The network manager has provided you with information on users.
You are to assume that NO security is in place.
The network manager informs you of the following details about the company at present:
- 50 users
- no log on to the network
- internet (unrestricted access)
- staff are ‘allowed’ to install and remove software
- data is backed up once a month
- data tapes are kept secure in a locked plastic box on top of the server
- the company keeps records in a database on customers
This information includes:
- purchases
- account numbers
- bank details
- customer names and addresses
- purchase history
- All staff has access to the above database information.
- Occasionally the manager has overheard staff discussing account details with other suppliers.
- On more than one occasion he has heard staff providing address information to others over the
- telephone.
- Email is available to all.
- IP address log is not kept of sites visited.
- No firewall is in place.
- No restrictions on internet access.
- Downloads are not monitored
- Entrance doors are not protected by keypad etc..
Possible threats to the data stored in the system.
Are viruses, if the computer crashes they will lose all their work because they back up their files once a month. No firewall means anybody can hack in to the computer. If staff install software they may bring in a virus onto the computer and it may make the computer to crash and you will lose all of your work that was on that computer.
A list of potential security issues and breaches of the law you can identify
Entrance doors aren’t protected by keypads. No log on to the network means anyone can access into the network. They are breaching the data protection act by allowing unrestricted access onto any site e.g. facebook, bebo. They are breaching the data protection by not respecting other peoples personal data like their bank details e.g. they have been discussing other peoples bank details to other suppliers and that means they are breaking the data protection act by not respecting privacy and rights of another person and not asking their permission for giving their bank details and names and addresses to other suppliers. The manager more than once he has heard staff providing address information to others over the telephone and this is breaching data protection because they arent respecting other peoples bank details, addresses, customers names, purchases and also purchase history. IP address log is not kept of sites visited because then the manager wont know who has been on what site or what stuff they have been downloading. If a virus comes up on one of the computers then he wont know who put the virus on the computer.
Poor practice and the effects these can have on the company.
Some of the workers could end up losing their job or could end up in prison doing a sentence of six months for breaking the data protection act. the company could get a back reputation and they wont get any business or wont get anybody to work for them after some of the past workers broke the data protection act.
Potential issues surrounding the loss of hardware and data and also potential damage to the company.
Data types are kept secure in a locked plastic box on the top of the server and if it is plastic if it gets too hot it could go on fire and the company could go loss all the data types that where in that plastic box. If the fire spread they could loss all the data that they keep including customer's purchases, account numbers, bank details, name's and addresses, purchase history. The way they back up their files one a month then if the computer crashes then all the data that they were working on would be lost and they wouldnt be able to get it back.
Solutions needed
They should put a logging system on to the network access so then the workers in the workplace can access the network and nobody else on the outside of the workplace cant access the network. The manager should put up a restricted access for websites like facebook and bebo so then they wont be breaching the data protection act. He should download a ip address log id of all the websites addresses that the workers have been on in the workplace. The manager should get all the workers to sign a confidility agreement so then wont break the data protection. The manager should get the It technician to install an antivirus program on all the computer so then they wont get any viruses on the computer. The details that they are given out about a person like their bank details, address, telephone number before they do give it out they should ask the person permission who the details belong to before you give there details out to a stranger or supplier. This means that they are respecting the persons privacy by asking their permission.
