The use of the internet in business activities has been of great benefit to most businesses. The Internet has been providing these businesses with unprecedented access to global as well as local markets (Burgess, 28). The internet is used in advertising, selling, finding new markets, communicating with suppliers and customers, carrying out various financial transactions, among other activities. However, the use of the internet has exposed businesses to online scams, data theft, and other cybercrimes.
The issue of information security is not only a concern in big businesses but also in small businesses. In fact, statistics show that small businesses are at great risks since they are the easy target (Roessing, 61). This is because most large businesses have been pursuing information security measures with significant resources. These resources include people, technology, and their budget. Because of this, such big organizations have become more difficult to be targeted by cybercriminals and hackers. The hackers have now diverted their attention to small businesses since these tend to be less secure. Therefore, it is important for the owners of small businesses to understand the concept of information security as it relates to their businesses. These businesses have to secure their information, networks, and systems appropriately.
Most of the small businesses do not have high priority for the security of their information, networks, and systems. However, this matter is very important for the employees, customers, as well as business trading partners (Burgess, 30). The employees have expectations that the business appropriately protects their sensitive personal information. On the other hand, the customers of these small businesses expect their sensitive information to be respected. Furthermore, it is their expectation that such information will be given sufficient and appropriate protection. It is the expectation of the current as well as potential business partners to ensure that the status of the information security is given sufficient security. They always seek an assurance that their information will not be put at risk in case they engage in business activities with the small businesses. Usually, they expect a proper level of security that is similar to the one implemented within their own systems as well as networks.
In order to understand the issue of information security, it is important to understand the concept of information security threats and vulnerability. In its simple term, a threat refers to an event or a person with the potential for negatively influencing a valuable resource (Roessing, 18). On the other hand, vulnerability refers to the quality of a given resource as well as its environment, which allows the realization of a threat. In the context of the system and network security, threats are always present. However, they are mitigated by proper usage of security features. The people that cause threats to small businesses include internet hacktivists, experimenters and vandals, cybercriminals, and information warriors. According to the SBC Computer Security Library, these people cause various threats to the business such as denial of service. They may blackmail the business and request a lot of payment before they can allow the business activities to return to normal. They may expose the business to malicious codes and viruses, which may enable them to access important information about the business. They may delete or alter this information. Threats may also originate from within the business.
Generally, the information of the business may be compromised in different ways. Protecting the information against confidentiality refers to ensuring that unauthorized people do not access sensitive information about the business (Lubbe, 66). The leaking of sensitive information may be because of poor security measures within the business systems. Integrity refers to preventing unauthorized people from causing errors as well as omissions that may alter the data of the business. This is achieved through proper data storage. Malicious attackers may also corrupt or delete information, which is very essential for the correct functioning of the business activities. Availability is concerned with the prevention of unauthorized persons from withholding business information or resources. It generally requires that information be freely available to all authorized users.
Authenticity, as applied to information security refers to the process of verifying the users when they log into the system. In other businesses, smart cards, as well as retina cards, are used. This is accomplished using user names and passwords. Non-repudiation refers to ensuring a computer user cannot falsely deny their actions (Khosrowpour, 68). It provides undeniable proof that such users performed certain actions including money transfer, sending messages, or authorizing purchases. Authorization is the process that allows only the authorized users to access the business’s sensitive information. This process has to use an appropriate security authority in determining if a user can access the resources.
There are various methods and techniques for protecting against data breaches and theft. One of the methods involves protecting the information, systems, and networks from damage by spyware, viruses, or other malicious codes (Lubbe, 88). This can be achieved using updated anti-virus as well as anti-spyware. In addition, installation and activation of software firewalls on the business systems are also vital. This must be always updated on each of the business’s computers. Moreover, it would be necessary to provide security to the computers when connecting to the internet.
Burgess, Stephen. Managing information technology in small business challenges and solutions. Hershey, PA: Idea Group Pub., 2002. Print.
Khosrowpour, Mehdi. Managing information technology in a global environment: 2001 Information Resources Management Association International Conference, Toronto, Ontario, Canada, May 20-23, 2001. Hershey, PA: Idea Group Pub., 2010. Print.
Lubbe, Sam. Managing information communication technology investments in successful enterprises. Hershey PA: Idea Group Pub., 2007. Print.
Roessing, Rolf von. The business model for information security. Rolling Meadows, IL: ISACA, 2010. Print.
“SBC Computer Security Library.” NIST.gov. N.p., n.d. Web. 19 Feb. 2014. <http://csrc.nist.gov/groups/SMA/sbc/library.html#04>.