Tuesday, 14 October 2008 8:44PM

News & Events >> 

Recruitment Services >> 

Business Directory >> 

Information Centre >> 

Online Tools >> 

About Us >> 

Contact Us >> 

 

Protecting Your Data 2

Home > Information Centre > Spotlight & Hot Topics

PROTECTING YOUR DATA

In addition, the physical security of IT equipment is an important factor to be included in any comprehensive security plan, as is the physical access to sensitive data storage areas and the policy regarding regular data and transaction backups and off-site storage.

With the increasing use of portable computers for both offline and online data processing, the risk of data loss has increased enormously. According to the insurance company Safeware over 600,000 computers were stolen in the United States last year. Many of these thefts compromised company networks and confidential data.

Apparently over 60% of computer attacks in government agencies, corporations, and educational institutions in the United States were attributed to mobile PC theft. In the same year, mobile PC theft resulted in $6.7 million of losses. These statistics underscore the importance of regularly archiving of all documents, folders and settings so that you can retrieve the data if your mobile PC is stolen or the hard disk drive fails. However no matter how you back-up your data if it contains personal / confidential information about one or more individuals you have a responsibility under law to ensure that it is totally safe and secure.

When holding information on mobile devices or transmitting data, either physically or via the Net, an increasing number of IT managers are building Data Encryption into their security plans. Encryption is the transcription of data from an intelligible format to an unintelligible one which then requires a special decryption ‘key’ to re-activate.

You may have a firewall and antivirus software installed on your mobile computer, but these only protect you from attacks on the Internet. What happens to your confidential files if your laptop is lost or stolen? Encrypting your data means that losing your computer doesn't mean that your data will be compromised. With Windows XP Professional, you can help protect private customer, financial and other personal information by using its Encrypting File System (EFS).

When you encrypt a file or folder, you are converting it to a format that can't be read by other people. A file encryption key is added to files or folders that you choose to encrypt. This key is needed to read the file. Windows XP Professional makes the encryption and decryption process easy—simply follow the steps outlined within Windows to encrypt your files or folders. When you are logged on to your computer, you'll be able to read them. Anyone who tries to use your computer without your logon will not be able to read them. It is important to make sure you have your computer set up so that you have to log on to use it (when you start up, or when you have been away from the computer for a little while).

There are a number of proprietary data security tools for advanced access control, encryption and audit, which provide much more than the standard Windows security services. Such software enables the user to control access rights to various files and folders not only for users, but for applications and system processes as well. These advanced encryption systems prevent data from disclosure, theft, modification, corruption, and deletion by another user or various malicious programs such as viruses, trojan horses, spyware, etc.

Such Window’s independent security systems enable users to set the access rights either for individual users or applications. For example, the system administrator can forbid access to any or all .doc file objects for all applications except Microsoft Word. After that, even if any virus application starts in the system, the file would never be corrupted or deleted by the virus. Also, the administrator can forbid access for a peer-to-peer file exchange program to all files in the system except files in its own folder(s). In this case, even if the program starts a trojan, it will never get access to the data or system files. Such high level protection cannot be achieved by the standard Windows security services because it controls access to files basing on the user's access rights, which the trojan can easily obtain, whereas more advanced systems control the access rights individually for each program.

To protect data from loss, users can create backups of encrypted data / files on a wide variety of external devices visible by the host operating system.

In summary, remember that the Data Protection Act is not a set of guidelines it’s the law and hence your computer systems must reflect its regulations concerning the personal data of the individual.

Author: Phil Snee, Development Director, Linetime Limited

First published: Credit Collection & Risk Magazine

 

View Business Partner Profile

 

 

 

Back to Spotlight & Hot Topics
 

Professional Bodies

ALCDILCALaw Society - Law Management SectionLSSA

Business Directory Partners

iTopia ConsultingBalance RecruitmentTimeslice LtdEclipse Legal SystemsPeapod Solutions LtdAxis Legal AccountsLegal Technology InsiderAdvertiseLinetime LtdCMS Cameron McKennaSJ Berwin LLPLinklaters