IMPACT OF I.T SYSTEM BREACHES

By George Smith-Moore

WHAT WILL BE INCLUDED?

How an organisation’s I.T system could be breached, and the legal responsibilities. I will also show the impact of I.T system breaches.

Sources:

http://ico.org.uk/for_organisations/data_protection/security_measures

HOW AN ORGANISATION’S I.T SYSTEM CAN BE BREACHED

An I.T system can be breached in several ways. Some of which are more complex than others, and they require different security measures to prevent. If an I.T system has a local server, with all data on-site. Then that data can

be accessed in a variety of ways. By using the computers to access data. If they are locked with admin, then using your own laptop, and using one of the

Ethernet cables. This can by prevented with MAC filtering. E-Mails can be hacked through the use of simple passwords, and simple

security questions that can be guessed; or coaxed out of the employee. A weak firewall can be bypassed by an able hacker. This could allow

access to steal or corrupt data; or both. A hacker can also not only steal and corrupt data, but it can also render

service s offline, such as the E-Mail for employees could be made unavailable; this can be done by Ddos.

Available USB ports in computers can be used to transfer data onto a removable USB device. This can be exploited to steal data.

LEGISLATION TO PROTECT DATA

The Data Protection Act of 1998 ensures that data stored by companies has to be kept safe, and secure.Not all of the principles of the act apply to the protection of data, some points are to the collection of data.

To protect data you should install a firewall, Have virus checking capabilities, have updated software and security patches.

You should encrypt all data, and only allow staff access to what they need. Data should also be backed up, in either a private place or the cloud.

E-Mail’s that are sent should use ‘bcc’ (blank carbon copy), so each recipient cannot see the other’s.

If the data protection act is breached, consequences can vary, from a fine, to proceeding from the European Court of Justice.

COMMON SECURITY THREATS

The most common type of security threats, are mainly internal.

Untrained staff are a main cause for security threats. They may leave data in places or be coaxed out of passwords and security questions.

Coaxing someone out of information, is known as social engineering.

Wireless networks that are incorrectly configured can result in major security breaches.

Malware is an external cause of a security threat. Botnets and spyware, and even Trojans.

POTENTIAL IMPACTS OF SECURITY THREATS

Potential impacts of security breaches for a business, usually result overall in a loss of profit.

Profit is damaged by security breaches, but to do this, it also means that the business reputation is also damaged. So security breaches usually have a long-term effects.

If a company has been affected by a security breach, where all of it’s customer data is lost, another rival company may be the cause. This means that the rival company could possibly have the customer data to send E-Mails to, suggesting why they should use them instead of the affected company, they could offer cheaper prices, and information about the recent data loss. This results in a loss of business for the original company.

POTENTIAL IMPACTS OF SECURITY THREATS (PAGE 2)

If the company’s main form of communication is via E-Mail, that could be rendered offline via Ddos attacks. This means that they may not be able to access vital information for a case and that they would not be able to communicate with potential and existing customers.

This would lead to a loss of reputation and profit for the business. Their competitors may benefit from this.