SAFETY AND SECURITY

ADVICE

F O R YO U R B

U S I NE S S

THINGS TO CONSIDER: The laws which need to be followed when storing consumers’

data electronicallyWhat are the potential threats / weak points in your ICT

infrastructure

And how your business can protect itself

FIRSTLY: Data Protection Principles

These are laws which you must follow if you wish to house consumer data.

THAT ANY DATA YOU RECEIVE FROM CONSUMERS IS FAIRLY AND LAWFULLY PROCESSED

You must remain neutral to any data you receive from consumers and treat it all fairly and equally.

It also means you cannot collect peoples’ data for one purpose, then use it for a different one (without the data subject’s consent or knowledge)

PROCESSED FOR A REGISTERED PURPOSEIf you wish to store consumers’ data on severs over a period of

time you MUST inform the Information Commissioner in your local area, if you fail to do so you will be violating the Data Protection Act by storing information without proper parliamentary consent or knowledge

NOT KEPT FOR LONGER THAN NECESSARYIrrelevant data must be deleted, for example customers who no

longer wish to receive your newsletter- Their information should be deleted off record

THE DATA SHOULD BE KEPT UP-TO-DATEOnce a year you must provide customers with a printout of

their data which they can check, either to be correct or it may need to be change (E.G: They may have moved house, or a different e-mail address)

IT MUST BE SECURE Consumer data must secure and free from the potential threat

of unapproved access This involves external threat from hackers as well as well as

internal threat by employees- those who aren’t allowed to see it

You must NOT transfer consumer data to a different country outside the EU unless that country has the facilities and protection to store said data

In the event that data has to be transferred consent must be gained from all the appropriate parties first including the data subject

POTENTIAL WEAK POINTS IN YOUR ICT SYSTEM

Obviously the biggest threat, and the one all companies fear most:

Hacking

OVERVIEWThis involves breaking down a network’s security and gaining

unauthorized access to a system with intent to change or damage files

CAUSES:Wireless networks can be hacked,

particularly those with minimal WPA protection.

This occurs sometimes in school networks over a large campus and due to the long range and high bandwidth the hacker can disrupt files easily without being traced.

VIRUSES, WORMS AND TROJANSThese are programs written with intent to

steal data and transfer it back to its source.

They can enter your system by:Hyperlinks with an unknown destinationEither by a USB or CD-R E-mail attachment from an unknown origin

A LESS COMMON THREAT: Spyware- Again these are programs

written that attach to the operating system of a computer and take up large amounts of memory

SO WHAT CAN BE DONE ABOUT IT?

PROCEDURES CAN BE TAKENUse a good anti-virus software with capabilities to

protect your business

Norton Antivirus is often a good choice

ALONG SIDE LITTLE THINGS SUCH ASLocking a computer when you leave it unattended, even

if you only plan to leave it for less than a minute

Don’t open attachments or follow hyperlinks when you don’t know who they’ve come from, always ensure you know the sender

PASSWORDS ARE KEYMake sure a password has been set on computer. Default

passwords such as password, hello, admin or no password at all will allow easy access to your computer or your Internet account.

1. Change passwords often. It is recommended at least once every few months.

2. Create a BIOS (start-up) password.3. When creating a password, add numbers or other characters

to the password to make it more difficult to guess; for example, 1mypassword23!.

4. Do not use sticky notes around your computer to write down passwords!!

SOME MORE RULES ON PASSWORDS-Do not use a password that you have used in the past.-Try to change the password at least every 3-6 months.-Create a password that is at least six characters long.-Create a password with both digits and letters.-Do not create a password with a family name or family pet.-Do not create a password that is your phone number, house

number etc -Create a password that is not in a dictionary.-Create passwords with spaces in them (if allowed).

SYSTEM ADMINISTRATORS 

If you run a network of computers or are in charge of computer security, try using the below rules to help secure your network and computers.

-Require that passwords be changed every 3 months (90 days). Almost all network operating systems have features that prompt users to change password once the specified time is up.

-Set a minimum password length. Most network operating systems support the ability to set a minimum password length.

-Enable account lockout threshold. This option disables an account after so many failed login attempts. Usually three attempts with a duration of 60 minutes is sufficient.

THINGS THAT CAN BE DONE WITH SOFTWARE

There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data.

HOWEVER, THINGS CAN BE DONESuch as keeping software update to-dateKeeping antivirus definitions always up-to-date Always make sure you know how to use the software before

trying to do anything with it

HARDWARE

A few things to remember about hardware and storing data offline

Never take USB pens or CD/R s home, remember office documents should never leave the office

Never leave USB pens or CD-R s with important data on them lying around your desk

Unattended SSDs (Solid state drives such as USBs or memory cards) should be password encrypted if possible

And remember:

BACKUP

No matter how many times you lose the data you can recover it from your backup an infinite number of times….

Thank you for you time

We hope this helps with ICT security in your new business