330 likes | 348 Views
As an online provider, what questions should I be asking about data security?. Kit Sadgrove. CEO, The Blackford Centre Author, The Complete Guide to Business Risk Management. EADL members tend not to be IT experts. Most have no wish to be.
E N D
As an online provider, what questions should I be asking about data security?
Kit Sadgrove • CEO, The Blackford Centre • Author, The Complete Guide to Business Risk Management
EADL members tend not to be IT experts. Most have no wish to be. But distance education has become increasingly online Therefore new risks. Need to become more familiar with the dangers of data security.
Figure 15.1: Causes of data loss. Last 12 months, UK government research Source PWC
Two locations • Your local server and PCs • Your online presence
Four scenarios • Someone steals your learners’ credit cards, or uses their personal information. You become liable. (Online/local) • Someone steals your online content, and makes it widely available. (Online) • Your local server goes down, or you find data is missing or corrupted. You can’t access or update records. (Local) • Your website goes down, whether from error or a malicious attack You lose sales. (Online)
What you have to do • Protect credit cards and personal information. • Protect your online content. • Prevent your website from being hacked or destroyed. • Prevent local IT failure.
Review the security ofpersonal information • Restrict access • Harden passwords • Review ISP reliability • Don’t share remote server (VPN or own server)
Protecting your online content It's easy for people to steal content. But don’t get obsessed about this. 99% of learners won't steal or copy your material. Case study: Learner makes an entire course available to the public.
Protect your online content • Harden access • PDFs that can’t be saved? • Balance learners’ ease of use vs. protecting your data.
Website failure Your website is down. You are offline. Potential purchasers believe you have ceased trading.
Students are unable to access their material. The organisation loses its files?
Hackers • DDOS • ISP failure • Overwriting or corruption of data
Steps to take • Do all security updates (Wordpress) • Secure passwords • Daily backup of your online software and data. • High quality host
Minimise the chances of losing local data • Back up daily • Automate the process • Keep backups off-site • More than one backup method • Test your ability to Restore
Second Copy • “Best Backup Software 2015” PC Advisor
Minimise the chances of losing local data • Anti Virus software • Firewall • Use Raid drives • Restrict access to parts of the computer network. • Keep some computers off the network • Restrict the number of computers with writeable DVD drives. • Block USB ports
Most popular passwords 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16.mustang 17. access 18. shadow 19. master 20. michael 1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 123456789 7. 1234 8. baseball 9. dragon 10. football
Harden your passwords • Change vital passwords often • No dictionary words (carboatplane) • No phrases • Don’t substitute numbers for letters (4example) • No birth dates • No telephone numbers
Intellectual Property • Educate employees: Taking confidential information is wrong. • Enforce non-disclosure agreements (NDAs): Include stronger, more specific language in employment agreements. • Exit interviews • Use monitoring technology: Data loss prevention software to monitors access.
Who are you? Bad: That online stuff is managed by the tech guys. I don’t have time to get involved. Good: I know that our data is protected because I’m regularly involved in the discussions. Best: I personally take responsibility for data, and am competent to manage our system.
Questions to ask • Who has access? What happens if they leave or are fired? • How hardened is the access? • Are AV and Wordpress updates regularly installed? • Backups: Who does them? Are they off-site? Are they automated? • Restore: Have we done a Restore recently?
Questions to ask • How reliable is our ISP? • How knowledgeable are we? • Are our systems documented? • How capable am I personally? Am I involved?
Kit Sadgrove • Kit@inst.org • The Complete Guide to Business Risk Management