Upload
milton
View
31
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Safety and Security advice . For your business. T hings to consider: . The laws which need to be followed when storing consumers’ data electronically What are the potential threats / weak points in your ICT infrastructure And how your business can protect itself. Firstly: . - PowerPoint PPT Presentation
Citation preview
SAFETY AND SECURITY
ADVICE
F O R YO U R B
U S I NE S S
THINGS TO CONSIDER: The laws which need to be followed when storing consumers’
data electronicallyWhat are the potential threats / weak points in your ICT
infrastructure
And how your business can protect itself
FIRSTLY: Data Protection Principles
These are laws which you must follow if you wish to house consumer data.
THAT ANY DATA YOU RECEIVE FROM CONSUMERS IS FAIRLY AND LAWFULLY PROCESSED
You must remain neutral to any data you receive from consumers and treat it all fairly and equally.
It also means you cannot collect peoples’ data for one purpose, then use it for a different one (without the data subject’s consent or knowledge)
PROCESSED FOR A REGISTERED PURPOSEIf you wish to store consumers’ data on severs over a period of
time you MUST inform the Information Commissioner in your local area, if you fail to do so you will be violating the Data Protection Act by storing information without proper parliamentary consent or knowledge
NOT KEPT FOR LONGER THAN NECESSARYIrrelevant data must be deleted, for example customers who no
longer wish to receive your newsletter- Their information should be deleted off record
THE DATA SHOULD BE KEPT UP-TO-DATEOnce a year you must provide customers with a printout of
their data which they can check, either to be correct or it may need to be change (E.G: They may have moved house, or a different e-mail address)
IT MUST BE SECURE Consumer data must secure and free from the potential threat
of unapproved access This involves external threat from hackers as well as well as
internal threat by employees- those who aren’t allowed to see it
You must NOT transfer consumer data to a different country outside the EU unless that country has the facilities and protection to store said data
In the event that data has to be transferred consent must be gained from all the appropriate parties first including the data subject
POTENTIAL WEAK POINTS IN YOUR ICT SYSTEM
Obviously the biggest threat, and the one all companies fear most:
Hacking
OVERVIEWThis involves breaking down a network’s security and gaining
unauthorized access to a system with intent to change or damage files
CAUSES:Wireless networks can be hacked,
particularly those with minimal WPA protection.
This occurs sometimes in school networks over a large campus and due to the long range and high bandwidth the hacker can disrupt files easily without being traced.
VIRUSES, WORMS AND TROJANSThese are programs written with intent to
steal data and transfer it back to its source.
They can enter your system by:Hyperlinks with an unknown destinationEither by a USB or CD-R E-mail attachment from an unknown origin
A LESS COMMON THREAT: Spyware- Again these are programs
written that attach to the operating system of a computer and take up large amounts of memory
SO WHAT CAN BE DONE ABOUT IT?
PROCEDURES CAN BE TAKENUse a good anti-virus software with capabilities to
protect your business
Norton Antivirus is often a good choice
ALONG SIDE LITTLE THINGS SUCH ASLocking a computer when you leave it unattended, even
if you only plan to leave it for less than a minute
Don’t open attachments or follow hyperlinks when you don’t know who they’ve come from, always ensure you know the sender
PASSWORDS ARE KEYMake sure a password has been set on computer. Default
passwords such as password, hello, admin or no password at all will allow easy access to your computer or your Internet account.
1. Change passwords often. It is recommended at least once every few months.
2. Create a BIOS (start-up) password.3. When creating a password, add numbers or other characters
to the password to make it more difficult to guess; for example, 1mypassword23!.
4. Do not use sticky notes around your computer to write down passwords!!
SOME MORE RULES ON PASSWORDS-Do not use a password that you have used in the past.-Try to change the password at least every 3-6 months.-Create a password that is at least six characters long.-Create a password with both digits and letters.-Do not create a password with a family name or family pet.-Do not create a password that is your phone number, house
number etc -Create a password that is not in a dictionary.-Create passwords with spaces in them (if allowed).
SYSTEM ADMINISTRATORS
If you run a network of computers or are in charge of computer security, try using the below rules to help secure your network and computers.
-Require that passwords be changed every 3 months (90 days). Almost all network operating systems have features that prompt users to change password once the specified time is up.
-Set a minimum password length. Most network operating systems support the ability to set a minimum password length.
-Enable account lockout threshold. This option disables an account after so many failed login attempts. Usually three attempts with a duration of 60 minutes is sufficient.
THINGS THAT CAN BE DONE WITH SOFTWARE
There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data.
HOWEVER, THINGS CAN BE DONESuch as keeping software update to-dateKeeping antivirus definitions always up-to-date Always make sure you know how to use the software before
trying to do anything with it
HARDWARE
A few things to remember about hardware and storing data offline
Never take USB pens or CD/R s home, remember office documents should never leave the office
Never leave USB pens or CD-R s with important data on them lying around your desk
Unattended SSDs (Solid state drives such as USBs or memory cards) should be password encrypted if possible
And remember:
BACKUP
No matter how many times you lose the data you can recover it from your backup an infinite number of times….
Thank you for you time
We hope this helps with ICT security in your new business