In the modern era of the digital world, almost everything has become digital – either being stored or processed by electronic devices such as computers, laptops, mobiles, etc. All data stored on these devices are at great risk of damage or unauthorized access or threat from inside or outside.
Most of these data are Personally Identifiable Information, clients’ business data or business strategic information which might lead to great damage to an organization by impacting its reputation or revenue.
In this context, it is extremely vital to protect the organization’s data and data processing facility from these attacks.
CYBER SECURITY AT PERSONIV
Cyber security is the technique and practice designed to safeguard Personiv’s networks, devices, and information from external and internal cyber-attacks. Cyber security is also referred to as Information Technology Security or Computer Security.
Cyber security is the approach of defending Personiv’s networks, computers, and data from attack, damage or unauthorized access by implementing various techniques and practices.
Cyber attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Cyber security is not just aiming to prevent cyber-attacks but also minimizing the impact of financial losses and retaining brand reputation. Cyber-attacks may arise from inside or outside of the organization
OBJECTIVE OF CYBER SECURITY
Cyber Security approach is aiming to preserve “Confidentiality”, “Integrity” and “Availability” of critically sensitive information that includes IT hardware, software, databases, and information so that it remains secured and accessible for processing by authorized personnel when required.
A successful cybersecurity approach has multiple layers of protection spread across computers, networks, or data. In an organization, the people, processes, and technology must all complement one another to create effective security from cyber attacks.
People of an organization are the greatest weakness that an attacker can effortlessly exploit to get access to the network or sensitive information. Hence its extremely important Employees at Personiv must understand and comply with Cyber Security policies and procedures.
To handle cyber-attacks, there must be effective processes & procedures to identify, report and respond to the attacks and recover from the attacks quickly and effectively without affecting Personiv’s reputation.
Advanced technology is essential to protect computers, networks, and information from everyday emerging cyber-attack. Common technologies used to protect Personiv systems are Firewall, DNS Filtering, Anti-virus Management, and Malware protection system. Personiv is always on top of the technology to keep its system secured.
Nowadays, organizations find themselves attacked either from internal threats or external threats. These attacks are very critical to identify if and when the organization takes necessary actions to find them before they cause severe damage.
POTENTIAL EXTERNAL CYBER THREATS TO PERSONIV
- Social Engineering
- DDoS -Distributed Denial of Service
SOURCES OF EXTERNAL CYBER THREATS
- Terrorist Organizations
- Organized crime groups
Various factors increase an organization’s exposure to Insiders’ threats. There are not many technical controls to prevent such threats. An insider is anyone who has been granted access to information and other assets. Attacks can be accidental, negligent or malicious. Insiders would be considered all employees, current or former, subcontractors, partners or suppliers
Insider threats are hard to identify as well as to protect against. If an employee has access to sensitive information or has privileged access to administrative activities, there is every possibility that the unsatisfied employee can do harm to the organization.
Personiv mitigates such high-risk activities by implementing various practices and procedures:
Enhanced Employee Screening
It is important to do necessary background verification before appointing anyone to sensitive and critical roles in the organization. Background verification includes previous employment, family, instances of legal action and so on.
Employees should not be given full or excessive privileges to any sensitive information at any point in time. Only role-based access should be provided to employees. These access rights must be closely monitored and verified for the purpose of access provided at all times.
Security Training and Awareness
Regular training on the awareness of cybersecurity must be provided to all employees. Management oversight is of utmost importance in these instances.
When an employee is terminated, the organization needs to make sure ALL access is removed right away. Ideally, it needs to remove access while the person is getting the bad news.
Human Resource Policies
An organization, as its utmost priority, must define acceptable use and social media policies. At Personiv, we have a detailed social media policy and computer use policy.
Together with well-established Information security policies, procedures, and technologies
Personiv demonstrates that Cyber Security is the primary focus in its culture in order to protect against any kind of cyber threats.
Continual improvement is in our DNA, and as an organization, we believe that anything can be improved. Management has shown tremendous support by providing necessary resources and financial support to protect Personiv’s brand, resources, and employees at any given point in time.