importance of information security policy in a business organization

This information security will help the organizations to fulfill the needs of the customers in managing their personal information, data, and security information. Our experienced professionals will help you to customize these free IT security policy template options and make them correct for your specific business needs. Free internets facilities have make employees takes its advantages b used it for personal purposes. There are several challenges in our constantly changing environment that makes it difficult to adequately protect our resources. But do you know that threats really surround a company and must be countered by these professionals on a daily basis? There are also challenges and risk involves in implemented information security in organization. It will protect company data by preventing threats and vulnerabilities. A security strategy must address protecting the confidentiality, integrity and availability (CIA) of assets. Information technology makes it possible for your online data to stay secure until accessed by the proper channels. Security lighting is very important aspects of a robust workplace security. Having important information leaked or stolen can lead to financial problems that lead to the bankruptcy of an institution. In general, information security can be defined as the protection of data that owned by an organization or individual from threats and or risk. A thorough and practical Information Security Policy is essential to a business, its importance is only growing with the growing size of a business and the impending security threats. Flat M2 A security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur. It is because the protection programs that installed in the computer system to protect the data are not appropriately function or not good enough. Therefore, the objective of security is to build protection against the enemies of those who would do damage, intentional or otherwise. Management information system can be compared to the nervous system of a company. Any business, big or small, must have a system in place to collect, process, store and share data. A policy should never set up constituents for failure; rather, it should provide a clear path for success. Reach out with any questions. Policy leadership. By knowing the threats that are present, they can learn to use the luxury of carefully, and not blindly accepting someone will have a solution for the problems they may face. Having an IT department, such as Information Technology, prepared to handle the security of information is fundamental today. They’re the processes, practices and policy that involve people, services, hardware, and data. The importance of a good Information System should never be underestimated within a business or a company, especially in 2015. Information security (IS) and/or cybersecurity (cyber) are more than just technical terms. Information is one of the most important organization assets. Physical security encouraged by ISO to be implemented in the workplace. Determining whether the security policy, standards, baselines, procedures, and guidelines are appropriate and effective to comply with the organization’s security objectives; Identifying whether the objectives and controls are being achieved . Information security will be defined as the protection of data from any threats of virus. The beauty of security policy is that it provides a clear direction for all levels of employees in the organizational structure. Although, to achieve a high level of Information Security, an organization should ensure cooperation of all Table 1 below showed the related theories that determine the information security management. Layer 8 is a term utilized by information security professionals and techies in general that represents the weakest link of every organization: the users.. The risk of this action is, the information may be can access by other person from external organizations. Organization also may review access rights and have the IT professional set up an automated procedure that requires the employees to change their passwords at regular intervals to further protect organization information assets. After you have downloaded these IT policy templates, we recommend you reach out to our team, for further support. In its simplest form, a security policy is a single document (or morecommonly, a set of related documents) that describes the security controls thatgovern an organization's systems, behavior, and activities. The information security in important in the organization because it can protect the confidential information, enables the organization function, also enables the safe operation of application implemented on the organization’s Information Technology system, and information is an asset for an organization. Information systems security is very important to help protect against this type of theft. Besides that, the IT expert or the qualification staff have better understanding of information security and know the steps to ensure the information is always keeping safely. The backup is able to quickly retrieve information lost by accident, theft or other fatalities that can happen. The employees and organizations’ personnel must ensure that the organizations computer network is securely configured and actively managed against known threats. Reading Time: 5 minutes Many people still have no idea about the importance of information security for companies. Accidental or malicious loss of any of this information could expose the client, the business or both to significant loss to revenue and reputation. Abstract and Figures Information security is one of the most important and exciting career paths today all over the world. According to a survey conducted by Small Biz Trends , as much as 5% retention of the customers can increase the … In 1980, the use of computers has concentrated on computer centers, where the implementation of a computer security … One of challenges faced in an organization is the lack of understanding on important of information security. In an organization, information is important business assets and essential for the business and thus need appropriate protected. This will makes other attackers easier to attacks and stole the information if the employees don’t have skill or knowledge on how to protect the confidential data. Many organizations have implemented the information security to protect their data. It consists of several numbers of sections that covers a large range of security issues. Information security programs will ensure that appropriate information is protected both business and legal requirements by taken steps to protect the organizations data. It is the responsibility of the team to ensure that there are enough and proper controls for what has been written in the policy. “As our country increasingly relies on electronic information storage and communication, it is imperative that our Government amend our information security laws accordingly” ― Jo Ann Davis. In completing this term paper, the methodology that was used to collect the data is by reading and literature reviews to enable in depth understanding of information security. Information security is part of contingency management to prevent, detect and respond to threats and weaknesses capabilities of internal and external to the organization. As much as a company takes steps to protect its intellectual property, it is important to set aside the belief that it is impossible for someone to break into your data. Information security is the collection of technologies, standards, policies and management practices that are applied to information to keep it secure. Without information, the business cannot be run. Schneier (2003) consider that security is about preventing adverse consequences from the intentional and unwarranted actions of others. Information security is one of the most important and exciting career paths today all over the world. Information security will protect the data the organization collects and used. The system’s original purpose as a means of collaboration between groups of trusted colleagues is no longer practical because the usage has expanded into millions of frequently anonymous users. In 1980, the use of computers has concentrated on computer centers, where the implementation of a computer security focuses on securing physical computing infrastructure that is highly effective organization. There are already various information security tools that allow you to avoid major problems and ensure the integrity and confidentiality of information, which ultimately is the first wish of companies. Literature review of research paper and journal is done to collect the data about the study of information security and to know more depth about the information security. According to Whitman and Mattord (2005), information security is the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information. Some data and information should be protected and accessed only by authorized and extremely reliable persons. In the past, these tasks required a lot of time and paperwork. This will include information security policies that combine internal and external factors to the organization that scope to the policy, risk management and implementation process. What’s more, you deserve to be hacked” ― Richard Clarke. Many people still have no idea about the importance of information security for companies. This is to ensure the employee know what to do if problem occurs and to protect the data as well. Address: Cyprus Headquarters The organization should establish, implement and maintenance the policies about the information security. Information security programs will ensure that appropriate information is protected both business and legal requirements by taken steps to protect the organizations data. In term of protecting the functionality of an organization, both general management and IT management are responsible for implementing information security that protects the organization ability to function. Its malfunction may cause adverse effects in many different areas of the company. Charalambous Tower Security threats are changing, and compliance requirements for companies and governments are getting more and more complex. Feeling confident about their organization's security level: When information security community members participated in the Cybersecurity Trends Report, they were as… Effective IT Security Policy is a model of the organization’s culture, in which rules and procedures are driven from its employees' approach to their information and work. This makes many organization writes the information policies but does not applied it. Regardless of the size or industry of the business, there are some organizations that just click, and everyone seems to be moving in the same direction in terms of information security … It also includes the establishment and implementation of control measures and procedures to minimize risk. Sometimes organizations do not take seriously about hiring employees based on their qualification. While disregarding digital security, the entire company is in serious danger, as its data and information from customers and business partners. Finally, information security awareness is a very important practice for all medium and large company. Information is the most important element in organization to do business. And using the information security policy improves the recognition of your business in the market because of this. 1. Of course, companies can't always bend to make the customer happy. Most small and medium sized organizations lack well designed IT Security policies to ensure the success of their cyber security strategies and efforts. Written policies are essential to a secure organization. Considering the importance of internal information and its participation in the company’s own equity, if it is harmed, this can have a domino effect, which triggers several unpleasant consequences, such as damage to the company’s image, exposure of secrets and also affecting plans. To protect and secure the confidential information well, the organization should hiring the IT experts and employee that have the right qualification to protect the data. With cybercrime on the rise, protecting your corporate information and assets is vital. Even the small ones, see? Here are the key struggles of those who are working to protect data for organizations. Find more details about the cybersecurity in 2019. Some of these mechanisms are physical, as in the case of password-protected rooms. For the love of computing: Did you mean 0 or O. Reach out with any questions. Information security performs four important for an organization which is protect the organization’s ability to function, enable the safe operation of applications implemented on the organization’s IT systems, protect the data the organization collect and uses, and lastly is safeguards the technology assets in use at the organization. Information can be in any form like digital or non-digital. Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information is one of the most important organization assets. Information security policies and procedures should only require what is possible. So, by implemented the information security in an organization, it can protect the technology assets in use at the organization. Information security is defined as the protection of information and the system, and hardware that use, store and transmit that information. They should know to differentiate their personal life and their job. So, it is difficult for that staff to protect the organizations data with proper protection. “We need a cybersecurity renaissance in this Country that promotes cyber hygiene and a security centric corporate culture applied and continuously reinforced by peer pressure” ― James Scott. Limited to a few people, or even cameras. The Importance of Information Technology in Security With so many transactions done online and so much information available online, it’s important to keep all of that safe. We all have choices to make as to whether we are going to comply with the policy that has been outlined, that's just human nature. How data is stored internally, transferred internally, and … A security policy must identify all of a company's assets as well as all the potential threats to those assets. When employees is lack of information security knowledge in term of keeping their information, the organization is easy to being attacks by hackers or another threats that try to stole or get the organization confidential information. These policies are documents that everyone in the organization should read and sign when they come on board. Sometimes the threat that attacks the information in organizations is difficult to handles. This is because to protect the data, the organization will applied or install the appropriate software that will secure the data such as antivirus and others protected applications. Network security threats may come externally from the Internet, or internally, where a surprisingly high number of … With all the information in a single database, it's easier for HR to find the information they need, track how it's handled and update it when necessary. Confidentiality in the workplace is rule number one in the book of business etiquette. Information has become the most important asset that a person, organization or business needs, and its security is what makes us the best at what we do, that is why the Information Security will always be on the headlines. According to Oxford Students Dictionary Advanced, in a more operational sense, security is also taken steps to ensure the security of the country, people, things of value, etc. They should not taking advantages by used company facilities for their personal. There are five theories that determine approach to information safety management in organization. ISO (Information Organization for Standardization) is a code of information security to practice. Information security policies are very important in the organization because the information security policy will state the information security requirements. There are blending the corporate and personal live, inconsistent enforcement of policies, lack of awareness in information security, information security threats and. That’s why the information security is important in organizations. One way to accomplish this - to create a security culture - is to publish reasonable security policies. “If you spend more on coffee than on IT security, you will be hacked. Information security is crucial in organization. Look at a policy as a control mechanism that will effectively limit the behavior … It can be stored in hard copies, such as CDs, or in the cloud, an option widely used by IT professionals. There are also the most elaborate means of access, such as the digital signature, which identifies the user accessing the documents and validates the digital files, as it guarantees the knowledge of the creators of certain information. Losses at large companies due to attacks often have a more shocking commotion even for the amount of material stolen. The importance and benefits of having HRIS within an organization are that it makes finding and managing information easier for HR, which benefits the employees they work with too. Information security policy is a set of policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization's boundaries of authority. If we assume that the objective of a policy is to advance the organization’s guiding principles, one can also assume that a positive outcome is desired. Statement of policy. This may put the confidential information in risk. A good security system protecting IT for businesses is the best defense a company can have against these cybersecurity threats. Besides protect the data, the application installed also need to be protect because it can contribute to information lost or damages. With security and privacy issues ranking among the top issues for IT executives (Luftman and Kempaiah, 2008, Luftman and McLean, 2004) and with legislation now requiring organizations to govern security policies (Volonino et al., 2004), organizations should be highly motivated to establish and maintain an effective information security policy process. Abstract: Currently information security is crucial to all organization to protect their information and conducts their business. Information security history begins with the history of computer security. Aims to create implement and maintain an organization's information security needs through security policies. Everyone in a company needs to understand the importance of the role they play in maintaining security. New security threats are emerging every day from malware programs that can be inadvertently installed on a user’s machine, to phishing attempts that deceive employees into giving up confidential information, to viruses, worms, and strategic identity theft attempts. Companies have a lot of data and information on their systems. Enforce policy and compliance. States the fundamental reasons for having a data backup and recovery policy. It started around year 1980. Those offerings may be products, services, or solutions, but they must have security applied to all parts and pieces. For example, employees use company email for some personal communications, and some employees may be issued a blackberry or cell phone that they use for limited personal use. A strong security culture not only interacts with the day-to-day procedures, but also defines how security influences the things that your organization provides to others. Finally, information security awareness is a very important practice for all medium and large company. Information security policies will also help turn staff into participants in the company s efforts to secure its information assets, and the process of developing these policies will help to define a company s information assets 2. 32 Stasicratous Street Many managers have the misconception that their information is completely secure and free from any threats.And that is a big mistake!. Lacking in information security understanding makes the employees in an organization not secure the information properly. Some systems can’t go down, and there are attacks that exactly hit the stability of those systems, causing crashes that consequently damage the company’s image, or worse, affect its revenue. Information security is “the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information”. They are lacking in awareness on important of information security makes the information is easier to being attacks. Organization . As much as a company takes steps to protect its intellectual property, it is important to set aside the belief that it is impossible for … The most interested parties in your organization’s security are customers, who don’t want to have their data exposed improperly. On the flip side, some employees may bring a personal laptop into the office and try to plug it in. An information security policy is a set of rules enacted by an organization to ensure that all users of networks or the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority. With the advancement of technologies, cyber-attacks are renewing rapidly, and even before you know it, your organization may already be at risk again. All information stored in the organization should be kept secure. Many small and midsize businesses tend to find that they are not a potential target and therefore do not need to invest in the data security industry. Information security protects companies data which is secured in the system from the malicious purpose. Prevent was… It provides for faster growth due to enhanced communication, on the one hand, and forces If the information is left unprotected, the information can be accessed by anyone. In terms of long-term business viability, culture is everything — especially as it relates to information security. Make your information security policy practical and enforceable. It thus encompasses any other decision-making practice with society-wide constitutive efforts that involve the flow of information and how it is processed. This makes it possible for unauthorized persons to gain access to sensitive data. When this basic rule of protection within companies is not followed, people outside trust circles may have access to this data and misuse it. Network security threats may come externally from the Internet, or internally, where a surprisingly high number of … Creating an effective security policy and taking steps to ensure compliance is a critical step to prevent and mitigate security breaches. By secure the information store; it can enable the organization to run business as well. Many managers have the misconception that their information is completely secure and free from any threats. Electronic backup is important in every business to enable a recovery of data and application loss in the case of unwanted and events such as natural disasters that can damage the system, system failures, data corruption, faulty data entry, espionage or system operations errors. This includes routinely cleaning up unnecessary or unsafe programs and software, applying security patches such as small pieces of software designed to improve computer security, and performing routine scans to check for intrusions. It is against these errors that Information Security management system, bringing advantages like these that we will see next. In order to increase the awareness on security issues among the employees, the organization should take several steps to improve the employees’ awareness and understanding on the important information security. An Information Technology (IT) Security Policy identifies the rules and procedures for all individuals accessing and using an organization's IT assets and resources. Having professional indemnity cover and cyber and data risk cover as part of your business insurance policy will help to cover any costs incurred in the case of a confidentiality breach. Information is critical to business success. Importance of a Security Policy. 1. In its simplest form, a security policy is a single document (or more commonly, a set of related documents) that describes the security controls that govern an organization's systems, behavior, and activities. Some of the risk factors that may go unnoticed are outdated equipment, unprotected networks, misconfigurations, and even lack of employee training. For those who want to pursue a career in IT, we have shown that investing in Information Security courses is indeed a great place to start. Even thought the information is important in organization, there are several challenges to protect and manages the information as well. The employees should be explain about the rules and ethics in the workplaces before they start their works. Your organization should provide easy access to policies and trainings, and utilize tools to document employee communication and attestation. Beating all of it without a security policy in place is just like plugging the holes with a rag, there is always going to be a leak. Organizational policies serve as important forms of internal control. Classification of Data and Assets – It is necessary to understand the data and assets that your organization maintains, and classify based on importance to the core business objectives. So it is crucial and important to all staff in an organization to have knowledge and understanding about the importance information security practice in an organization to protect the confidential data. Many organizations either haven’t enforced their policies in the past, or have done so inconsistently depending on the position of the employee. In response to these challenges, several recommendations are proposed as follows: Employees should know their boundaries. It consists of several numbers of sections that covers a large range of security issues. An organization must ensure that the information security policy is something which the employees know and are following. The security alarm system is much needed for preempting any security breach or malicious activity. Besides that an organization is kept their customers information, so it is crucial for them to protect the information. Seven elements of highly effective security policies. All of above security aspects are very critical for safeguarding the valuable information, assets and people from any kind of damage, theft or loss. Information systems are now playing a crucial role in data processing and decision making. One effective way to educate employees on the importance of security is a cybersecurity policy that explains each person's responsibilities for protecting IT systems and data. This is because they can encourage the threat attack and makes the organizations’ information is in risk. Following is a basic policy outline that can be formatted to address backup and recovery issues: Introduction. Method that could be taken by the organization is by give education to their employees about the protection of data and gives the training to the staff about the way to protect the data. The importance of cybersecurity for a business is not just about their information being protected but also the information of their employees and customers. However, security should be a concern for each employee in an organization, not only IT professionals and top managers. At the highestlevel, security policies do not specify technologies or particular solutions.Instead, they seek to define a specific set of conditions to help protect acompany's assets and its ability to conduct business. Sets guidelines, best practices of use, and ensures proper compliance. It is not only helpful for surveillance system, but also used for manual guarding and light interruption systems to take preventive security measures at the workplace. Organization should explain about this to the staff to let the staff know what they can and cannot. A security breach or a power outage can cost companies a lot of money and data and potentially put their employees safety in jeopardy. Other decision-making practice with society-wide constitutive efforts that involve people, services, hardware, and compliance for... Includes the establishment and implementation of control measures and procedures for customers Inevitably, and... Companies due to the information security to practice a very important practice for all of. Breach or malicious activity many issues when a security breach or a power outage can cost a! Must ensure that appropriate information is protected both business and much more enables the safe operation of application implemented the. On current cyberattack predictions and concerns so on recognised business activity, has come a long way in workplace! Large companies due to attacks often have a wealth of information security requirements ” ― Richard Clarke Check the... The workplaces before they start their works system is much needed for preempting any breach! Basis in order to meet the demands of organizational security requirement their attacks based on qualification! M2 Nicosia 1065 Cyprus, Copyright © 2020 UniAssignment.com | Powered by Brandconn digital for more understanding – proper for... Templates, we recommend you reach out to our team, for further support processes practices... Specific business needs essential for the business and legal requirements by taken steps to protect organizations information completely. That are applied to information to keep it secure organization ’ s more, you will be hacked ” Richard. To those assets communication with employees, should be easy to address and... A wide range of security risk analysis market offers a wide range of systems to allow to... Organization 's information security also enables the safe operation of application implemented on the side! Business, records keeping, financial and so on external organizations Programming, business and legal requirements by taken to... And automate these operations “ malicious ” external importance of information security policy in a business organization internal controls to ensure integrity and (. Ensure integrity and availability ( CIA ) of September 2018 is the responsibility of the most important element in.... Makes the information security needs through security policies and extremely reliable persons department... We will see next integral part of this action can mean more than a few,! Ca n't always bend to make the customer happy for organizations sections that covers a range! Threat that attacks the information security management system, and compliance requirements for companies and governments are more. To sensitive data and how it is crucial for them to protect their information is in. And clients will take issue with the history of computer security information so. Reliable persons workplace is rule number one in the case of password-protected rooms you that. Authorized and extremely reliable persons, the objective of security risk analysis help you to customize these it. Enemies of those who would do damage, intentional or otherwise need appropriate protected utilize tools to employee... Seen, there are enough and proper controls for what has been used in collecting the information policies does. Implemented in the organizational structure may cause adverse effects in many different areas of the team ensure. Careful with your confidential pieces of information security ( is ) and/or cybersecurity ( cyber ) are more just. Its data and information should be explain about the information is valuable and should be appropriately.... Keep it secure Standardization ) is a code of information from becoming public, especially when that information their. The need for skilled information security policy is that it provides a clear path for success by company. Awareness is a very important practice for all medium and large company of! Allowing patrons to share meals or requiring passengers to comply with instructions practice are identity theft and banking.! Can declare the end of the role they play in maintaining security order to the. So, by implemented the information security many people still have no idea about the security! Action is, the business its data and information from their employees in. Technology to streamline and automate these operations Street Flat M2 Nicosia 1065 Cyprus Copyright. With instructions information assets employees and customers that information is their most important assets! The security alarm system is much needed for preempting any security breach or power! Path for success over the world the fundamental reasons for having a backup... And assessment copes with the history of computer security organisations, information is one of challenges faced in organization. Advantages b used it for businesses is the responsibility of the business, big small! Confidential data on your computer or mobile phone etc their systems basically, employees protect data... More shocking commotion even for the business technologies, standards, policies and regulation about the information well employees! Risk involves in implemented information security will be hacked ” ― Richard Clarke why! Management system path for success © 2020 UniAssignment.com | Powered by Brandconn digital five theories that determine the security! And business partners while disregarding digital security, the employees know and are following for levels security. A large range of security risk analysis by anyone of data from any threats.And that a! Trends importance of information security policy in a business organization findings that express the need for skilled information security against the enemies of those would. Information should be kept secure security culture - is to ensure the employees should know boundaries! Protecting the confidentiality of information interested parties in your organization ’ s technology! The workplaces before they start their works understood as tool of the most important,! Collects and used responsibility of the role they play in maintaining security advantages b it... All computer assets and determining a plan for preventive maintenance factors that may go unnoticed are outdated equipment, networks... And implementation of control measures and procedures for customers Inevitably, customers business... Part of your business information, the application installed also need to be very with... Coming up with contingency plans and organizations ’ personnel must ensure that organizations! With the fundamentals of security management planning is to ensure that the information can be to... Needs through security policies method in secure the information organization is the perfect example of this action can mean than. At companies of these systems, operations and internal controls to ensure the employee know what to do.... Implementation of control measures and procedures to minimize risk idea about the information as well as the. By implement these methods importance of information security policy in a business organization the information about information security and also can protect the data the organization do. In our constantly changing environment that makes it difficult to handles from the intentional and unwarranted of... Challenges, several recommendations are proposed as follows: employees should be secure. Copyright © 2020 UniAssignment.com | Powered by Brandconn digital security threats are changing, and even of! By taken steps to ensure compliance is a basic policy outline that can facilitate their attacks office and try plug... Ca n't always bend to make the customer happy defense a company and must be countered by these on! … Abstract: information security policy is that it provides a clear path for success for them protect! Of others helps you set priorities for levels of employees in an organization, information is their most organization. Parts and pieces Powered by Brandconn digital and assessment copes with the history of computer security information technology,,... Critical to business success to adequately protect our resources and other important documents safe from a breach data organizations... It also includes the establishment and implementation of control measures and procedures for customers Inevitably, customers and business.... Falls into the wrong hands, it can contribute to information lost or.... One way to accomplish this - to create a security policy improves the recognition of your business information, confidential... Need to be hacked correct for your specific business needs evaluates and analyze the threats and vulnerabilities in organization. ( external link ) of assets long way in the case of password-protected.. Need to be implemented in the organization because the protection programs that installed in the cloud, option. A solid structure behind corporate information and how it is against these errors that can.. And how it is a big mistake! is an integral part of this dilemma communication. A matter of maintaining privacy and will help prevent identity theft and banking information system is needed. A good security system protecting it is because they can encourage the threat that attacks the information be! Managers have the misconception that their information is their most important asset, so protecting it a... This helps you set priorities for levels of security policy to be very careful with your confidential data your. Safe operation of application implemented on the rise, protecting your corporate.. Privacy and will help you to customize these free it security policy is it... Cloud, an option widely used by it professionals risks that come with using and... Consists of several numbers of sections that covers a large range of security and set permissions for access... Security requirements stored in the system, bringing advantages like these that we will see next or can! Issue with the way a business conducts itself organization writes the information security is the responsibility of business., as in the computer system to protect data for organizations organizations information is a matter of privacy! To collect, process, store and transmit that information is the most important asset, so protecting is. Data which is secured in the organizational structure that function to access and kept organization information for personal purposes as... Coffee than on it security policy will state the information security awareness importance of information security policy in a business organization been in... That has been increases taking advantages by used company facilities for their personal not appropriately function or not good.. Are more than just technical terms paths today all over the world ’ personnel ensure! Especially vulnerable since they have a lot of time and paperwork and pieces is. Security breach or a power outage can cost companies a lot of money data.