In today’s world, companies need to be prepared to secure all assets including confidential documents and employee data, client enterprise data and customer data so that information does not get into the wrong hands. Companies should take all precautions and employ information technology security practices to avoid any compromised data in the event of a cyberattack.
So, what exactly is information technology security?
PriceWaterhouseCoopers has defined information technology security as “controlling access to sensitive electronic information so only those with a legitimate need to access it are allowed to do so.”
Allowing access to only individuals who need it is key in keeping technology secure. PriceWaterhouseCoopers notes the three main objectives for this as:
- Confidentiality – protecting access to sensitive data form those who don’t have a legitimate need to use it
- Integrity – ensuring that the information is accurate and reliable and cannot be modified in unexpected ways
- Availability – ensures the data is readily available to those who need to use it
Once these objectives are priority, there is much data that should be secured, including:
- Member Data: Social Security Number, Credit Card Information including Primary Account Number (PAN), CVV or CVV2 (security codes), and Credit Card PIN
- Personal Identifiable Information (PII): Full Name, ID Number, Driver’s License Number, Credit Card Information, Birthday, Birthplace, and Social Security Number, etc.
- Company Data: Financial Data, Assets, Employee Information, Business Plans, System Configurations and Requirements, Proprietary Software, Personnel Records, Member and Account Information, Budget Information, Security Plans and Standards, Encryption Keys, Passwords, PINS, Database Information, Authentication Information, Security Audits and Logs, IP Addresses, Regulatory Examinations
- Client Data: Contract Information, Statements of Work, Payment Information, Employee Information, Passwords, IP Addresses, etc.
- The Network: any and all networks should be secured
- Email: do not send out confidential and/or restricted information
- Desktops/Laptops: lock computer when away and ensure hard drive is encrypted
- Servers: servers that contain sensitive information should be protected
- Firewalls: must ensure these are configured properly to protect the network
- Phone System: phone systems also need to be secured
- Cell Phones: company cell phones and cell phones that receive work email should require a password
Stay tuned to Part II of this post with details on how technology security at your company can be improved.