Protecting Your Business With Information Security Training

Author
Ben Hancock
Managing Director | Yellow Room Learning
27th September 2017
Member roleChamber member

The advent of the internet has dramatically increased the amount of information and data that businesses are handling.  Many enterprises now find themselves dealing with large databases stored on sophisticated computer networks and cloud services.  In many cases, it is a significant change for businesses that were using paper files only a few years ago. For most companies, storing information and data on computer networks is a massive boost to productivity.  However, it has also presents some unique challenges. One of those challenges is learning how to keep your businesses data and information safe from cyber criminals.  Data breaches can negatively impact your business and prompt legal action from clients who have had their data compromised.  This post will explain the importance of cyber security awareness training and how it keeps your business safe.

What is information and data?

You’d be forgiven for thinking information and data are the same thing.  However, there is a difference between the two.  Data refers simple facts and figures, like a number or word.  On its own, data may not make much sense and is of limited value.  Data can be processed, organised, interpreted and presented so it is meaningful to the user.  That’s when it becomes information.  Here is a real world example.  Let’s assume you have a medical database full of patient records.  A piece of data from that database might be “10/10/1980” or “Howard”.  On its own, those strings don’t mean much.  However, when you run a database query and pull a customer’s full record from the database, it becomes usable information.

How data and information are used

The use of data and information by businesses has evolved within the past few years.  Currently, the most common types of data stored by businesses include:

  • Customer or patient details
  • Details of sales
  • Web analytics
  • Usage statistics of products or services
  • Social media data
  • Other business statistics
  • Internal business information including research, communications, and trade secrets

 This information can be very sensitive and valuable.  For example, client details may include credit card details and other personal information.  If that information was stolen by a cyber criminal, your business may be liable for any losses that your customers incur. Confidential internal communications within your business are also very valuable to malicious cyber criminals — they may leak details of conversations that damage the reputation of your business.

Why is data and information so valuable to cyber criminals?

Cyber criminals will attempt to obtain any information that is profitable or useful in some way.  Some cyber criminals are malicious and attempt to obtain information that damages a business in some way.  The most valuable types of data and information include:

  • Credit card information This is the number one target for cyber criminals. They can sell your customer’s credit card details to criminal organisations for large sums.
  • Medical records Medical records tend to be quite detailed and contain a lot of personal information. Cyber criminals often attempt to obtain these records so they can create fake identities.  The fake identities can be used to obtain drugs, make fake claims with insurance companies, or file fake tax returns.
  • The personal information of customers Cyber criminals are very interested in obtaining the personal information of your clients. That’s because it can be sold to criminal organisations or used to obtain credit cards and loans.
  • Trade secrets and internal research Cyber criminals often attempt to steal internal business information. Once stolen, they may blackmail your business or sell the information to a competitor.  In some cases, malicious cyber criminals will leak the information online to damage the business.

Consequences of data breaches

If your business has a data breach, the consequences will be wide-reaching.  If the general public finds out about the breach, the reputation of your business may suffer.  Customers may choose to go elsewhere if they believe their data is not safe.  Your business may even be sued by disgruntled customers. If cyber criminals steal internal business information, your business may be blackmailed.  Cyber criminals may intentionally leak your confidential information online, putting your entire business model at risk.

How you can protect your business against data breaches

Protecting your businesses data and information requires a comprehensive plan of attack.  The key elements include:

  • Use encryption and complex passwords All confidential information should use high level encryption. Train your staff to use complex passwords for all network and work station logins.
  • Keep all software up to date and use security software Many cyber criminals use exploits in out-of-date software to gain access to networks. Always keep your software up-to-date.  You should also use security software on your servers and any networked computers.
  • Use information security training Cyber criminals often gain access to a businesses computer network because a staff member made a mistake. They may have used a weak password or installed compromised software.   Information security training teaches your staff how to avoid these common mistakes, keeping your network safe.
  • Encourage staff to report potential breaches and security issues It is always better to have a staff member report a possible breach rather than cover it up.
  • Review legislative requirements There are a number of legislative requirements in the UK for data protection and storage. To learn more about legislative requirements for your business, contact us today.

 Thanks for reading Protecting Your Business With Information Security Training!  For more information on information security training, contact Yellow Room Learning on 0800 292 2900.

About Yellow Room Learning
Yellow Room Learning is a leading provider of information security training.  Our team can help your business by training staff to have better information security awareness and cyber security awareness.  Contact us today to learn more!

Do you want to join the conversation?

Sign up here