Why be secure?

Information is an asset, and like other important business assets it has value to an organisation and could be of value to competitors. It must therefore be suitably protected.
Information security protects information from a wide range of threats to:
• ensure business continuity
• minimise business damage
• maximise return on investments and business opportunities.
Information can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on film or spoken in conversation.
Until quite recently the protection of data in the information technology (IT) environment has focussed on the physical computer system, and in particular three core elements:
• Confidentiality - assuring sensitive data is read only by authorized individuals and is not disclosed to unauthorized individuals or the public.
• Integrity - protecting data or software from improper modification. For example, a virus may infect a program and alter the data contained within the documents created by that program. Data integrity could also be compromised by a disgruntled employee fraudulently changing payroll records. Unless information is accurate or complete, it is rendered useless.
• Availability - accessibility of IT network, desktop and data resources when authorized users need such access. Availability definitions differ from organisation to organisation. For instance, some organizations run 24 x 7 operations and therefore require systems to be available 24 hours a day, 7 days a week. Other organizations operate from 8.00 am to 6.00 pm, Monday to Friday, hence system availability requirements are greatly reduced.
Connecting computers to the Internet allows consumers and businesses to access a wealth of information and resources. However, it also creates the risk that computers may be tampered with by hackers, or attacked by viruses distributed via email. It is important to protect yourself against these risks.
Consider these points:
• Initially, security adds to the cost of doing business. However, in the long-term it could save you money, reputation and customers.
• Security is a process, not a project or a product.
• Continuous improvement is the key success factor for a good security program.
• Building and maintaining trust and credibility with your customers and business partners is critical to the success of your business.
For more information on security issues, you might like to look at this tip sheet developed by DCITA as part of their publication, Internet Security Essentials for Small Business: