Veriscan: Don't let carelessness become a disaster

Carelessness and lack of routines can have unforeseen effects - it can even endanger the entire business, warns Veriscan, which has worked with information security since 1999.

A common reason for information to end up in the wrong hands is when someone comes across your USB stick, laptop, mobile phone or your documents. It is not difficult to imagine the disastrous effects it can have if you forget your USB stick on the train, where you saved sensitive information about your company. Or perhaps even worse, where you have stored sensitive information about your customers. Such an incident can risk the credibility of your entire company.

Carelessness and lack of routines can have unforeseen effects, it can even endanger the entire business. Having an employee's computer stolen at the airport may seem careless, but often it is not the employee's temporary carelessness that causes it, but a lack of awareness on the part of management or that the rules are poorly communicated, according to Veriscan.

The employee may not have known that he or she would have encrypted the information on the computer, so that only the person for whom the information is intended can access it. Computers will always be stolen and USB sticks will be misplaced, but it is the company's routines that will be the deciding factor in whether such incidents become devastating or not.

At best, the stolen computer example ends with the company having lost a computer, and nothing else. Because if the sensitive information is protected, you only have to bear the material loss of value. The computer can be replaced. Completely unprotected information on the computer, on the other hand, and you can be faced with unnecessarily large challenges.

The fact that companies and authorities do not know the risks that exist against their information management means that all necessary security measures are not taken. If you haven't seen the threats, you haven't prevented them either, that's one of the biggest information security risks. If the management has not been clear about what applies to you, they cannot demand that the staff think about information security in their daily work.

Do you and your employees know, for example, that you should perhaps not talk openly on the mobile phone about certain things that you work on? Do you know that you should not store sensitive information on a USB stick, which can easily be carelessly lost or stolen? Do you know that you should not leave sensitive documents on the desk when the cleaning company cleans the office? And if you know all this, do your consultants know that the same thing applies to them and are all new hires informed?

There are, of course, many aspects of information security that you should take into account, and all organizations are unique. Not everyone needs to send their email encrypted, while for others it is incredibly important. The essence is that everyone concerned knows what the rules are.

So think about what the risks are and how they can be countered. Also make sure to train all employees at regular intervals so that they also know. It is such a simple thing that can be decisive in preventing mishaps from turning into disasters, urges Veriscan, which has been working with information security since 1999 and has a large number of customers in various industries. Veriscan participates in the international work with the ISO 27000 series and holds training courses in information security.