There is a lot in the press these days about cyber security, and for good reason. Hacks and ransomware attacks occur on a daily basis. But by limiting the conversations to IT, some of the largest risks never get attention.
For starters, cyber security only addresses the security of IT; things like viruses, spam and access controls. There are huge numbers of cyber tools with more being created every day, which is why you hear so much about it. Don’t get me wrong, these can be important tools when used as part of a larger information security program, but there are some risks that cyber tools just cannot address.
This is where information security comes into play. An information security program is about addressing ALL risks to ALL information, not just the technical. The objective is to protect the confidentiality, integrity and availability (a.k.a the C.I.A.) of information.
Following are some common areas typically excluded from the purview of cyber security:
- Physical environment where your information may exist:
- Access to office space
- Visible information on desks
- Information taken home or in transit
- Hiring practices:
- Vendor assessments
- Business continuity plans
- Incident response procedures
Each of these areas presents real risks and if not addressed, pose risks at least as great as a those dealt with by cyber security tools.
If you would like to learn more about a comprehensive information security program and discuss if your business should be looking beyond cyber security, feel free to reach out to us through one of the following methods:
- To contact our MD: Send an email to email@example.com
- To contact our Information Security Manager: Send an email to firstname.lastname@example.org
- Click here to submit a request for us to call back.