Data Security and the role we can play
Data security breach is on the surge. As many individuals and organisations become connected and form part of the global network, security becomes an issue.
Access to peoples’ personal information and threats to social networking sites are some of the problems that need attention.
Advertisement
Other issues may include unauthorised access to business sites and stealing of intellectual properties.
A few years back, data security was not something that people worried about so much because data mostly had to be recorded manually, so much data were not even captured as is being done these days. Businesses that had peoples’ records in paper files had them stored in file cabinets in physical buildings.
Records were kept in silos, which made it extremely difficult for unauthorised persons to have access to the data unless they were able to break into the physical buildings.
However, in recent times, data about people and things are being collected daily. Unfortunately, the data collected by businesses/institutions or certain websites can sometimes end up in the wrong hands. There have been so many discussions on the radio in which some callers expressed surprise as to how their information ended up in the wrong place. When bad people have access to your data, they can use it for so many purposes that will benefit them and cause serious harm to you.
In many western nations, there have been issues such as identity theft where people steal and use other people’s identities for the purpose of buying homes or cars, obtaining medical services, or obtaining new credit cards or bank accounts.
The bad guys can even steal all your money from your bank accounts when they get your information. The situation requires strong data security.
Data security requires all hands on deck. It requires a comprehensive approach.
To secure data, it is important to make sure that all the processes and systems around it, including hardware, software, the network, and its devices, users, procedures and data are all secured. To understand the scope of data security, one must first appreciate the Confidentiality, Integrity, and Availability of Data (CIA) which form the components of data security.
Confidentiality ensures that data is prevented from getting into the hands of unauthorised users. Simply put, data/confidential information must not fall into the hands of an unauthorised person. Users have privacy rights and so their information must be safeguarded against disclosure. Data confidentiality is ensuring that data is protected.
Integrity, on the other hand, is ensuring that data is kept consistent and free from errors. It also means that only authorised users can modify data. However, the authorised uses must desist from making any unauthorised changes.
Finally, data availability guarantees the accessibility of data whenever required by authorised users and for authorised purposes.
Under no circumstance should an authorised user be denied access to data or have his/her information high-jacked, a situation referred to as denial of service (DoS).
What is your role in ensuring data security?
Users: As an individual user, some of the things you can do to ensure data security include creating a strong password. The password must contain at least 14 characters including letters, numbers, and special characters, and must be changed periodically.
It must not contain any personal information and must also not have dictionary words that will make it easy for anyone to guess. You should also keep the hardware in a secured place. When you use a public computer, make sure to shut it down or delete your user ID and password after you are done.
Be very careful about using a flash-drive on a public computer or somebody using his or her flash-drive on your personal computer (PC).
Businesses/Government/Organisations: Business must enforce complex password policies, use multi-level authentication, educate users about sensitive data and social engineering attacks, install security cameras.
They must also install an uninterrupted power supply, add security locks to computers, create data backups, ensure there are recovery plans in place in case of any eventuality or natural disaster and implement a kill switch for any stolen portable computer.
In addition, they are encouraged to apply application server and operating system patches, install antivirus and antispyware software, enforce audit trails, employ network activity monitoring and intrusion detection systems and use firewalls.
PhD, MSMIS