Security Risks

In this assignment I will look at the flaws within the everyday running of a business and highlight the potential threats as well as suggesting possible ways to stop the threats and protect the information the business has access to.

to get into the system is a possible threat to the data, this means that anyone has access to any sort of confidential information stored on the company’s network. If there is no log on required this also means that it is easy for anyone, not just staff but strangers as well, to hack into the network and access the confidential information on the system. Someone could easily get onto the system and see, change or even delete customer information that is stored on the network. One way in which these problems can be avoided is by getting the I.T. Technician to assign log in names and passwords to all staff. This will make it harder for people to get onto the system if they do not have a log in name and password. Another option is assign levels of security and each staff member has a level of security assigned to them, this will prevent junior members of staff having access to information which does not concern them. This will also help keep peoples confidentiality and protect the data.

There are many dangers connected with unrestricted access to the internet. Employees could have access to harmful websites which will be extremely dangerous to data as there is no firewall or antivirus software installed on the system, hackers, viruses, worms among other harmful material could attach itself to the network and cause lose of data or even cause the system to crash. Unrestricted internet access can also cause employees to become distracted or visit inappropriate websites. A way to prevent this could be to have the I.T. Technician to install a firewall and antivirus software to protect the data but also use a proxy server to block certain websites that could potentially cause damage to the company’s system.

Allowing staff the ability to install and uninstall software can potentially be dangerous. If the staff members are allowed to install software then this could provide them with distraction and prevent them from doing their work. It could also mean that they can download software which could contain viruses and destroy the whole system. They could also uninstall important software which is needed for the company’s work. This can be prevented by taking away the privilege of being able to install and uninstall software. Software should only be installed or uninstalled by the I.T. Technician and should only be done if an update is needed for the software or if the company needs new software, no unnecessary software should be installed.

A company’s data should be backed up more than once a month. Within that month the system could crash, or be hacked and all data gained since the last back up in the previous month could be lost. This can make the company look unprofessional if they lose customers data and lose business as a consequence. Therefore it is important to back files up on a regular basis, for a company that should be everyday, maybe even twice a day depending on the size of the company. Doing this will insure that little or no data is lost if the system crashes. The backups which are made daily should be kept in a safe secure environment. On top of the sever in a plastic box is not an appropriate place to store the backups, as the plastic box could easily melt if the servers heat up. It is also an easy place to get at therefore an easy place to steal the backups full of confidential information. The backups should be kept in a locked, fire prove save, with only certain members of staff allowed a set of keys or the code to open to ensure security and help keep the customers confidential information secure. Allowing staff to discuss these customer details is a breach of the Data Protection Act which could lead to the company being fined or even jailed.

The company keeps all sorts of confidential information about their customers such as bank details and home addresses allowing all staff full access to these details. The manager has sometimes overheard employees give customer details to other suppliers as well as providing address information over the phone. This is not just giving business away but also breaking the Data Protection Act. Which restricts the processing of information on people, the act makes it illegal to pass confidential information, such as addresses, bank details, national insurance numbers, date of births and so on, to anyone outside the business. A way to stop this and keep data confidential could be to assign different levels of security among the employees and making personal customer information only available certain members of staff that will need to handle the details. A way to do this is for the I.T. Technician to assign log ins and to design an employee database with each member of the staff alongside their level of security to keep track of who can see what customer details. It is vital that the company stays within the guide lines of The Data Protection Act, if the company breaches the act in any way then it could result in the company being fined or the owners of the company being jailed.

Allowing all the staff access to emails means that staff could open a spam email, this could contain viruses that could damage the company’s network. This could cost the company a lot of money to fix if the problem does occur. A solution could be to restrict the email access that the company allows the staff to view. No IP address on visited websites could be a possible risk. If an employee accidently goes onto a harmful website they could download viruses without knowing which could be expensive to fix, no IP address means that the virus can not be traced back to a particular website unless the employee remembers which website caused the damage to warn other employees against using the website. The company should keep track of the IP addresses in case a situation like this occurs.

No firewalls in place means that the computer network is at risk of viruses, worms, hackers and so on which can cause significant damage to the computer including the lose of important and possibly confidential information. To prevent the lose of information the company should allow the I.T. Technician to set up a firewall to protect the network. Allowing unrestricted access to the internet means that an employee can access any website including harmful websites and inappropriate websites; it could also distract employees from doing their work which could lose the company money. The I.T. Technician should restrict access to certain websites using a proxy server which will help block harmful websites or sites that the employees shouldn’t be on. If downloads are not monitored then the employees can download harmful programs or even illegal programs which could get the company into trouble. The I.T. Technician should restrict or even stop all downloads to prevent this problem.

All doors should be secured by the use of a keypad as there is a lot of confidential information stored in the building such as names, home addresses, bank details and so on. Therefore it would be advisable to get a security system installed with keypads on all doors in order to protect the information kept within the building.

In conclusion, there are a lot of faults within the running of this business which need to be sorted, especially since the staff are working with confidential information about peoples everyday life. The I.T. Technician needs to restrict internet access as well as setting up a log in system for employees including different levels of security access depending on the employees job and what they need to see to coincide with the Data Protection Act. If the Data Protection Act is not followed more carefully then it could end up with the company being fined or even imprisonment for the company owners.