Introduction
I have been asked to evaluate a network for security threats and provide solutions for Egos which is a catalogue sales company. The company is medium sized with 50 users on the network and their broadband connection is available to all users. As you can tell from the information that I have explained above there is no security within this company. Therefore I am going to write and explain each error within this company, what laws they are breaking and what damage they are causing this company and the people’s personal details they are risking.
Possible threats to the data stored in the system:
The company is keeping personal and confidential information in a database about the customers. First of all the information should not be stored in a database as this means that any of the staff could access this information. Only a few members of the staff should be allowed to access this information, which have only been applied to this particular type of job and will be monitored whilst working. Having all of the staff getting access to this information is breaking the Misuse and Data Protection Act. Staff discussing the customers personal information to other staff or over the phone is against the law which can lead to identity theft, fraud ECT. Having databases which hold very serious information about their customers should have restricted access only and should have a log in especially for this information so only certain people can access this information.
A list of potential security issues and breaches of the law you can identify:
There are quite a few problems which are breaching the law and have no security on personal information. The main problem that I am going to explain is having no entrance doors protected by keypad. This is a major problem as anyone can go in and steal or look at other people’s personal information. This is breaking the Data Protection Act and the Misuse act. All entrance doors that hold confidential information must be protected by a keypad and only a few members of staff should have access to this and the pass code. The next problem that I can see is that there are 50 users and not one of them has a log on. Not having a log on is a very serious dilemma as anyone can go on and either steal or delete your work which will then cause disruptions, so having a log on is important. The last problem is that the email is available to anyone and everyone. Not having your email private means that anyone can see and have access to your emails whether they are confidential or not. Email should only be available to the people who use and need it.
Poor practice and the affects it can have on a company:
There are many problems with the poor practice within this business. First of all there is no IP address log kept of the websites that have been visited. For example if the staff were visiting a certain website that is completely inappropriate, having no IP address kept of the websites that have been previously visited means that they cannot see on the previous history what they have been on. This means that the staff can access any website they want because there is no unrestricted access on a certain websites. So having a log on will let you search through your staffs internet history and see what they have been accessing. The next problem is having no restrictions on the internet access. Having no restrictions means that any staff member can access any website they like, saying this would mean that more activity would occur on inappropriate websites such as social networking sites rather than doing your job. So having restricted access on the internet meaning work will be more productive and your business will benefit from this. The last problem is that all of the downloads that have been made are not being monitored. This is a serious issue as downloading anything off the internet should be checked as if could have a virus attached to it. Monitoring everything, can prevent viruses getting downloaded and causing your computer to malfunction. You could report this issue and stop it from happening again.
Potential issues surrounding the loss of hardware and data, and also potential damage to the company:
The first issue that I am going to explain is that all the data is only backed up once a month. Data should always be backed up every day. Having your data backed up every day is essential as if your company had a fire or a flood on 22nd March and you last backed up your data on the 27th January, everything that you have worked for between them dates would be destroyed and there is nothing you can do to get it back. To prevent this problem from happening you should back up your data every day, as to if something did happen then only a day’s work would be lost. Another issue that relates to this problem is having data tapes kept secure in a locked plastic box on top of the server. That sentence that I have just wrote, there are two problems with it. One, the data tapes are kept “secure” in a locked plastic box. Keeping data tapes in a plastic box is the main problem! They would be lost or destroyed without delay! All data tapes should be kept in a waterproof/fireproof/non breakable container so that if there was a fire or food the data tapes would be kept safe and secure. The second issue is keeping the data tapes on top of the server. This data that is being protected is extremely important, and explaining above if a disaster did happen and this was the only building that was affected everything would be lost. The data tapes should be kept in a different building to prevent this happening. The other matter is that they have no firewall in place. This leaves their computers open to any computer virus such as, spyware, Trojan, adware, worms, virus. Anything can malfunction your computer and by having no firewall to prevent this, your computer is at risk. You are open to computer hackers which can access everything on your computer, such as your files, personal information, they can even control your webcam and speakers so they can see and hear you! Having such personal information held in a database on a computer with no firewall is serious which can let dangerous people commit fraud and identity theft. Letting this happen could cause the business to shut down as the police would be involved. The best way to solve this issue would be to install firewall as soon as possible incase anything like this happens. Finally the last issue is that all staff are allowed to install and remove software as they please. Letting your staff do this can allow viruses onto your computer. When installing software, they can sometimes carry an attachment which could be a potential virus. Once the installation is complete, the virus will be in your computer destroying all of your data. Also removing software from the computer is not a great idea as deleting software you might have got free, the next time you go to download the software again you might even have to pay for it, and software is not cheap.
