InfoSec vs Cybersecurity
For the modern criminal, data is the new gold, and companies with poor security are practically gold mines. To help prevent breaches, we’ve gone beyond the jargon to break down the different levels of organizational security and what you can do to keep them airtight.
OpSec vs. InfoSec vs. Cysec
OpSec is short for operational security, and it’s all about keeping information secret, online and off. “Originally a military term, OpSec is a practice and in some ways a philosophy that begins with identifying what information needs to be kept secret, and whom you’re trying to keep it a secret from.” (Source: Vice)
Tip: How secure are your team’s mobile phones? Since they’re constantly on the move and harder to protect, consider limiting mobile access to certain files. And for the worst-case scenario, create a quick, easy-to-follow plan for your employees in case their phone is lost or stolen. Having procedures in place minimizes panic and prevents the wrong people from accessing your company’s information.
Information Security (often shortened to InfoSec) is the practice of keeping that sensitive physical and digital data from unauthorized users. This encompasses everything from paper files in a drawer to online banking information.
Tip: Small business owners often have a direct line of contact with their customers. While this is important, publicly displaying your personal email can be risky. On your business’s contact page, list a general customer service email such as [email protected] or [email protected] This protects your team from anyone who might try to use your email to access company bank accounts or target employees in email phishing scams.
Cybersecurity is arguably a subset of information security. Oftentimes, it also includes network security. Cysec is the practice of protecting an organization’s digital assets from threats such as malware, spyware, Trojan horses, and zero-day attacks.
Tip: Practice good password management. It’s convenient to store your passwords with autofill, but it also puts all of your information on a silver platter if your account gets compromised. If you have a spreadsheet named “passwords,” it’s just as bad. Instead, try a password manager. Password managers encrypt your passwords and generally have high levels of security. However, nothing is 100% foolproof, so it’s best to be vigilant all the time.
Small businesses are especially vulnerable to the high cost of data breaches. The time, stress, and resources it takes to recover sensitive information are incredibly taxing. If you don’t have a ton of cash on hand, you may only be one breach away from losing it all.
Why does this matter?
Threats come in different forms, which is why it’s important to understand the best practices required to secure different classes of information. Even if you don’t see them, people are trying to compromise your business.
Knowing your weaknesses will help determine where you should invest your resources. Whether you need to secure physical documents when guests visit your office or invest in a network security device like FortressOne, practicing good privacy is your best defense against breaches.