Small businesses need to focus a little less on cyber security alone and look more at information security. This was one of many IT insights that Aeko Technologies CEO Brian Rodgers recently shared in an interview on The 360 View Podcast. Here are some excerpts from that interview.
What Is Information Security?
Information security is a set of practices that keep your information protected from unauthorized access, manipulation or distribution. Those practices include cyber security, which focuses on preventing IT assets from attack. Network security and application security work alongside cyber security because you can’t protect data on a leaky network or in an unsecure application.
Because so much information these days is digital and many of these areas overlap, these practices are often all lumped under cyber security and discussed as one. But that leaves out a critical part of the equation — non-digital data.
As the more broad term, information security encompasses cyber, network and application security, and helps companies to look beyond attack prevention to secure their business data.
User Access Reviews
One example of information security is a user access review, which looks at who has access to what systems. When employees leave a company, they take knowledge of their logins and passwords with them. If companies don’t remove those employees’ access or change shared passwords, then that data is not secure.
“I can’t tell you how many times we’ve taken over a new client and we do a review of users for the first time and there are people who have been terminated for a year that still have user accounts and may have logged in within the last month,” said Rodgers. “That kind of stuff is how the bad guys get in.”
Social Engineering Training
Another large component of information security is training people to recognize and not fall into social engineering traps that call for offline action. For instance, you get an email that looks like it’s from your CEO asking you to call a banking supervisor ASAP to resolve an account issue and providing you with the phone number to call.
That’s social engineering and the response to it that compromises your company’s banking credentials will all be offline. A company completely focused on cyber security will be more vulnerable to this type of attack.
Information security includes doing vulnerability assessments and training employees how to spot social engineering, whether it’s asking for online or offline action.
“You have to train users so they understand that they don’t just shoot their password over in an email or click on that link that says, ‘Hey, your mailbox is locked,’” said Rodgers.
Managed services providers (MSPs) like Aeko Technologies offer the full spectrum of information security and cyber security services to businesses large and small, in addition fulfilling other IT functions. If your small business needs some help or advice, reach out or book an appointment with Brian.
2022 Cyber Security Essentials Checklist
See where your business stands with these 18 critical cyber security controls established by the Center of Internet Security (CIS). Plus see the types of attacks most likely to impact your business.