrity may be the main focus to guarantee accounts remain accurate, where as in the healthcare industry confidentiality is considered the most important in order to meet federal regulations and protect personal information. That said, even if one component is more important to you and your business the other must still be taken into account.
Why do you need information security?
- Security and privacy breaches: Unauthorized access to client data and business critical information can not only cause your clients to suffer from fraud and identity theft it can place your entire business at risk.
- Internal fraud: Without oversight of your files you open the door for an employee to take advantage of your lack of security and steal money or use information for personal gain.
- Loss of reputation: People do business with enterprises they trust. Breaches and fraud tarnish your reputation and lead to a loss of the public’s trust.
- Laws and regulations: Failure to establish and maintain information security can lead to fines, penalties, and even prosecution under several state and federal regulations.
- Civil liabilities: Every file you have represents a potential liability. If it ever falls into the wrong hands, you can be sued and required to pay damages.
Now that you understand what information security is and what it matters to you, it is time to get started creating a system that protects both your physical and digital files. In order to achieve confidentiality, integrity, and availability, you will need to create a records information management (RIM) system. To learn more about how to get started, check out our 9 step guide to create an RIM strategy.