1 / 33

As an online provider, what questions should I be asking about data security?

As an online provider, what questions should I be asking about data security?. Kit Sadgrove. CEO, The Blackford Centre Author, The Complete Guide to Business Risk Management. EADL members tend not to be IT experts. Most have no wish to be.

tuj
Download Presentation

As an online provider, what questions should I be asking about data security?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. As an online provider, what questions should I be asking about data security?

  2. Kit Sadgrove • CEO, The Blackford Centre • Author, The Complete Guide to Business Risk Management

  3. EADL members tend not to be IT experts. Most have no wish to be. But distance education has become increasingly online Therefore new risks. Need to become more familiar with the dangers of data security.

  4. Figure 15.1: Causes of data loss. Last 12 months, UK government research Source PWC

  5. Two locations • Your local server and PCs • Your online presence

  6. Four scenarios • Someone steals your learners’ credit cards, or uses their personal information. You become liable. (Online/local) • Someone steals your online content, and makes it widely available. (Online) • Your local server goes down, or you find data is missing or corrupted. You can’t access or update records. (Local) • Your website goes down, whether from error or a malicious attack You lose sales. (Online)

  7. What you have to do • Protect credit cards and personal information. • Protect your online content. • Prevent your website from being hacked or destroyed. • Prevent local IT failure.

  8. Protect personal information

  9. Review the security ofpersonal information • Restrict access • Harden passwords • Review ISP reliability • Don’t share remote server (VPN or own server)

  10. Protecting your online content It's easy for people to steal content. But don’t get obsessed about this. 99% of learners won't steal or copy your material. Case study: Learner makes an entire course available to the public.

  11. Protect your online content • Harden access • PDFs that can’t be saved? • Balance learners’ ease of use vs. protecting your data.

  12. Website failure Your website is down. You are offline. Potential purchasers believe you have ceased trading.

  13. Students are unable to access their material. The organisation loses its files?

  14. Hackers • DDOS • ISP failure • Overwriting or corruption of data

  15. Steps to take • Do all security updates (Wordpress) • Secure passwords • Daily backup of your online software and data. • High quality host

  16. Minimise the chances of losing local data • Back up daily • Automate the process • Keep backups off-site • More than one backup method • Test your ability to Restore

  17. Second Copy • “Best Backup Software 2015” PC Advisor

  18. Minimise the chances of losing local data • Anti Virus software • Firewall • Use Raid drives • Restrict access to parts of the computer network. • Keep some computers off the network • Restrict the number of computers with writeable DVD drives. • Block USB ports

  19. Most popular passwords 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16.mustang 17. access 18. shadow 19. master 20. michael 1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 123456789 7. 1234 8. baseball 9. dragon 10. football

  20. Harden your passwords • Change vital passwords often • No dictionary words (carboatplane) • No phrases • Don’t substitute numbers for letters (4example) • No birth dates • No telephone numbers

  21. Intellectual Property • Educate employees: Taking confidential information is wrong. • Enforce non-disclosure agreements (NDAs): Include stronger, more specific language in employment agreements. • Exit interviews • Use monitoring technology: Data loss prevention software to monitors access.

  22. Who are you? Bad: That online stuff is managed by the tech guys. I don’t have time to get involved. Good: I know that our data is protected because I’m regularly involved in the discussions. Best: I personally take responsibility for data, and am competent to manage our system.

  23. Questions to ask • Who has access? What happens if they leave or are fired? • How hardened is the access? • Are AV and Wordpress updates regularly installed? • Backups: Who does them? Are they off-site? Are they automated? • Restore: Have we done a Restore recently?

  24. Questions to ask • How reliable is our ISP? • How knowledgeable are we? • Are our systems documented? • How capable am I personally? Am I involved?

  25. Kit Sadgrove • Kit@inst.org • The Complete Guide to Business Risk Management

More Related