Security methods for protecting IT systems and data
Why it is important to protect IT systems and data
We need to protect systems and data as people will find ways to exploit systems to make money by stealing documents or blue prints to ideas and sell them to other companies. Any work made in your building that is saved on your network is vulnerable if the right security isn't in place. Business data protection helps secure customer details, financial information, sales figures and other key business data, protecting one of your most important assets.
What would a data protection breach cost you?
Problems with data could cost your company. For instance:
- Your reputation could be damaged if customer data was leaked to a competitor.
- Accidental loss of your customer database might leave you unable to carry out marketing.
- Failure to adhere to data protection rules could result in legal action and a substantial fine.
Data protection act
The Data Protection Act 1998 is the key piece of legislation relating to how your business stores and uses data. It applies to any personal information you store about living individuals.
If the Act applies to your business, there are a number of steps you must take to comply with the data protection rules. Notably, you must:
- tell the Information Commissioner’s Office that you process data
- tell people how you use the data you store about them and let them see it
- let people opt-out of having their data used by you
- keep the data secure and up to date
- only keep the information for as long as you need it
Complying with the Data Protection Act is largely common sense, but you should seek advice if you’re at all unsure about your obligations.
Computer misuse act
The Computer Misuse Act was enacted in the wake of the high profile hack of a mailbox belonging to The Duke of Edinburgh by Robert Schifreen and Stephen Gold. When they gained access to the login details of 50,000 Prestel customers they were unable to be properly prosecuted as no relevant legislation existed. Instead they were tried (and acquitted) of forgery. In 1990 the Computer Misuse Act was introduced to plug this legislative loophole and make it illegal to gain improper access to a computer.
The Act makes it an offence to access any computer to which you do not have an authorised right to use. Note the provisions that state that the attempt does not need to have a specific target. These provisions make it unlawful, for example, to run port scanners in an attempt to find insecure computers. Note that this applies to English law. Under Scottish law computer intrusion is covered under common law related to deception.
The Act introduced three criminal offences:
- Unauthorised access to computer material.
- Unauthorised access with intent to commit or facilitate commission of further offences.
- Unauthorised modification of computer material.
Late in 2006 the Computer Misuse Act was amended by the Police and Criminal Justice Act.
Ways to protect your systems and data
System back ups
A backup, or the process of backing up, refers to the copying and archiving of computer data so it may be used to restore the original after a data loss event. Data should be backed up regularly to help stop data loss.
In computing, a firewall is a network security system that controls the incoming and outgoing network traffic based on an applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted. Firewalls exist both as software to run on general purpose hardware and as a hardware appliance. Many hardware-based firewalls also offer other functionality to the internal network they protect.
Encryption is were you take something like a password and using your own set code make the password out of random characters. Encryption is the process of encoding messages or information in such a way that only authorized parties can read it.
Software patches and updates
This is important as updates can prevent new ways of users exploiting systems. A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. In some special cases updates may knowingly break the software, for a example, by removing components for which the update provider is no longer licensed or disabling a device.
Anti-Virus and Anti-spyware software
Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the rise of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, botnets, DDoS attacks.
Access rights are a big part of the company as employees should be the only people to access your site, but malicious activity can be a thing
User ID’s and passwords
These are used to log into the systems and limit what they can access whilst using your system. The ID's are unique to each person so they have all they're work saved and backed up regularly
Access control methods
Access control is a way of limiting access to a system or to physical or virtual resources. In computing, access control is a process by which users are given access and certain privileges to systems, resources or information.
In access control systems, users must present ID before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security.
As a example for using hardware such as printers employees will need ID like a card to scan so they are eligible to use the building's hardware.
Possible impacts of security threats and data
These are all things that could be a result of security threats
- Identity Theft
- Stolen Data
- Data Misuse
- Corrupt Systems
- Damaged Or Destroyed Systems
- Data Loss
- Cyber Espionage
- System Shutdown
- Somebody could have remote access to your systems