INFORMATION SECURITY – Q & A

AMSRO members attending the recent Information Security Workshops with Cruse Australia raised the following 5 key questions… 

  1. Question:

What is the difference between information security, data security and cyber security? These words keep coming up in tender documents.

Answer: They are all about protecting information from unauthorised access, use, modification and other disruptions. The only difference is the form of data being protected. Therefore for the purposes of market research, treat them all as ‘protecting information’. 

  1. Question:

Our business does not have a dedicated IT person so how can we manage to protect our business?

Answer: 80% of data protection is about common people practices and the use or proprietary anti-malware / virus software. Policies and processes around the use of devices such as mobile phones, emails etc. are equally as important as expensive IT solutions.

  1. Question:

We don’t have the time to develop more documents. We already have an ISO 20252 Manual and Procedures. Can we use these?

Answer: Yes. Add to your existing ISO 20252 / 26362 systems the rules and standards you require of your staff and subcontractors that will protect your secure data from unintended access and business disruption.

  1. Question:

What is more at risk – big businesses or small business?

Answer: Viruses and malware attacks don’t discriminate by the size of your business.  They penetrate weak and vulnerable systems that don’t have virus protection, strong passwords or other authentication processes. You are as strong or weak as the person who shares their password, leaves laptops unattended in public or opens unknown attachments on their smart phone.

  1. Question:

What should I do first?

Answer: Start with your methods for transferring data to / from clients. How vulnerable are you? Emails are very vulnerable so look for alternatives such as drop box or at least encrypt files sent via emails. Then follow up with an audit of mobile devices. How secure are they and what practices do you have in place to protect the data they hold?

If you are interested in attending an AMSRO Information Security workshop (exclusive to members only) please register your interest with amsro@amsro.com.au  or contact the AMSRO Secretariat on (02) 8017 6717.