Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
National Cybersecurity Awareness Month is finally upon us. The National Cybersecurity Institute has plenty of activities to go along with this year’s theme: “Our Shared Responsibility.” Information security is absolutely a shared responsibility. It is not just about relying on anti-virus software to protect your data. In reality, an information security security plan cannot be successful without support from three main sectors.
Businesses can invest millions of dollars in top-of-the-line security software, but without proper employee training, the point is almost moot. Hackers have perfected the art of social engineering, or manipulating basic human instinct to gain access to private information. Companies also have to consider insider threats in their information security plans. If employees are not informed on cybersecurity best practices, they could be adding unnecessary risk.
Aside from all that, cybersecurity professionals who are trained to assess and manage risk are vital to making an information security plan successful.
Even with the right people and technology, an information security plan may be unsuccessful without a well-planned and properly executed process. The National Cybersecurity Institute emphasized the important of constantly testing your network’s security and making the necessary adjustments based on the results of those tests. It also said that performing regular backups of your data, and then testing and storing those backups off-site was crucial to information security.
Without technology, cybersecurity would not even exist. To say it is the most important aspect of modern information security may not be entirely accurate. However, technology is certainly vital to your company’s data security systems. Anti-viruses, anti-malware and other protection software will help mitigate the risk of unwanted access to your systems. Businesses can also use technology to get feedback on the effectiveness of their information security systems and train employees on cybersecurity practices.
If any one part of the system, whether it be people, processes or technologies, is weakened, information security plans cannot perform as they were intended. This leaves businesses and their data at risk to cyberattack and information theft.