IT security is becoming major concern for many users, IT professionals and related stakeholders, nowadays. Five or six years back, the term ‘IT Security’ was not making it to the headlines though IT was taking over the traditional market place. It was a time when most of the organizations were digitizing their traditional paper-based system. Back then Nepali heard this term from international headlines of reporting breaches, online frauds and thefts. Many of us, except few practitioners, were not familiar with the term ‘IT Security’ then as we are nowadays. Looking back, IT security was first challenged with the breaking of Enigma machine code in1932. With the development of IT enabled product since then security of many of the systems was compromised.

 

Confidentiality, integrity and availability are the three important pillar of information technology enabled system. In the beginning there was a massive threat posed against the availability of information systems. Hackers put their effort to prevent the system from being available to others. Though threats to availability have been gradually decreasing these days, threats to confidentiality and integrity of information systems have been heavily increasing. 

 

At this point of time we should not overlook the security aspect of IT enabled system. In our daily life we access or use different Information system, be it accessing online newspaper or shopping online our handy smart phones. While doing so one must consider the security of the big Internet world. Many of us hurriedly download an app from online repository or hurriedly download software and start using it, leaving security in the air. Only a few of us dig into the security aspect of downloading and using apps and software. Many of us are unaware of the fact that those easily downloadable apps and software could pose huge risk to our privacy, as one does not even know that his/her privacy is being compromised. 

 

1.Do not download apps/software from referrals without knowing it. At least dig into the use of the app/software, figure out what the app/software is for and carefully read the terms and conditions and other related information before downloading or using it.

 

2.If you are carrying out online transaction, check for the availability of security certificate on the site you are browsing along with its validity. Check your transaction statement regularly.

 

3.Before entering any security pin or confidential information in any online payment form compulsorily check the web link. Report it immediately to the owner organization if it is different or suspicious.

 

4.Do not download untrusted software into your secured system as such software can steal personal information from your device.

 

5.Do not click any attractive link on Internet hurriedly.

 

6.Keep your password strong, never provide it to other and never send it in email for future reference.

 

7.Do not connect to untrusted Wi-Fi networks.

 

8.Regularly update your antivirus.

 

9.Remain updated about cyber security threats by subscribing to IT related journals.

 

Along with individuals bigger organizations providing online financial services should also consider IT security as major aspect of business continuity. Actually, securing their customer’s confidential information is a major challenge for organizations providing such services. From a hackers point of view it will be very beneficial to penetrate into such organization’s customer database, access customer data and than target those individual customers for stealing their confidential information. Hackers these days follow thousands of way for figuring out and exploiting security loop-holes in secure system.

 

Securing customers information base is a very challenging job and only having branded box in IT rooms cannot be sufficient to remain protected from ever increasing security threats. Security is a constant practice and one must practice it periodically. Risk assessment, vulnerability assessment, penetration testing, access review and system monitoring should be done on periodic basis on critical systems. For standardizing IT infrastructure and security frameworks of such organizations they should adopt any of international security standards like ISO, PCI DSS, or the COBIT frameworks. Nepali organizations should also embrace any of these systems to ensure that their business and customer’s data remains intact. 

 

They should make their customers aware of security risks, launch customer awareness programs on IT security and should compulsorily carry out Information systems audit on a periodic basis. Along with these, they should provide clear information to customers for ways to report any fraudulent activity they encounter. Risk in IT security never zero, it is will be always their but remaining one step forward to secure it, can minimize risks.