How Can Organisations Ensure that Information Held within their Information Systems is Secure - Essay Example

Information in Organizations Introduction The business environment is highly competitive in the 21st century as free market economies, which run by the principles of supply and demand, are becoming more prevalent. While no economy is completely a free market economy without any government intervention, most economies are at least partially free market. This intensifies competition as businesses seek to attract customers based on prices, quality, and other unique selling propositions. An essential part of the business process is the processing and dissemination of information. Businesses rely upon accurate and quickly gathered information regarding markets, products, customers, ideas, and other aspects concerning the business, in order to properly plan and implement their future strategies. Businesses must also keep accurate records of their past, current, and future plans in order to function in an organized manner (Martin, pg. 256, 1973). As businesses must take due care of their possessions and assets to prevent damage or theft, businesses must also protect their information from being stolen or misused. While assets may be quite expensive and valuable for the firm, information is worth much more and has a higher risk involved. Cyber crime is at large in today’s technologically advanced world, in which thieves do not attempt to take physical assets from people, but directly aim to access intangible information, which is regarded as more valuable. Corporations keep their information safe on computers that are locked with passwords and only staff is permitted to access the information. However, often there are instances of information leaks or access to restricted records by competitors, which causes the business immense damage. Hackers and other cyber thieves access important information to commit frauds or to manipulate the business’s financial records. Many times, large amounts of cash are transferred from the business account to other accounts and they become irretrievable (Kankanhalli, Teo, Tan, & Wei, pg. 145-147, 2003). There are thousands of ways that businesses can suffer harm through the access of their personal information. Account numbers, financial information, customer records, meeting plans, and new business strategies are all recorded on computers and it is regarded as a safer place to put such information rather than in paper form where it is easily accessible to all. Unfortunately, while computers may be the safer place to put such information, saving it from ordinary people and ordinary thieves, yet it is still considerably unsafe from technologically perceptive cyber thieves and hackers. Hence, businesses must take several measures to protect themselves from cyber crimes and keep their information safe (Conway, Maxwell, & Morgan, pg. 220, 1972). Discussion Before the electronic means of controlling the access to data is discussed, it must also be noted that information may also be disseminated through employees and through simple discussion conducted by employees with outsiders. Businesses also take measures to protect themselves from such situations as they are perhaps more likely to occur than even cyber crime (Conway, Maxwell, & Morgan, pg. 218, 1972). As mentioned above, employees are a primary source of information about a company and are the people who are given access to a company’s databases. The first and foremost method a company uses to protect its information from being openly disclosed or discussed is through a confidentiality agreement between a company and its employees. This legal document binds the employee within a secrecy agreement and ensures that the employee agrees to keep all the information regarding the company and its strategies confidential. In the case that such information is dispersed by the employee, the employee will be liable for losses and legal action can be taken against the employee. Information is also protected from employees by restricting confidential and highly important information to a certain level of staff. Lower level staff and managers may not be given information regarding the strategies or operations of the company that do not have any role in the employee’s department. Lower level employees may also not be given data regarding important information about the company’s past, present, and future prospects and may have restricted access to company records. Such information may only be available to higher-level staff that are trusted and carry a higher degree of responsibility (Tipton & Krause, pg. 75, 2004). In the same way, the company must also restrict its information from consultants, lawyers, and other parties through confidentiality agreements. Auditors and government staff are also subjected to secrecy agreements, which prohibit them from disclosing information to third parties. Hence, in the instance of information leaking out or being disclosed to third parties, legal action can be taken against the party that disclosed the information in compensation for losses incurred (Martin, pg. 345, 1973). While some employees may disclose information verbally, it is also possible to pass information online or electronically. Hence, information and activities online or on electronic systems are monitored on a central system. Information is controlled through the usage of passwords and codes, which enables only the employees and staff who have these passwords to access the information. Some information that is restricted requires special permission to access from the highest authorities in a company. Hence, the company only reveals this information to employees with special and signed permission from higher-level managers (Tipton & Krause, pg. 34, 2004). Businesses also use several technological inventions to control information and keep it safe. Technology such as firewalls is used to prevent unknown users and computers from accessing databases and information in the company’s main system. There is also other software, which prevents hackers from accessing important information, which are known as anti-hacking software. This software prevents other computers and hackers from accessing information or breaking into the companies’ accounts. If attempts are made to access a company’s accounts or databases, the hacker or computer from which such activity is initiated is tracked easily. This makes it easy for the company and the authorities to track such behavior (Peng, Cui, & Tan, pg. 238-239, 2002). Companies use such measures to protect their data from being dispersed or used in an inappropriate way. Unfortunately, despite using such measures as firewalls and passwords, many data and company files are being broken into and a large amount of information is leaked through the company system. Hence, firewalls and passwords nor the highest level of anti-hacking software is preventing such break-ins. Companies are currently adopting further ways to properly secure their data from theft and misuse (Peltier, pg. 75, 2005). Another method of protecting a company’s data from theft and misuse is encryption. Companies may encrypt important files and set permission-based entry into those files. Only people who have permission to access these files can open the files and read them. To anyone else who tries to open the files, the files will not be readable as they will be encrypted and in an indecipherable language. Encryption is one of the basic methods used in protecting information from unauthorized access. However, even encryption is not an unbreakable method of protecting data. High tech hackers can break into the encrypted code to read the data and information stored. Hence, even further measures are needed to properly protect data from theft and unauthorized access (Peltier, pg. 82, 2005). Since it is highly expensive to put security codes on all data and properly protect all data, it is essential to choose the data that is most confidential and requires high levels of security. It is now possible to put security locks into the data itself. To enforce digital rights management on data means controlling the way the data is permitted to be used. Highly confidential data is then marked with “metatags” which permit certain users to access the data and limit the way the data can be used. For example, people in the marketing department may only be allowed to read the data while people in the sales department may only be allowed to print the data (Peng, Cui, & Tan, pg. 240-242, 2002). While data needs to be protected from theft, it must also be protected from manipulation as some employees or third parties may do in order to change the information enclosed in a favorable manner. Hence, companies use metatags to limit the way in which data can be utilized. Only some employees who belong to that department may have the authority to it the data. The data may only be readable to other employees but they may not be allowed to edit it or make any changes in it (Anderson, pg. 400, 2001). Companies must also protect their information from getting lost as company records are highly important and their loss can mean great problems and obstacles for the company. To prevent data from getting lost, companies create back-up files on CD or on the computer itself. However, data is also stored in other locations besides the company’s computers to prevent the data from being irretrievable in the case of fire or technical faults in the computer system. Backup files are essential for the company as once data is lost; it results in a halt in operations. However, care must be exercised when protecting back-up files from unauthorized access as well (Winkler & Dealy, pg.3-4, 1995). No matter how many strict measures or controls a company applies upon its databases and information, some information is always leaked out. Moreover, most software and security measures can be broken some way or the other by highly professional technicians, hence making the data insecure. There is no proper or fire way to protect data from all sorts of leakages and unauthorized access. Hence, a company must be prepared for its personal information to reach others in due time and must continue to change its strategies and protect its data from break-ins as often as possible (Winkler & Dealy, pg. 3-5, 1995). Conclusion Conclusively, companies should continue to change their passwords, adopt new software, and change authorization codes to the information in their databases. An example of a company who has done quite well in keeping its formula safe is the Coca-Cola Company, which only reveals the full formula for creating the unique taste of Coca-Cola to its highly trusted and top-level employees. All other employees in the production process are only aware of what they are personally adding to the production process but are not aware of the steps that have been taken before or after their own task. Hence, no other company has ever been able to completely copy the formula for Coca-Cola and the company maintains its competitive advantage. However, there have been attempts to access Coca Cola’s data and to discover the complete formula for Coca-Cola. The company maintains its secret quite well, which is the reason that such information has not been leaked out for such a long period of time (Anderson, pg. 362, 2001). Finally, other large companies such as Nestle, Proctor & Gamble, and Apple maintain their secrecy through several security measures maintained upon their databases and information. However, it is again stressed that not all information may be protected indefinitely. Hence, companies may require stricter controls and more reliable software and methods to protect their information in the future. As noted, technology has its advantages and disadvantages in the realm of information storage, availability, and access. Any condition, no matter how safe it promises to be, must also be backed up with extra cautionary measures and care (Martin, pg. 456, 1973). References Anderson, R. 2001. “Why information Security is Hard- An Economic Perspective.” Computer Security Applications Conference. Volume 17, pp. 360-400. Conway, R., Maxwell, W., & Morgan, H. 1972. “On the Implementation of Security Measures in Information Systems.” Magazine Communications of the ACM. Volume 15, Issue 4. Kankellali, A., Teo, H. Tan, B., & Wei-K. 2003. “An Integrative Study of Information Systems Security Effectiveness.” International Journal of Information Management. Volume 23, Issue 2. Martin, J. 1973. Security, Accuracy, and Privacy in Computer Systems. Prentice Hall Peltier, T. 2005. Information Security Risk Analysis. Taylor & Francis Group Peng, X. Cui, Z., & Tan, T. 2002. “Information Encryption with Virtual Optics Imaging System”. Optics Communications. Volume 212, Issue 4-6. Tipton, H. & Krause, M. 2004. Information Security Management Handbook. Auerbach Winkler, I. & Dealy, B. 1995. “Information Security Technology: Don’t rely on it: a Case Study in Social Engineering.” Fifth UNIX Security Symposium. UNIX Press. Read More