300 likes | 450 Views
Safety and Security advice . For your business. T hings to consider: . The laws which need to be followed when storing consumers’ data electronically What are the potential threats / weak points in your ICT infrastructure And how your business can protect itself. Firstly: .
E N D
Safety and Security advice For your business
Things to consider: • The laws which need to be followed when storing consumers’ data electronically • What are the potential threats / weak points in your ICT infrastructure • And how your business can protect itself
Firstly: • Data Protection Principles • These are laws which you must follow if you wish to house consumer data.
That any data you receive from consumers is fairly and lawfully processed • You must remain neutral to any data you receive from consumers and treat it all fairly and equally. • It also means you cannot collect peoples’ data for one purpose, then use it for a different one (without the data subject’s consent or knowledge)
Processed for a registered purpose • If you wish to store consumers’ data on severs over a period of time you MUST inform the Information Commissioner in your local area, if you fail to do so you will be violating the Data Protection Act by storing information without proper parliamentary consent or knowledge
Not kept for longer than necessary • Irrelevant data must be deleted, for example customers who no longer wish to receive your newsletter- Their information should be deleted off record
The data should be kept up-to-date • Once a year you must provide customers with a printout of their data which they can check, either to be correct or it may need to be change (E.G: They may have moved house, or a different e-mail address)
It must be secure • Consumer data must secure and free from the potential threat of unapproved access • This involves external threat from hackers as well as well as internal threat by employees- those who aren’t allowed to see it
You must NOT transfer consumer data to a different country outside the EU unless that country has the facilities and protection to store said data • In the event that data has to be transferred consent must be gained from all the appropriate parties first including the data subject
Obviously the biggest threat, and the one all companies fear most: • Hacking
Overview • This involves breaking down a network’s security and gaining unauthorized access to a system with intent to change or damage files
Causes: • Wireless networks can be hacked, particularly those with minimal WPA protection. • This occurs sometimes in school networks over a large campus and due to the long range and high bandwidth the hacker can disrupt files easily without being traced.
Viruses, worms and Trojans • These are programs written with intent to steal data and transfer it back to its source. • They can enter your system by: • Hyperlinks with an unknown destination • Either by a USB or CD-R • E-mail attachment from an unknown origin
A less common threat: • Spyware- Again these are programs written that attach to the operating system of a computer and take up large amounts of memory
Procedures can be taken • Use a good anti-virus software with capabilities to protect your business • Norton Antivirus is often a good choice
ALONG SIDE LITTLE THINGS SUCH AS • Locking a computer when you leave it unattended, even if you only plan to leave it for less than a minute • Don’t open attachments or follow hyperlinks when you don’t know who they’ve come from, always ensure you know the sender
Passwords are key • Make sure a password has been set on computer. Default passwords such as password, hello, admin or no password at all will allow easy access to your computer or your Internet account. • 1. Change passwords often. It is recommended at least once every few months. • 2. Create a BIOS (start-up) password. • 3. When creating a password, add numbers or other characters to the password to make it more difficult to guess; for example, 1mypassword23!. • 4. Do not use sticky notes around your computer to write down passwords!!
Some more rules on passwords • -Do not use a password that you have used in the past. • -Try to change the password at least every 3-6 months. • -Create a password that is at least six characters long. • -Create a password with both digits and letters. • -Do not create a password with a family name or family pet. • -Do not create a password that is your phone number, house numberetc • -Create a password that is not in a dictionary. • -Create passwords with spaces in them (if allowed).
System administrators • If you run a network of computers or are in charge of computer security, try using the below rules to help secure your network and computers. • -Require that passwords be changed every 3 months (90 days). Almost all network operating systems have features that prompt users to change password once the specified time is up. • -Set a minimum password length. Most network operating systems support the ability to set a minimum password length. • -Enable account lockout threshold. This option disables an account after so many failed login attempts. Usually three attempts with a duration of 60 minutes is sufficient.
There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data.
However, things can be done • Such as keeping software update to-date • Keeping antivirus definitions always up-to-date • Always make sure you know how to use the software before trying to do anything with it
A few things to remember about hardware and storing data offline
Never take USB pens or CD/R s home, remember office documents should never leave the office • Never leave USB pens or CD-R s with important data on them lying around your desk • Unattended SSDs (Solid state drives such as USBs or memory cards) should be password encrypted if possible
BACKUP • No matter how many times you lose the data you can recover it from your backup an infinite number of times….
Thank you for you time • We hope this helps with ICT security in your new business