Advo’s IT expert, Colin Middleton, continues with his series on online and practical security.
What is Information Security?
Information Security (often shortened to InfoSec) is about protecting the confidentiality, integrity, and availability of data—whether it’s stored, processed, or transmitted. It applies to digital files, paper documents, and even verbal communications.
Why It Matters
Data is one of an organisation’s most valuable assets. If sensitive information—such as customer details, financial records, or intellectual property—falls into the wrong hands, the consequences can be severe: legal penalties, loss of trust, and operational disruption.
Key Principles of Information Security:
- Confidentiality: Ensuring only authorised people can access information.
- Integrity: Making sure data is accurate and hasn’t been tampered with.
- Availability: Ensuring data is accessible when needed by those who need it.
Common InfoSec Measures:
- Data Encryption: Secures data at rest and in transit.
- Access Control: Limits who can view or modify data based on job roles.
- Data Loss Prevention (DLP): Detects and blocks unauthorised sharing of sensitive information.
- Backups: Protect against data loss from cyber-attacks, hardware failure, or human error.
- Information Classification: Labels data (e.g. confidential, internal use, public) to manage it appropriately.
Tips for Better Information Security:
- Avoid sharing sensitive data over unsecured channels (e.g., personal email).
- Store data only where it’s necessary—and delete what’s no longer needed.
- Use strong passwords and MFA for accessing confidential systems.
- Be cautious of phishing emails asking for sensitive information.
- Regularly review who has access to important documents and systems.
Did You Know?
Human error is involved in over 80% of data breaches. Information security isn’t just technical—it relies on everyone’s awareness and behaviour.
Next Issue: We’ll explore Security Awareness and Training, and how users are the front line in cyber defence