Introduction
Egos a catalog sales company has asked me to evaluate a network for security threats and provide them with a solution.
Below I have I have provided a solution to stop any possible threats, Breaches of law, Poor practice and also Potential issues surrounding the loss of hardware and data, and also potential damage to the company.
No user log in
With 50 staff working for Egos and no user log in it would be very easy for someone to steal there customers personal information. They could carryout identity theft and steal bank details and this would breach the data protection act of 1998. Someone could also delete someone’s files and also edit them. To stop this each entire staff member should have there own username and password to log onto a computer.
Unrestricted internet access
Without unrestricted internet access staff would be able to go on to any website where they could pick up all types of virus like worms, Trojans, spyware and adware. All of these could wreak havoc on a computer system. They could spread throughout the network and get onto every computer system in the company. They could delete files on every computer, cause there computers to become very slow and less responsive and also steal all the customers personal information that staff have typed on there computers like usernames, password, bank details, credit card numbers and all the staffs emails. This would also breach the data protection act.Allowed to install and remove software
Without restricting staff from installing and uninstalling software they would be able to uninstall important software which could cost the company a lot of money to get installed back on. They could also accidently install viruses on the computer that could spread though the network onto other computers. Staff would also be able to install games which they could play instead of doing there work and this would lose the company a lot of money. I recommend that egos restrict all users from installing and uninstalling any programs.
Data is backed up only once a month
Egos only backup all there files and documents once a month. If there system was to crash or if the building they were stored in got destroyed they could end up losing almost a month work and this would be an awful waste of time and money. To reduce the loss of work I recommend that egos backup there work every day. This would reduce the loss from almost one month down to one day of work.
Data tapes security
Egos keeps there data tapes secure in a locked plastic box on top of the server.
If the building storing the server was to get destroyed, egos could lose all of there records and this could put them out of business.
These data tapes should be kept in a strong fireproof box in different location or even a different building if possible away from the server. Another method of making it even safer is to use cloud storage which would make it almost impossible to lose any data.
Customer confidentiality
All staff has access to customer’s personal information. This includes purchases, account numbers, bank details, customer names and addresses, purchase history. This shows bad practice and also breaches data protection act. This could give the company a very bad name and that could reduce the amount of customers that egos gets.
To stop this from happening, all staff should be restricted from viewing most of the information that is stored on there customers.
Email is available to all
Email is available to all staff members at Egos. Emails should be monitored for viruses and staff should be restricted from anything that might contain a virus. Staff could be using there email accounts for there own personal reasons and this would stop them from getting there work done. This shows bad practice as well as a Possible threat to the data stored in there system.
IP address log is not kept
IP address of Websites that staff members visit are not logged. This is bad because it is impossible to keep track of what all the staff members are doing each day. They could be going on to social networking sites like Face Book, Twitter or MySpace or even playing online games and this shows poor practice. To reduce the amount of staff member doing this, Egos should keep an IP address log and it should be check for sites that are visited on a regular basis and staff should be banned from accessing such websites as Face Book, Twitter or MySpace or websites with games.
No firewall is in place
Egos has no firewall in place at all, this can make it very easy for hackers and virus to get on to there computer system and this is a threat to the data stored in there systems. It would be very easy for Hackers to steal Egos customers’ personal information and this can breach the data protection act of 1998. Having no firewall in place also shows very bad practice. Every company or household is this day and age should have a firewall in place along with an antivirus that is updated regularly. To reduce the chance of hackers or viruses getting into there system Egos should have a Firewall setup.
No restrictions on internet access
Egos have restrictions on there internet access, this means that all staff members can access whatever websites they want to. They could spend there working hours on socials networking sites, gaming websites or even watch films when they should be working. This shows poor practice. Staff member could also go onto websites that contains virus and this can cause possible threats to the data stored in the system. Egos could reduce the chance of this happening by restricting there internet access so that staff can not go on websites that they should not be on.
Downloads are not monitored
At egos the staffs members download are not monitored and this shows bad practice. Staff members would be able to get away with downloading whatever they wanted and they could end up getting the company computers infected with viruses and this could cause Possible threats to the data stored in the system and some virus could end up stealing customers personal information and this would breach the protection act. Egos could reduce the risk of this happening by monitoring all there downloads.
Entrance doors are not protected
Egos entrance doors are not protected by a keypad or any other form of security device. This means anyone can just walk in and out as the please and this shows poor practice. This could cause a Potential risk surrounding the loss of hardware and data, and also potential damage to the company. Egos could solve this problem by getting there doors protected with security devices such as keypads or retina scanners.
