Keeping Your Company Safe & Secure. As a new business, handling and storing personal data belonging to customers can be dangerous. There are many different threats to the data stored, which can be utilised through weak areas in the IT infrastructure. - PowerPoint PPT Presentation
Keeping Your Company Safe & Secure By Aiden Morgan As a new business, handling and storing personal data belonging to customers can be dangerous. There are many different threats to the data stored, which can be utilised through weak areas in the IT infrastructure. However, you can try to protect the data using a multitude of data protection techniques, such as Hardware, Software and a range of procedures. This presentation will point out the dangers and threats to the data you posses, and numerous methods of protecting that data.
Transcript
Keeping Your Company Safe & Secure
By Aiden Morgan
As a new business, handling and storing personal data belonging to
customers can be dangerous. There are many different threats to the data stored, which can be utilised through weak areas in the IT infrastructure.
However, you can try to protect the data using a multitude of data protection techniques, such as
Hardware, Software and a range of procedures. This presentation will
point out the dangers and threats to the data you posses, and numerous
methods of protecting that data.
Laws• When you are storing Personal Data electronically, you must follow a set of rules known as
The Data Protection Act.• These laws aim to protect the personal information held by companies, and to ensure it
isn’t misused or used in a manor which the person is unaware of.
Data Protection Principles:• Fairly and Lawfully processed – Data used for specified purpose and NO OTHER, without persons’ consent.• Processed for registered purposes – any Data sold on must be registered with Information Commissioner. (Data subject must be
notified)• Adequate, relevant and not excessive – Any irrelevant data must be deleted. (E.g. unsuccessful job applications.)• Accurate and up to date – steps are taken to ensure data is accurate (E.g. Schools making sure pupils information is up to date)• Not kept for longer than necessary – Data must be removed once specified purpose has been met.• Processed in line with the customers’ rights – Data subject can have access to the data stored about them at any time (for a
small fee)• Secure – appropriate measures are taken to prevent access from unauthorised personnel.• Not transferred to countries without adequate protection – data cannot be transferred outside of the EU unless a suitable level
of protection is provided.
Threats &Weak Points
Threats:There are two main types of threats to IT infrastructure …• External- When someone outside of the organisation gains
access to the IT system. This can result in the theft of money, data or exposure to viruses etc.
• Internal- When the IT system is at risk by the employee(s) of the organisation, either deliberately (E.g. Personal gain for the employee) or through careless behaviour(E.g. Leaving workstations unattended whilst logged on).
Weak Points:• Data Entry- Internal Threat, when data is fraudulently entered with criminal
intent.• Data stored on a computer- can be accessed by unauthorised users
through networks or if the computer is left unattended whilst logged on.• Data stored offline- Data stored on memory sticks or CD’s can be
particularly vulnerable if in the wrong hands. • Viruses, Worms and Trojan Horses- can causes different types of harm to
your computer system.• Spyware- a type of program which attaches itself to the computers OS.• Networks- threats can occur when data is being transferred over networks.• Internal IT Personnel- Breaches made by the company’s employees either
intentionally or due to laziness.• Hacking- when someone aims to gain unauthorised access to the IT system.
Methods of ProtectionHardware Methods• Keep doors locked. Operated by a key, swipe
card or code (which is kept secret) -Locks activated via voice recognition or fingerprints offer an alternative.
Software Methods• Allocation of unique user identification code and password. Only when
this is keyed in correctly can the access the system.A network access log can be kept. - Keeps track of the usernames if all the users on the network, which work stations they are at and the times they logged on and off. - Also shows which programs they used and which files they created or accessed.
• Limited levels of access.• Virus and Spyware Protection.• Encryption. (important and confidential information).
ProceduresAround the Workplace…• All computers logged off when unattended.• Disk and Tape libraries.• Staff & Visitors wear cards. (checked by security staff)• Doors with valuable data stored inside the rooms
shouldn’t be left unlocked.
Password Procedures…• Kept secret• Not obvious.• Not too short/too long.• Mix of numbers and upper/lower case letters.
Virus Procedures…• Not opening emails from unknown sources.• Keep antivirus software updated.
