Security checks
Security checks are designed to protect the data in the files, to ensure that the data is not lost, corrupted or misused. Obviously the computer’s data is more important than the hardware because if it is lost it is more difficult to replace;
Data can be protected in 2 ways-
Regular saving
Data can be lost on a computer if it is not saved regularly. If a document is typed and not saved then should a power failure or breakdown in the system occur then the data could easily get lost. An incident like this is frustrating, time consuming, but common. Saving work regularly can prevent data loss.
Back-up copies
I have backed up this document on a floppy disk and on the C:/ drive. Back up copies are one of the most important security checks. In business, loss of crucial data could be just as serious as losing all the stock through theft or fire. It could even result in bankruptcy.
Data stored on the hard disk of the computer can be backed up on:
If there is no hard drive (less common as costs of computers come down) then the data can be stored on two separate floppy disks.
The advantage of storing back-up copies on disk is that files can be accessed directly and quickly, whereas a magnetic tape has to be read starting from the beginning until you reach the file you want.
The advantage of backing up on tape is that tapes are light and compact, easy to store for long periods, and far cheaper than disks.
Therefore, Tape is a more sensible way of stroing more data I the business world.
Confidentiality
Non-disclosure
Protection of data can be said to be dependent on the trustworthiness of the employees, so companies need to be sure that the people they employ are trustworthy before appointing them. Unavoidably some people will break that trust and use information gained illegally. The laws relating to confidentiality must be fully understood by the, so that they do not unintentionally disclose information which should be confidential.
Data can be protected PHYSICALLY by making access to the data by unauthorised personnel as difficult as possible.
Organisations must ensure confidentiality both for their own self-interest and also to protect the public whose data is held on their files.
Physically-
- Security staff
- Fire-proof doors
- Alarm systems
- Surveillance cameras
- Locked doors
To protect very important data against fire or theft, back-up copies are often stored in a fireproof safe or even in a building on another site.
The user must also be identified and authorised to access the data. This can be done by-
- Different levels of access
- ID cards with photographs
- ID cards with magnetic strip
- ID numbers and passwords
- Personal recognition characteristics-fingerprints.
Passwords
If you use a network system in your school or college, you will almost certainly use a unique ID number to gain access to the system, followed by a password which you personally choose. When selecting a password, it is crucial to choose a word which:
- Is easy to remember – but not your boy/girlfriend’s name – in a few weeks you might have had several new ones (!) and you forget which is the right one.
- Is not obvious e.g. your own name.
This password should be kept confidential and in a business context should also be changed frequently, to make it more difficult for the password to be discovered. You will notice that when you enter the password, the characters are not displayed on screen, but appear in a coded form, frequently as a series of asterisks (******). This is known as encryption and is designed to prevent someone casually observing your password as it is shown on the screen.
In addition to passwords for access to the system, modern software programs also allow the use of passwords when saving files. Figure 3.37 is a screen dump showing part of the options dialogue box from the ‘Save As’ facility in Word for Windows.
A password entered in the Protection Password box prevents anyone opening the file unless he or she knows the password. A password entered in the Write Preservation Password box allows access to read the file, but prevents anyone saving changes to the file, unless he or she knows the password. Passwords entered into these boxes will again appear as a series of asterisks. An X in the Read-Only Recommended box indicates that it is advisable to read but not to amend the file. If the user wishes to write to the file, then it should be saved under a new name, so that the original version is retained.
Giving staff different privileges or security levels which allows access only to some files or some files within a file is a common method of protecting data and maintaining confidentiality. The most senior staff would have:
- Greater privileges.
- A high security level.
- Access to all or most of the data.
Whereas more junior staff would have:
- Fewer privileges.
- Low security.
- Access only to less important data.
As indicated earlier some staff can read the file, but not write to the file (i.e. make changes).
Copyright
In the same way that the author of a book or composer of a piece of music is protected by law from someone copying the work and selling it as his or her own, the Copyright, Designs and Patents Act 1988 protects original work created using a computer, such as:
- Documents produced using a word processor.
- Accounts reports using a spreadsheet.
- Drawings using a CAD (computer-aided design) program.
- Music written using a program designed to assist composition.
- And, of course, all the software packages.
The author of the work is usually the person who creates the work, unless it is created in the course of his or her employment, when the employer may be the author. The author is the only one with the right to:
- Copy or adapt the work.
- Sell or rent copies to the public.
- Broadcast the work – including as part of a cable programme service.
In practice this means that you must not:
- Give or sell copies of software.
- Copy data/documents/programs saved on a computer and pretend the work is your own, even if you do not sell it.
If the author believes that someone has infringed the copyright, then he or she may sue and if the case is proven, then damages may be awarded. Copyright lasts for 70 years after the author has died (or if two or more people have been involved together as authors, until 70 years after the last author dies).
One way to protect valuable computer programs from piracy, especially during the developmental stage, is to distribute copies of the work in object code. (Object code is a machine code version of the program, which is more difficult to utilise). The company name or names of the programmers can also be written into the code, in the event that a ‘software pirate’ denies copying. In addition copies of the software at different stages of development can be deposited with someone independent, such as the bank manager, the date being noted. This may prove valuable later if there is a debate concerning the author of the work, or who first wrote it.
Health and Safety
Stress
As the use of computers has become more widespread, concerns have been voiced from time to time about the health and safety of the operators and stress suffered by them through the course of their work. The main worries relate to:
- Backache.
- Eyestrain.
- Headaches and migraine.
- RSI – repetitive strain injury.
- Radiation, especially if using VDUs when pregnant.
These problems can generally be avoided if sensible precautions are taken.
Backache
This can usually be prevented by suitable seating, good posture and taking a break from time to time. Chairs should:
- Be capable of swivelling.
- Have a movable base, i.e. castors.
- Have an adjustable back rest to give support where needed.
In addition an operator should not be expected to sit working at a VDU for hours without a break, and indeed should take responsibility for changing his or her posture – perhaps taking a walk in the lunchbreak to exercise and relieve the muscles.
Eye strain/headaches/migraine
Problems with eye strain or headaches are likely to occur only if the VDU is fuzzy, flickers or is in a poorly lit position. The EU directives require that:
- The screen should not flicker, nor reflect light.
- The angle, brightness and contrast of the screen must be adjustable.
- Desks and keyboards should have a matt finish to prevent reflection of light and to avoid glare.
- Lighting should ensure correct contrast between the screen and the general background.
- VDU operators must have the right to a free eye test before commencing VDU work and regularly afterwards.
Repetitive strain injury (RSI)
RSI is caused by making the same or awkward movements continuously. This problem affects any operators constantly hitting computer keys for long periods. The tendon sheaths in the hand, wrist or arm become inflamed, causing pain, numbness and swelling, which, if untreated, can result in permanent disability. Ironically it is believed that the light touch required by the modern keyboard, compared to the much heavier keys of old-fashioned typewriters, may aggravate the problem.
To prevent or reduce the risk of RSI, keyboards should:
- Be separate from the VDU.
- Be adjustable to lie flat or slope at an angle of approximately 10 degrees.
- Have concave keys
- to reduce the risk of the fingers slipping off them.
- To reduce shock on the fingertips, fingers, wrist and arms.
Radiation
There have been concerns that there is a risk of radiation from working with VDUs, and it has been suggested that pregnant women have suffered miscarriages as a result of radiation from VDUs. Special shields can be attached to the VDU to protect users from radiation, but the evidence indicates the risk from radiation is less than from natural sources.
Other hazards
Hazards such as electrical faults, fire or obstruction are no more or less relevant when working with computers than in any other area of employment. The Health and Safety at Work Act 1974 (HASAWA) and the Control of Substances Hazardous to Health Act 1989 (COSHH) require all employers to ensure that their place of work is a safe environment. This includes provision of:
- Safe entrances and exits including fire escapes.
- Safe equipment – electrical equipment must be checked regularly.
- Safe storage for hazardous substances and warning signs indicating their location.
- A statement in writing on the organisation’s health and safety policy.
- Training for staff – their rights, obligations, fire drills.
- Accident investigation procedures.
Employees also have a duty to undertake safe working practices. For example, they should:
- Report/deal with (as appropriate) any hazards, such as trailing wires, obstructions – especially to fire exits.
- Not lift heavy equipment.
- Know the fire drill.
- Take suitable breaks as mentioned earlier.
- Know and use correct posture at the keyboard.
Obligations of users
Much of the security of data relies on the integrity and trustworthiness of those who use the system. Organisations have always been at risk from dishonest staff, but the main difference since the advent of computers is that it is so much easier to obtain the information – you do not even need to be in the room or even the building! The organisation has an obligation to ensure security of data as far as possible, but the users, both in terms of their personal and their business use of computers, must also take responsibility in respect of the following.
Confidentiality of data
If you are in a position of trust, you must not pass on information, no matter how innocently. In fact you could be prosecuted under the Data Protection Act (see below).
Think about the receptionist at a local doctor’s surgery. He or she will almost certainly know some of the patients personally, and will also, inevitably, be aware of the confidential medical history of those patients. Imagine this scenario. The receptionist is aware of a bad history of heart problems in members of your close family, but you are in perfect health. He or she intends no harm, but gossips about it. Your insurance company gains illegal access to this information and refuses life insurance or increases your premiums. If you discovered what information the insurance company had obtained and how it was obtained, you could sue for compensation under the Data Protection Act.
Copyright
The law relating to copyright also includes theft of software or work produced on a computer (refer back to page 120). If you are found to be copying data or software illegally, you may be prosecuted. It is essential to realise that you have to be aware of the law. It is not just the responsibility of employers. Ignorance of the law is not an acceptable excuse and you can still be prosecuted even though you did not realise you were doing anything wrong.
When you buy software programs you are given a licence and your ‘ownership’ of that copy is registered with the software company. You will be given details of the ‘Grant of Licence’. Typically (although this may vary) the licence permits you to:
- Install the software on a single computer.
- Make one copy of the disks as a back-up only.
- Load the software on to the hard disk keeping the original disks for back up only.
You are not allowed to copy the software on to a network unless you purchase a network licence, which is more expensive than a single-user licence.
Responsible attitudes to uncensored or private materials.
Inevitably there has to be trust in and reliance on the users of information technology, especially in a business environment. Most people are in fact quite honest, have no intention of defrauding their employer or disclosing confidential information. It is, however, essential to take security issues seriously, so that you do not unintentionally give access to uncensored or private materials to someone else. Also if you accidentally discover uncensored or private materials, you must not take advantage of the opportunity, and it may be appropriate to report that a breach of security has occurred.
One of the major concerns of parents today is that children will be exposed to pornography or be contacted by paedophiles through the Internet. (The Internet is a worldwide network of databases linked together. Users can read information from the Internet and also write to the Internet.) A report in The Daily Telegraph, 8th August 1995, describes programs, now available, which are designed to prevent access to hazardous areas of the World Wide Web. Also, in America an association called Safe Surf acts rather like a board of censors and provides ratings for web sites. Child-friendly sites are encouraged to include a code in their address so that parents know they have been approved.
Another concern is the availability of pornographic material on disks, but in reality this is simply a new version of old problems – pornography in art, literature, films and videos. It is not possible to prevent misuse of computers, any more than abuse of freedom in any other area of life. It is up to each individual to take responsibility for his or her own use of facilities.
Theft
Theft of computer equipment – monitors, keyboards, printers, etc. – is less of a problem than theft of the memory chips, which are tiny but very valuable components. They are easily removable and clip in or out of the computer. If equipment is stolen, often keyboards and monitors are ignored, as they are relatively cheap and easy to obtain, but the CPU (central processing unit) or ‘brains’ of the computer is taken. Factories making the memory chips are frequent targets for criminals. The chips can be more valuable than gold to a criminal – their smallness and lightness make them so easy to transport, often across the world.
Theft of software has already been discussed under the sections relating to copyright.
Virus checking
A computer virus is a harmful program, developed by someone either for general mischief or to attack a particular organisation. The virus copies itself without the user intending it to, or even being aware of it happening until problems occur. Sometimes, in attempt to defy virus detection, the program will mutate (change) slightly each time it is copied. Problems caused by viruses can include clearing screens, deleting data and even making the whole system unusable.
Viruses can affect both floppy and hard disks and are usually transferred from one computer to another via floppy disks. If disks are used only on one system then the risk of ‘catching’ a virus is much less. The more often disks are used in different computers, the greater the risk of ‘catching’ a virus. In fact some organisations do not allow floppy disks to be taken from work to home or vice versa, for this very reason. If the disk is to be loaded into a computer just to show or demonstrate the contents, then write-protecting the disk will prevent any viruses on that computer being transferred on to the disk. It is a good idea to write protect disks containing the software programs before putting into the disk drive, to ensure that they are not accidentally infected. You may need to reload the program at a future date and it would be very annoying to find the disks damaged.
Computer viruses have become an ever more serious problem, but anti-virus software, such as ‘Dr Solomon’s Anti-Virus Toolkit’, is available, which can detect and remove any known viruses. You may find anti-virus software installed on your school or college network, which automatically checks every disk as it is accessed, and prevents loading of files from an ‘infected’ disk. It is annoying to find one of your disks has a virus, but if you do find out, at least you can stop using it or have it ‘disinfected’, thereby preventing the virus from being passed on.
Data Protection Act 1984
The Data Protection Act relates specifically to personal data held on computers. It was introduced because of concerns that more and more data was being held on computers about each of us, with the potential for misuse. For example, companies have been known to sell lists of names and addresses to other companies, with the result that large quantities of unwelcome promotional literature arrive in the post (junk mail).
Personal information has always been held on paper, but now that it is stored electronically, it is so much easier for information to be passed from one computer to another, possibly with disastrous consequences. Some people were anxious that sensitive personal details were held on computer, without their knowledge, and could be more easily obtained than from a manual system. Part of this anxiety stems from lack of understanding of computers – people often do feel threatened by things they do not understand. Other people felt that it is all a fuss about nothing, that if you are not doing anything illegal there is no need to worry, and in fact the more information is available on computers, the easier it is to catch criminals.
The ‘worries’ eventually won the day, and the Data Protection Act 1984 was passed to protect the rights of individuals against misuse of personal data held on computer.
The main points of the Act are as follows:
- Any organisation holding personal data in a computer system must register with the Data Protection Registrar, stating clearly what details are to be included and for what purpose.
-
The data must be obtained fairly and legally and held only for the purpose stated.
- Only necessary data should be included – in other words, extra, irrelevant data is not allowed – and it must be accurate, up to date and kept only as long as it is needed.
- The data must not be given to anyone who is not entitled to it.
- The data must be protected against loss or disclosure to unauthorised users.
- The data subjects – the people to whom the data refers – are entitled to see what information is held on them, with certain exceptions.
- If data held is inaccurate the subject has the right for it to be corrected, and in the event he or she has suffered personal damage through incorrect or lost data, there is a right to compensation.
(A student pack containing further information can be obtained from the Office of the Data Protection Registrar, Wycliff House, Water Lane, Wilmslow, Cheshire SK9 5AF.)
Right of individual to disclosure
As indicated in points 6 and 7 above, individuals have the right to know what information is held on computer about them and to have any errors corrected. Exemptions from the Act include personal data kept for purposes of national security, medical and social service records, some police files and details kept on a home computer, such as an address list of your friends, or a list of their birthdays.
Evidence assignment
- Using the database designed for Element 3.3., select suitable fields to which you can apply the validation checks of range and type. If necessary amend the fields to include these checks. Demonstrate to your tutor what happens when you enter data of both the correct and incorrect range and type. Explain why incorrect data is not accepted by the computer.
- Before handing in this database assignment verify the accuracy of the work by checking carefully against the original text.
- Save your work at regular intervals in the right directory, using a suitable file name, print and make a back-up copy. Protect your file with a password, demonstrating both the back-up and the password to your tutor. If the software you are using does not have password protection facilities, then write a paragraph explaining the procedure.
- This task provides evidence for Communication Core Skills Element 2.1 – take part in discussions. You must prepare for this discussion by researching the following questions:
- Why do you think giving away copies of software breaks the copyright law?
- Why do you think it is not acceptable to pretend work generated on a computer is yours, even if you do not sell it?
- Do you feel the cost of purchasing software, which is often very expensive, has any effect on illegal copying of programs?
- Do you feel the copyright laws are too strict, too easy, should be changed in any way?
Look for relevant information in computer textbooks, newspaper articles or magazines, making notes which should be handed in to your lecturer after the discussion.
Working in pairs:
- Explain what information you have obtained.
- Explain whether you agree or disagree with the present copyright laws and why.
- Be prepared to answer questions.
-
Note any points raised by your partner which are different from your own, and hand in these notes as well as your original notes.
Scenario
The manager of 3L (Loose Limbs Leisure) has realised that computerising the system has implications for staff, apart from knowing how to use it. She has asked Computer Consultants Ltd. for advice. In the past such requests were handled simply by giving out a free leaflet with the most basic details, but the company has realised that it could provide a much better service to its clients and also charge fort the information. You and a small team have been asked to prepare a presentation for 3L which, if successful, will be used in future.
The presentation must cover the health and safety issues for information technology users and also the obligations of those users (see the range for Element 3.4). You and your colleague are anxious to impress your boss with this project, and take a great deal of trouble with handouts and overhead transparencies.