We are in the age of information where anything and everything is just a click away. We are surrounded by data. Meanwhile, I have to confess that during my CA days I used to get annoyed by ISCA. It was a nightmare for me and like most of you even I used to wonder if this subject was necessary. But as soon as I entered the practice where I had to make all the decisions from selecting the computers to selecting the software and then the networking part. I realized the importance of Information Technology.
The subject which used to bring worry on my forehead was actually the need of the hour. In today's time, you are illiterate if you don't have any technical knowledge, if you don't know the kind of RAM you need in your desktop/laptop; if you don't know the configuration of the system or mobile that you are using.
There are a lot of scams that are happening around. So every organization, be it small or large needs to have adequate internal controls in place otherwise data can be compromised very easily.
Now you just can't get away by saying, "I am alien to technology"
What is Social Engineering?
People are using "Social Engineering" very smartly to get your data. "Social Engineering" means manipulating people to gather their confidential data. Those who do this engage you in some conversation to get some personal information and use this to hack or crack your information systems. Its basically a psychological manipulation to gain confidential information. A person needs to be very much aware of what information he or she is providing to the other person.
Information security is governed by three basic principles also known as CIA Triad; Confidentiality, Integrity and Availability.
Confidentiality limits access to information. This means that should only be accessed by only those who are authorized to access it.
Integrity means information is trustworthy and accurate.
Availability means data should be available for the authorized persons if and when they require. Data shouldn't get lost..
What we can do on a Basic level to protect data?
Use of strong passwords which should be regularly changed is the first and foremost thing.
Limit access to the information to only those who require it. Information can be in physical or digital form. It should only be available for those who need it and should be kept securely.
There should be proper backup of information which should also be secure.
The physical security of information assets through locks and environmental security from floods, short circuits is also required.
Till the time we start loving the technology we will always be at risk. Technology is to learnt and loved.
CAclubindia
