What is Information Security?
Ever wondered how we keep data safe and out of the wrong hands? Information Security is the art (and science) of preventing data from being lost or used in ways that we do not permit or intend, and limiting the damage if a breach does occur.
The kind of information that needs protecting includes:
- Contact lists
- Client records
- Electronic communications
- Information on new products
- Personal data
Information comes in many forms: Physical information, such as hard copies and printed documents, and virtual information such as digital records. Information security affects everyone, whether we are working in the office or we are on the road. Information is at risk from natural events and technical failures, but also through human error and carelessness. Crucially, information is also at risk from hacking and other malicious attacks. Some data is more sensitive than other data. Always ensure that you know the category of information you are handling, and its intended level of protection, and treat it with the appropriate level of security. You have a role to play. Help protect our information against loss and defend our company against attack.
Classes of Information
We classify information into four types. This helps us determine the level of security required for the different types of information we use.
This information is open to the general public. It has no legal restrictions on access or usage. Examples include press releases and publicly available marketing material.
Access to internal information is restricted to personnel with legitimate needs. Examples include company policies, internal memos, and internal communications. These are not intended to be shared with the public.
Confidential information contains sensitive data that may affect our employees, our clients, or our company. This data could include home address and phone number, birth date, gender, religion, or sexual orientation.
Restricted Use Information
Restricted data is confidential or personal information that is protected by law or policy, such as financial, personal, and health records. This requires the highest level of security protection.
Nia is in a coffee shop and her bag has been stolen. Two stolen items represent an information security concern for our company.
Select the two items.
- The ID card for her office.
- Her work tablet.
- Her purse containing her personal credit cards.
- Her driver’s license.
Losing a company tablet and ID card present an information security risk for our company. Losing a credit card or driver’s license could also make an individual vulnerable to identity theft or worse. Action should be taken to escalate the theft to the appropriate department. If you are unsure who to contact if you lose or damage company property, you can find out here. Personal losses should be reported to the appropriate agencies, banks, or other companies.
Nia needs to act immediately. She asks you what she needs to do to prevent a possible breach of the company’s information security. What is the first action she must take?
- Report the theft to our company’s IT department.
- Report the theft to her bank or credit card company.
- Report the theft to her insurance company.
- Leave her details with the coffee shop in case the bag is returned.
Thanks for helping Nia
Actions that will minimize the damage the thieves can do should be taken immediately. This means contacting our IT department and having them remotely deactivate the tablet. Skillful thieves would take little time in accessing everything on the tablet and possibly gaining access to our information systems. Nia should then contact her bank, credit card company, and the agency that issued her driver’s license. Remember, we classify information into four types. This helps us determine the level of security required for the different types of information we use.
It’s important that you:
- Recognize the risk of company data falling into the wrong hands.
- Know that you are responsible for security in the workplace and on the road.
- Escalate through the correct channels and remember that minutes count!