Security Risks in the Workplace
Egos is a catalogue sales company. They are a medium sized company and have a network with 50 users. They have no log on to their network, allowing any person with access to the network to access all files on the network. They have Internet access which is unrestricted. All staff have the ability to add or remove hardware. Data is backed up once a month which is then kept in a secure plastic box on top of the servers. Email is available to all staff. The IP addresses of sites visited are not kept. There is no firewall. There are no restrictions on Internet access. They do not monitor their downloads, entrance doors are not protected by keypads and the company keeps data on customers within a database which all staff can access.
The data kept on customers is as follows:
- purchases
- account numbers
- bank details
- customer names and addresses
- purchase history
Security Risks
The Network has no log on, leaving the company vulnerable to hackers and doesn't protect employees privacy.
Since there is no log on to the network, the network itself is at great risk. Many illegalities, such as a breach of the computer misuse act, and mishaps could occur due to the fact that there is no log on to the network. Since there is no log on to the network, any person with network access could read the information or work produced by other employees or information about customers including bank details, names and addresses. Any person who gains access to the network could remove potentially essential software or install intrusive and disruptive software or access the connection and use it for personal gain. Since there is no monitoring of downloads and IP addresses visited, the company would be unaware of what websites the intrusive person would visit so the person could access potentially incriminating websites and download or stream illegal material, breaching copyright law.The Network does not have a firewall.
A firewall is a program or device that prevents communications from either entering or leaving a computer or network. The communications that are allowed or not allowed to leave the computer or network are depicted from a long list of transmissions that are noted as either good or bad. The function of a firewall on a computer is to prevent malicious communications from entering a network. Since the company has no firewall, they are exposed to malware that constantly scopes the Internet. It can only take as much as a few minutes for a malicious transmission or piece of malware to penetrate an unfirewalled system or network. Egos have neglected this part of their security and have therefore left themselves vulnerable to malware based attack from the Internet.
The Network is subject to losing resources due to human error.
Since the programs on each computer can be edited by any person with network access, a person without ample computer experience might remove a program or delete information that is kept by another person of staff or by the company. This could force the company to spend time remaking work or purchasing new licences for deleted programs.
The staff give out personal information over the phone, which is a breach of the Data Protection Act 1998
The Data Protection Act 1998 is a piece of legislation that is aimed towards protecting peoples information and data. It is the only piece of legislation that helps protect personal data. Breaches of the Data Protection Act 1998 can result in fines of up to £500,000. Since the staff of Egos divulge some of their clients personal information over the phone they are in breach of the Data Protection Act 1998 which leaves them at risk of a £500,000 fine.
No comments:
Post a Comment