Loss of data on a smaller scale, such as accidental loss of work by a student or an employee, can also prove the importance of protecting information. If files are mislaid, an unnecessary amount of time and effort may be spent in reproducing the work. Personal data such as emails or personal information stored on your computer is also at risk from intruders. Insecure data could result in a hacker successfully gaining control of your computer or of your information; this can enable them to launch attacks on yours and other computer systems whilst hiding their own identity and location. Viruses could be passed to your computer through a hacker or through emails sent from unreliable locations which encourage you to follow links or give personal information. These can be harmful to your system by preventing your computer from running efficiently or irritating to the user through ways such as forwarding the email to all of their contacts. Steps in protecting data need to be taken to ensure that the risks of these happening are minimal.
To prevent these risks data needs to be protected against unauthorized access and use, modification or destruction. One possible way to take precautions against hacking is to use a firewall to inspect what goes into and out of your system, and deny or permit access according to a set of rules. Access can be permitted by the user, so if used insufficiently and allowing all programmes access to the computer system by default a firewall can become useless. Creating a password can also be an effective method of protecting information from unauthorised access. Ideally the password should consist of letters and numbers but be possible to memorize for the user, and kept secret to anyone except the user. Passwords should be changed regularly for information that is at a higher risk of unauthorised access. Alternatively data could be encrypted, so that information is made unreadable so that it is unintelligible until it is unscrambled by the intended recipient or made readable by the deciphering software. In addition, physical security such as data kept in a locked room or a room without windows on the ground floor, and with fire and flood proof walls. This makes it difficult to break in and steal equipment or information and prevents natural causes from destroying the information.
Backing-up information is vital in preventing loss of data. Using storage methods such as portable hard drives and memory sticks to save copies of files makes it less likely for information to be lost completely when deleted or overwritten unintentionally. A correctly carried out back up scheme can be helpful to companies, such as the grandfather, father, son backup method, where the son is the current file, the father is a copy of the file from the previous cycle, and the grandfather is a copy of the file from the cycle before that one. This process is continually repeated to ensure that there are always at least three sets of data stored safely. If data is very important it can be kept on a single standalone computer which is not networked to any other computers.
There is currently a huge amount of data collected from individuals by many different organisations, for example personal details such as name, address, telephone number and email address are often required when signing up to website. Measures have been made by the government concerning the protection of the data submitted by or collected from individuals. The Data Protection Act, an act of parliament passed in 1998, regulates how personal information is used and protects people from misuse of their personal details. This act applies to companies and organisations in the UK. This act makes statements such as data should only be used for specific purposes collected, data must not be disclosed to any other parties without the consent of the individual, individuals have the right of access to any data held about them, and the organisation holding the personal information are required to have adequate security measures in place. This makes it an offence for people outside the organisation such as hackers and impersonators to obtain unauthorised access to the personal data. Therefore it is necessary for companies to consider the security of the personal data, preventing companies from misusing or losing the personal information given to them, and reassuring people that their data is safe. The department shop Marks & Spencer breached this act when it allowed the details of 26,000 employees to be held on a laptop without protection of encryption. The laptop and the information was stolen, therefore the data is at risk of being misused. This could have been prevented if adequate security procedures were put in place to protect personal information before the personal information was allowed to leave the companies premises. A password and encryption of the data would be important measures to be taken to prevent these circumstances. Mobile operator service Orange has also been accused of breaching the Data Protection Act by way in which it processed personal information, in particular the way in which new members of staff were allowed to share usernames and passwords when accessing the company ICT system, and was also accused of not keeping its customers’ personal information secure. If a company is not in compliance with the Data Protection Act when processing individual’s personal information they may risk losing the trust of their customers as well as causing action to be taken by the Information Commissioners Office, which could result in prosecution.
Security and protection of any data, whether personal details, or important company information, is essential in all circumstances to a varying degree. There are many processes that exist to prevent any violation to data, and ensure that individuals feel confident that their information is safeguarded by organisations.
