3 STEPS TO STRENGTHEN YOUR INFORMATION SECURITY MANAGEMENT
We live in an interconnected world, where information is one of our most valuable assets. This is particularly true for supply chain organizations, where we base our networks on collaboration. Data in a business setting comes in all shapes and sizes, from intellectual property to sensitive employee details – but so do security risks! What can we do to keep up with a changing landscape of threats, vulnerabilities, and business needs?
Godfrey Shirima | Information Security Officer Consafe Logistics
Will share three steps that we can take to strengthen our information security management.
#1 Establishing an Information Security Management System (ISMS)
When it comes to protecting information, most companies have some security measures. Often it is the IT department taking care of applications and technical equipment. But information security has many other aspects: government regulations (GDPR in Europe, for example), legal matters, risk management, product development, etc.
“The first step towards stronger information security management is to acknowledge that there are security risks at every department and every level of our organization. Establishing an ISMS will provide the framework with clearly defined processes, responsibilities, and technology for systematically managing information security matters. This ensures that we can act fast and efficiently in an incident.”
#2 Raising co-worker awareness
People often associate information security with something technical, like having antivirus software or a firewall installed on our computers. Rightly so because we still put the focus mainly on these aspects. However, the weakest point where most companies fail is human error, partly because of co-workers’ lack of information security awareness.
“We are bombarded with various systems and applications, and we have an average of 100 passwords to remember. On the other hand, personal and official device use boundaries are often blurred, which has accelerated with remote working during the pandemic. It is essential that co-workers learn about the different aspects of information security and their impacts on the processes. Increasing awareness and reducing risk go hand in hand.”
#3 Certifying your ISMS
Every company wants to work with partners and suppliers that protect their valuable data. Having an established ISMS is one step toward serving them better, but it is “just” a promise without a certification. A widely known and acknowledged international accreditation reinforces that the organization is a trusted, secured company.
“As a Warehouse Management Solution provider, we wanted to take a step further and assure our customers, partners, and ourselves that we have adopted information security management in all ways of our operation, from finance, through sales, to the development and delivery of our products, which is why we have recently undergone the ISO 27001 certification process. The audit’s focus is to check if mandatory requirements of the ISO 27001 standard are fulfilled without exceptions and the implementation of security controls that ensures the protection of information assets. We successfully passed the test, which is a reinforcement that we have people, processes, and technology in place that can systematically manage information security matters.”
As the saying goes: It’s better to be safe than sorry. Although a certified ISMS does not eliminate all security risks, it helps to be prepared for an incident, which is already a great benefit for the organization. And since accreditations, such as ISO 27001, are revised regularly, it is a constant motivation for improvement and resilient operation.