Three pillars of information security management

Article Published by Geotab
Author: Inshaal Badar is a Senior Content Writer for Geotab
https://www.geotab.com/information-security-management/

Learn the basics of information security management and discover a few best practices for minimizing security threats.

Information security management and cybersecurity are an important part of running a business and help ensure systems, networks, and hardware are protected and secured. Although strategies to protect information may look different for every company, the main goal remains the same.

Continuously working on and having an effective cybersecurity strategy will help reduce possible cyber attacks. Here are three pillars and best practices to keep in mind to focus on when trying to stay protected .

Process

It is very important to review processes multiple times a year. Having best practices that your employees can work off of will help eliminate any confusion that can potentially be created, especially for those that are not familiar with the concept of security. Create simple and easy to read guidelines that clearly state what the dos and don'ts of your company are. This will keep everyone on track, and reduce the chance of cyber attacks.

If there are any changes to the process documents, notify the employees each time. To ensure the documents are being read, consider creating training sessions and/or quizzes. This is not a means to punish those who do not understand the documents, but to identify who may need extra training.

Technology

Technology refers to the actual software and hardware that is used for cybersecurity purposes. Once it has been identified what information needs to be protected and what the potential risks are, implement technology to help reduce them.

The technology that each company uses will vary. Do thorough research and create a pros and cons list for each technology to best weigh all options. As it can be costly, it is best to think it through before committing to a specific one. Set and identify goals, and once you have identified your goals and implemented the technology, you can feel safer and focus on other parts of the business.

People

People are extremely vital to your strategy. Staying safe is not only in the hands of the security team, but every employee in the company. With the help of technology, and processes put in place, it is now up to the people to use the knowledge they have learned to prevent security attacks from occurring.

The more up-to-date and knowledgeable employees are on cybersecurity, the less exposure there will be to cybersecurity threats. Regardless of what department each individual belongs to, ensure they are aware of how to stay protected from security breaches and understand the importance of the processes and technology that are put in place.

Best practices

Here are additional five tips to help your cybersecurity strategy:

  1. Know what a suspicious email looks like — Many times, phishing attacks leave users vulnerable to exposing personal information such as login information and passwords. Create examples of suspicious emails to educate employees on what they can expect a suspicious email to look like.
  2. Do not leave devices unattended — When you are stepping away from your laptop or leaving your phone on a table, make sure to lock your screen. Explain the reasonings behind why this is important to your employees and create a culture where this becomes second nature.
  3. Strong passwords — While this may seem like an obvious task, it is crucial that strong passwords are being set to protect your device from being compromised.
  4. Update softwares regularly — Updating software regularly and whenever needed will help secure your device and patch any security issues.
  5. Organize security training — To help reestablish and remind employees about the importance of cybersecurity, organize training sessions where processes, best practices and tips are discussed. Encourage questions and discussions between employees regarding what it means to be a secure company.

Geotab’s strategy and certifications

Geotab prioritizes these three pillars and the maintenance of security, organizational and technical measures that are designed to keep customers’ data safe and secure.

Geotab has successfully achieved the International Organization for Standardization (ISO) 27001 certification. This confirms the integrity of its Information Security Management System for its telematics offering, including the global offering of the GO device and MyGeotab platform, and four office locations in North America.

Geotab also recently announced its FIPS 140-2 validation and FedRAMP certification, which confirm Geotab’s commitment to meet the highest standards of cybersecurity that is set by the U.S federal government.

To learn more about Geotab’s security and privacy policies, visit: https://www.geotab.com/security/.