Security


Threats to the Data

No Log In

If there is no security that is protecting your customers/associates details, it can be a big problem and can be made to pay a fine or even in some circumstances face a jail term. If data is not protected correctly anyone can access your file or personal information and do whatever they wish with that information. 

There are 50 users on the network and there was no log in for each user, all the 50 people can open each others files, copy their personal details or even edit their work, such as deleting assignments or stealing them. Each user should have their own personal log in username and password, so that the can assured that their files are secure.








Internet Access (unrestricted)

Another way that data can be protected is by have a restricted internet for some websites that have files that may corrupt your computer and gain access to your personal details once downloaded or even sometimes even open, their data is at risk because one of them 50 users may download a file that contains a virus which may do damage to the computer, then the owner will have to pay to repair the problem.


Administrator

If there is no administrator log in all the details in the whole network can be edited, software can be removed which can make the company manager miss out on money he had to pay to purchase the software. When software is downloaded, some files may contain viruses, worms or spyware. This can affect everyone in the company as all their data is saved together, if there is no log in for each user.




Back Up Files

In case of a fire, natural disaster or whatever problem that causes the hard drive to delete all the users details and data saved, a company should back up their data at least once a day, some people think that 1 time a day isn’t enough.




Data Types Being Kept Secure

Data types should not be kept in a plastic box on top of the server, this is not safe and not keeping all the data secure. The data should be kept in a fireproof box in a secure distant location where it will not be damaged if the building has a disaster such as fire, or flood etc.



Company keeping records in databases

There is a problem with the company storing all customers personal details such as customer names and addresses, account numbers, bank details and purchase history. All the staff has access to this information and will be able to do whatever they like with it because there is no log in or password to access the files that the administrator and staff use/store. The company is breaking the law Data Protection Act which has been place in 1984, the law is that Personal data must be obtained and processed fairly and lawfully, this has not been done so by the company.





Staff sharing personal details over the phone

The manager has occasionally overheard staff sharing personal account numbers over the telephone; staff should not be able to have the authority to share personal information of others to random people who may use the details with inappropriate intentions.  Also the manager has also heard staff giving out other employees addresses over the phone to people, you are not allowed to share information of people who are customers or staff to random people. Staff are not allowed to distribute personal details of staff or customers.



IP Addresses

The business should keep a list of the history of all the IP Addresses, just so they know what IP addresses the staff is accessing.

No Firewall or Monitored Downloads

When there is no firewall added to all the computers, software and personal files can be put at risk of being shared with the creators of viruses. If you download a file which has a virus saved into the file which the user downloads, that virus will now be saved onto your hard drive and will cause damage to the speed and efficiency of your staffs computers. Firewall will block attempts to corrupt or damage your computer and will keep your computer safe, it can be expensive but if the manager ended up having to wipe his hard drive due to a virus effecting his files, he may loose all file and software he has purchased will cost more money to purchase again.


Data Protection Act

Data protection act is protecting anyone who is living and identifiable. It creates rights for people who are having their information stored; people can pay a small fine to find out what information is being held against them. Everyone has the right to see what is being held against them, also have the ability to change or remove details.
Data may not be held for unnecessary unlawfully purposes and should not be shared with anyone.  All data should be accurate and where necessary should be kept up to date. Data should only be stored if it is relevant to the reason the data is being stored, and should only be held for longer than necessary.

No comments:

Post a Comment