1 / 4

Keeping Your Company Safe & Secure

Keeping Your Company Safe & Secure. As a new business, handling and storing personal data belonging to customers can be dangerous. There are many different threats to the data stored, which can be utilised through weak areas in the IT infrastructure.

zubin
Download Presentation

Keeping Your Company Safe & Secure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Keeping Your Company Safe & Secure As a new business, handling and storing personal data belonging to customers can be dangerous. There are many different threats to the data stored, which can be utilised through weak areas in the IT infrastructure. However, you can try to protect the data using a multitude of data protection techniques, such as Hardware, Software and a range of procedures. This presentation will point out the dangers and threats to the data you posses, and numerous methods of protecting that data. By Aiden Morgan

  2. Laws • When you are storing Personal Data electronically, you must follow a set of rules known as The Data Protection Act. • These laws aim to protect the personal information held by companies, and to ensure it isn’t misused or used in a manor which the person is unaware of. Data Protection Principles: • Fairly and Lawfully processed – Data used for specified purpose and NO OTHER, without persons’ consent. • Processed for registered purposes – any Data sold on must be registered with Information Commissioner. (Data subject must be notified) • Adequate, relevant and not excessive – Any irrelevant data must be deleted. (E.g. unsuccessful job applications.) • Accurate and up to date – steps are taken to ensure data is accurate (E.g. Schools making sure pupils information is up to date) • Not kept for longer than necessary – Data must be removed once specified purpose has been met. • Processed in line with the customers’ rights – Data subject can have access to the data stored about them at any time (for a small fee) • Secure – appropriate measures are taken to prevent access from unauthorised personnel. • Not transferred to countries without adequate protection – data cannot be transferred outside of the EU unless a suitable level of protection is provided.

  3. Threats &Weak Points Threats: • There are two main types of threats to IT infrastructure … • External- When someone outside of the organisation gains access to the IT system. This can result in the theft of money, data or exposure to viruses etc. • Internal- When the IT system is at risk by the employee(s) of the organisation, either deliberately (E.g. Personal gain for the employee) or through careless behaviour(E.g. Leaving workstations unattended whilst logged on). Weak Points: • Data Entry- Internal Threat, when data is fraudulently entered with criminal intent. • Data stored on a computer- can be accessed by unauthorised users through networks or if the computer is left unattended whilst logged on. • Data stored offline- Data stored on memory sticks or CD’s can be particularly vulnerable if in the wrong hands. • Viruses, Worms and Trojan Horses- can causes different types of harm to your computer system. • Spyware- a type of program which attaches itself to the computers OS. • Networks- threats can occur when data is being transferred over networks. • Internal IT Personnel- Breaches made by the company’s employees either intentionally or due to laziness. • Hacking- when someone aims to gain unauthorised access to the IT system.

  4. Methods of Protection Software Methods Hardware Methods • Allocation of unique user identification code and password. Only when this is keyed in correctly can the access the system.A network access log can be kept. - Keeps track of the usernames if all the users on the network, which work stations they are at and the times they logged on and off. - Also shows which programs they used and which files they created or accessed. • Limited levels of access. • Virus and Spyware Protection. • Encryption. (important and confidential information). • Keep doors locked. Operated by a key, swipe card or code (which is kept secret) -Locks activated via voice recognition or fingerprints offer an alternative. • Security Staff. • CCTV cameras. • Alarm systems. • Computer keyboard locks. Procedures • Virus Procedures… • Not opening emails from unknown sources. • Keep antivirus software updated. • Around the Workplace… • All computers logged off when unattended. • Disk and Tape libraries. • Staff & Visitors wear cards. (checked by security staff) • Doors with valuable data stored inside the rooms shouldn’t be left unlocked. • Password Procedures… • Kept secret • Not obvious. • Not too short/too long. • Mix of numbers and upper/lower case letters. McAfee VirusScan

More Related