Security

Egos are a catalogue sales company with a medium network of 50 users. They have broadband connection available to all users. We are not interested in the network hardware here, so we must assume that all the hardware is set up and configured correctly.

Egos has a medium network of 50 users, none of these 50 users have a log on which means anyone is able to access your information this is also having not confidentiality on your documents and files such as: bank details, address, phone numbers etc. By having no log on this is breeching on the Data Protection Act (1985) the data protection act is a law to designed to protect clients personal data. The network isn’t secure at all each user should have a username and password when looking to access the catalogue.

The company has unrestricted internet access, this means staff are able to sit in work all day being able to access anything they want which is a distraction to tem as they no they are able to do so. There are also so many websites now that cost money to be on, this means they are building up a bill for the company. Sometimes it can be ok for them to access emails and important things like that, but being able to access anything such as social networking sites, shopping, gaming etc. you have to be so careful of to what websites you access as you can be careful enough to which websites can have viruses, trogons, malware and worms. These can all lead to system failure.  Even the most reliable websites such as emailing online banking and so on can have viruses ect on them.

Staff are allowed to install software to their computers which can lead to many viruses being downloaded to the system and cause system failure which means all data will be destroyed as well as the computer. A staff member mite mishap a piece of software that could be illegal which is going to lead a find to the company. Downloading inappropriate software for their own needs will cause a lot of distraction to other members of staff also which means there is no work being done.

They are also allowed to uninstall software. A member of staff might accidently delete an important piece of software that the company needs, there could be important information belonging to customer on this that will all now be lost. They might also delete expensive software that they company have paid for to be put on the system. It is going to cost the company a lot of many to put each piece of software that was uninstalled back on the computer as they will have to pay each license fee.

The solution to this is to get the I.T Technician to set restrictions that no member of staff can install or uninstall software. This means there can be no software downloaded that can cause viruses and no software that is going to distract staff. This also means no important/expensive software can be removed.

 

The company’s data is only backed up once a month which is very wrong. Data should be backed up every few hours at the least defiantly not once a month. This is breeching into the data protection act because if you loose a customer’s information over that month or if you loose track of any of their orders you’re not going to be bale to get them back. This means the money is coming out of their account but their not getting the products as the data has been lost. To stop this from happening they should make sure their data is backed up at least twice a day.

Egos Company keeps their data tapes in a secure place which is locked in a box sitting on top of the server. This isn’t really a secure place for the data tapes as the server does tend to get very hot at times. This means that the box the tapes are in could melt which will also then destroy the tapes. The tapes need to be taking from the top of the server and locked away in a more secure place such as a safe in the mangers office. This will then stop them from getting destroyed.

This company keeps records in a database on the customers. The information that they hold is purchases; account numbers; bank details; customer names and addresses and purchase history. This can lead to so many things such as people hacking into the company’s records and being able to access all the customers information specially their bank details.  This can also lead to fraud. All members of staff have access to theses details from security rite up to the manager; this shouldn’t be allowed the people that should be accessing these files are the people that are dealing with the customers order. The manager has also walked past members of staff and overheard them discussing account details with other suppliers. This is breeching into data protection act and confidentiality act, as you have trusted this company with your details and you assumed it wouldn’t be discussed among other company’s. Also on more than one occasion he has heard staff providing address information to others over the telephone which is not appropriate.

Email is available to all throughout the company even security. This means everyone who works for this company are able to see what is going on with customers orders, complaints etc. This also leads back to why they should have a log in so no one else is able to access the information.

There is no IP address log kept which means members of staff can be visiting sites of which they are not meant to during working hours. If a site causes your computer to get a virus this means you are not able to find out which web address you have used that caused the virus. To stop this you should keep an IP log address and make sure that you have anti virus software.

Egos have no firewall in place throughout the offices. This means they are able to have unauthorized access to or from private networks. You need to have a firewall so that it is able to read the messages from the website you are looking to go on to and it will then see if it is safe to use and will also block any viruses. To solve the problem of having no firewall you need to see your I.T technician and get them to put it in place.

In this company staff are able to download what ever they like as downloads are not monitored this means someone could be liable for downloading a virus which could spread round the whole system and cause it to crash. To prevent this from happening an I.T technician needs to monitor downloads and staff should only be aloud to download programs they need.

Also the building is not secured with keypad locking systems or swipe key etc, this means anyone can access the building. This can be very dangerous as it is leaving it easy for people to break in, this can lead to information going missing and peoples accounts getting hacked. To stop this from happening they should get a new locking system which means only staff are able to open the doors.