Information is a key National Grid asset and its security means protecting information and information systems from deliberate, unintentional or unauthorised access, modification, destruction and disclosure.
Even back in 50 B.C. the need to protect information was understood. Did you know that Julius Caesar invented the “Caesar Cipher” to prevent his messages from being read by those not authorised to see them, as well as insisting on strict handling controls?
We now generate, process and store vast amounts of information worldwide each year, enough to fill a stack of DVDs stretching from earth to the moon and back, by 2020 this stack will stretch halfway to Mars!
So the need to protect information is even more important and it is vital we all manage information to ensure its:
- Confidentiality – our information should only be disclosed to the correct person(s)
- Integrity – our information should be correct and accurate at all times
- Availability – our information can be accessed when and where needed
How should information be secured?
We regularly need to handle information which is considered private to some people. Although names, addresses, and phone numbers for our customers can be found in public places, we still should take every precaution to keep it safe from others. Handle customer data and work information with the same care you would expect an organization to handle your personal data.
Did you know? An organisation was fined £225,000 ($348,500) for failing to take appropriate action to keep sensitive personal data secure. The people affected had their details posted on the Internet which lead to additional stress and inconvenience.
What if someone asks for information on a customer or a job?
We wouldn’t just give our personal information to anyone just because someone requests it, especially our sensitive personal data, such as banking and health information. Dealing with information requests correctly at work allows us to ensure only those that are entitled to it, have the right to access it.
The requestor could be posing as a legitimate authority so verify their identity prior to handing out any information. Suggest the person go through the proper channels to gain the information he or she needs. When in doubt, contact your line manager.
Did you know? Customers of a power company received bogus requests from people over the phone posing as representatives of another company seeking key financial information. Not only did customers lose money but the company also had to suspend the use of electronic payments pending an investigation.
Why do we need controls for infrastructure and assets?
As individual’s we have some essential needs that must be met such as food, shelter and clothes which are essential in our daily lives. Energy is also essential to everyone and National Grid plays a vital role in providing energy to millions of customers across Great Britain and the Northeast US in an efficient, reliable and safe manner. This is achieved because of the strong controls and processes we have in place to protect our infrastructure assets and the information they contain.
Our critical assets that support our infrastructure are also vulnerable to attacks, loss, and theft. Like any other assets, any disruption to these services could lead to economic, social and financial consequences. In the extreme, service disruption could lead to major loss of life.
Did you know? ICS-CERT reports a dramatic rise in the number of attacks on critical systems in US, in 2009 it received 9 incident reports, in 2010 there were 41 incidents and in 2011, the number of attempted cyber-attacks spiked to 198.
Here are some helpful tips to getting it right:
- When you carry customer information from outside of National Grid premises, take every precaution to keep it private
- Take care when printing out sensitive data (both personal and business-sensitive)
- Check that whoever is requesting information is entitled to it
- If in doubt, check with your line manager or data owner before sharing any information