Information Security for Small Businesses - Research Paper Example

? Information Security for Small Businesses Information Security The advancement in the field of computers has carried mankind to another level. All fields of life have been revolutionized with its advent and have changed its mode of operations, for example, acquisition of education has been made easier with the emergence of virtual learning platforms; organizations have improved their business procedures with information management systems etc. Information systems manage information in such a way that all business processes can be executed in an effective and efficient manner. Information and data might be related to the business processes of any organization or the buying trends of customers; such information has acquired significant relevance in the modern world as it gives greater power to the person who possesses it. Therefore, the protection of information and data should be prioritized as one of the foremost steps in every organization, whether small or large. Identity theft and credit card frauds are aggravating crimes that are witnessed due to criminal acts of data thefts. Organizations around the world tend to suffer such thefts that jeopardize their reputation, and often face lawsuits from their clients. One such incident was witnessed last year with Sony PlayStation when their PlayStation network in the British division faced data theft. The Guardian (2011) reported that around 77 million users’ data was stolen. The stolen information included names, addresses, date of births, passwords and credit card numbers. The data thefts of such nature are likely to cause credit card frauds and bank frauds while attempting identity thefts. The online games service had to remain shut down for a week since they did not want the incident to recur before appropriate measures were taken to combat the attack. Richmond Williams (2011) stated that such an enormous attack was likely to damage the reputation of Sony and threaten its capability to compete with other giant competitors such as Apple, Google, etc. It is also vital to ensure that information security measures are updated regularly to stop any intruder from taking advantage of any obsolete protection software (which is often noticed in small organizations). Alongside financial losses and reputation damages, ineffective information security measures are also likely to instigate legal actions and investigations against organizations. With reference to the example under discussion, a lawsuit was filed against Sony for not providing enough security to the data of their customers. The customers wanted compensation from Sony for the damages caused by the data theft at Sony. Jones (2011) stated that the respective company was likely to face as much as ?500,000 of fine for not being able to protect their customer’s sensitive information. With the comprehension of the consequences of not implementing effective security measures, it is also important to understand the different types of vulnerabilities that exist in organizations. Confidentiality of data implies the safe keeping of data against any revelation without the approval of the owner of the information. The revelation of data might not be intentional by the organization; however, the data flow that is implemented for the transfer of the data might involve some unreliable third parties that might take advantage of such exposure of data. Data integrity implies that no change or corruption should happen to the data; such corruption and changes are likely to occur if effective information access procedures are not implemented. Availability of data refers to the presence of data and service upon the need of the customer and employees; cyber attacks on an organization can make an online service go offline or delete important data by adopting different types of intrusions and virus attacks etc. Authenticity and non-repudiation are interrelated concepts that involve the proof of identity of the interacting parties. Authenticity implies that the interacting parties need to be sure that the incoming messages are really coming from the claimed identity, rather than an impostor communicating from some unreliable source. Non-repudiation involves the presence of a proof of identity that can assure the recipient of the data about the authenticity of the information; this proof of identity can be shown to other participants as well to prove the identity of the sender. Authorization implies the revelation of data to only those individuals who are allowed to view it, since unauthorized individuals might cause harm or steal the data. Effective information security measures ensure that only authorized personnel are allowed to access the data for the protection of privacy of their customers or their own business processes. The increasing information security threats have provoked the IT industry to develop solutions that can combat such attacks and threats of information security. Another type of common attack in the current times is the denial of service (DOS) attack that comprises sending an excessive number of requests to a server to make it unavailable for a legitimate request or to crash the server. Such attacks are initiated by cyber criminals that might be maintaining a whole network of compromised and effected computers which are used to send requests repeatedly on an automated basis. According to GossWeiler, Kamvar and Baluja (2009), Completely Automated Public Turing test to Tell Computers and Humans Apart (CAPTCHA) is a program that requires the reproduction of letters or figures that might be written in an ambiguous and unclear manner. The given phrases are always written in such a way that only a human eye can recognize the characters in a better manner than computer character recognition systems. Therefore, the reproduction of these characters ensures the computer that the request is legitimate and not attempting a DOS attack. In the light of the above arguments and definitions, it can be stated that a small company undertakes substantial risks if effective security measures are not taken to protect the data from revelation to unreliable sources, usage of unprotected data flows and networks and unauthorized access by individuals who might not be permitted to do so. Small businesses often ignore the need for such measures and are likely to face severe consequences since the lack of effective information security protocols are likely to cause reputational, financial and market share damages. References GossWeiler, R., Kamvar, M., Baluja, S. (2009). What’s up CAPTCHA? A CAPTCHA based on image orientation. International World Wide Web Conference Committee (IW3C2). Jones, R. (2011, April 28). Sony faces legal action over attack on PlayStation network. BBC. Richmond, S., & Williams, C. (2011, April 27). Sony admits massive PlayStation Network user data theft. The Telegraph. The Guardian. (2011, May 1). Sony bosses apologize over theft of data from PlayStation Network. Read More