Since the advent of the computer and online technology, businesses and organizations have moved away from storing data on paper, to storing them on hard drives so that it can be accessed faster and more easily retrievable even in remote areas. Nowadays, records of customer data, employee information, emails, telephone numbers, financial records, accounting information and so on are stored electronically. However, with this amazing technology come some problems, primarily of which deals with Cyber Security. It seems day after day, there is a new headline about hackers turning organizations upside down, stealing valuable data and funds, giving such organizations bad publicity, and having them make embarrassing revelations. It is therefore critical that companies understand how important Cyber Security is, and implement the best plans and procedures for optimal protection.

The role of Cyber Security in an organization cannot be overemphasized, as it is vital for the protection of data and ensuring all the services and processes keep running without any hitches. Modern Corporate organizations depend almost entirely on computer systems for storing data, and as such, the financial health of an organization and the actualization of some of its goals will depend on the safety of its computer systems and implementation of Cyber Security strategies.

The Access Control and CIA principles determine Cyber Security implementation. Access Control deals with controlling who is allowed access to information and to what extent they use or alter the information. Access control can be likened to how forums work for instance. The forum administrator, create groups where users are assigned and granted specific access. The admin can also special privileges to specific users who can access certain forums and carry out specific functions that others cannot. The CIA principles stand for Confidentiality, Integrity and Availability, and refers to the three states of data that has to be protected. Data must be kept confidential which means no spying or unauthorized access, it must retain integrity and must be available when needed.

In dealing with information security, the recommended approach is to identify assets, assess risks and treat risks. Here’s an example of how this can be implement for example in a Law firm.

 Identify Assets: The assets of such an organization are important case files, client information, documents of depositions. Also included as assets is the website, email inbox, and financial records of the firm.

Asses Risk: Identify the risk the assets face such as theft of processed documents and important data like financial records stored on paper and digitally. Digital breach from spying on email correspondence between partners, clients, as well as stealing other sensitive information.

Treatment of Risks: To minimize risk, the firm should install CCTV cameras, restrict physical and cyber access to certain personnel and thoroughly educate those with access on responsible ways of using the computers that will not put the firm at risk (like not inserting unknown USB-sticks into computers, identify fraudulent emails and scams) and hire Cyber Security experts to establish a more secure Cyber framework against outside intruders.