Information Security

What is information security?

According to Wikipedia, information security is “the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical)

Practically every modern business relies upon its stored information to function effectively and to be successful and as we can see from the definition above, information security is quite involved and isn’t simply a case of keeping important documents in a locked safe.

Although those in charge of each company and business have an ultimate responsibility to ensure that information is kept secure, it’s fair to say that each and every employee needs to play an active role in information security. However, those with that ultimate responsibility also need ensure that their employees are aware of the responsibilities in keeping company data secure. If this step means that employers need to provide relevant training, this should also be taken on board. It is believed that human error is the main cause of information security breaches and many of these breaches can be attributed to the fact that employees have not received suitable security training.

We often associate security with passwords and rightly so but merely password protecting something doesn’t mean it is safe or secure. One of the biggest problems with passwords is the strength of them as most people tend to use things they can remember easily and even worse is when the same password is used in many instances. If we take a look at the most popular passwords it is easy to see why weak passwords are used and why it can be such a problem. On the list of most popular are children, pets, favourite teams and cars so with a little bit of research a lot of passwords can be cracked.

Even with the most secure passwords and tightest security measures there is always a weak link and the weak link is the user. People talk and people make mistakes like losing keys and chatting in a public place. In the vast majority of cases of a security breach the person responsible would be completely unaware of the implications of their actions.

Why is information security important?

Breaches in information security can be devastating. There have been many high profile examples in recent years. At best, a breach is embarrassing, at worst it can bring a business to its knees – facing legal action and losing credibility and reputation for both existing clients and customers and any prospective new ones.

According to the report from Infosecurity Europe 2015 in London, the number of organisations being breached is increasing, with as many as 90% large organisations reporting a breach of one kind or another. Data suggests that these numbers are only set to increase.


According to the government’s 2015 information security breaches survey conducted by PwC, breaches at large companies, in the worst case scenario are costing somewhere between £1.4m and £3.4m. Many of the incidents featured in the various reports are believed to have been staff related – so breaches from the inside, either deliberate or through lack of knowledge or negligence.

Information Security Training

So, information security breaches are common and they are costly. What can be done to protect businesses up and down the country? Information security training is becoming absolutely crucial for modern companies and businesses of all sizes can benefit from the knowledge and experience gained from training in this area. Being educated about all of the associated risks and the measures that can be implemented to best prevent any breaches can even make the difference between success and failure. Providing evidence of security measures taken, can encourage and improve customer and client trust both in the short and long term.

There are numerous providers of information security training, with courses to suit different kinds of business with the ultimate goal being to achieve the ISO27001 standard. What is this standard? Well, again according to Wikipedia, “ISO 27001:2013 is an information security standard that was published on the 25th September 2013. It is a specification for an information security management system (ISMS). Organisations which meet the standard may gain an official certification issued by an independent and accredited certification body on successful completion of a formal audit process.”

Companies that achieve this certification have usually put a great deal of effort in, in order to reach this standard and it is very often a hallmark of trust and reliability. Please

Leave a Reply