Data Security Problems - Essay Example

Data Loss number module number In the contemporary world of digital technologies information is one of the most important assetsany company or organization has. In most of its spheres, including culture, healthcare, and business, modern society heavily relies on digital devices, such as discs, laptops and USB keys, to keep records and store information vital for the functioning of an organization, and, sometimes, even crucially important for a life of an individual. Therefore, since data storage is an important part of informational infrastructure of an organization, a serious problem which the technological age entails is data loss. The given report will highlight some examples of what problems data loss may cause to a company, as well as outline the major reasons of the problem. In addition, in order for us to be able to manage the problem, the most effective ways of preventing data loss and increasing data security of an organization will be presented. The data loss issue may be related to any aspect of organizational performance – from making some sensitive information about company’s clients available to others, up to the rival’s getting some strategic and confident information about a competitor. In 2006 a pack of debit card transaction copies of a clothing store were found in the city street. They all contained a valid card number, expiry date, and owner’s signature (Codd, 2006). It was 2007 when in the UK 25 million of child benefit records were lost with 2 computer disks (BBC News, 2007). The information included names, addressed, bank accounts, and insurance numbers. A memory stick with names, patient numbers, and STI test results of 146 people disappeared from the Chelsea and Westminster Hospital on August 21, 2008 (PinkNews.co.uk, 2008). In the same 2008 the records on 84 thousand people in the UK criminal justice system were copied to a USB drive, which got lost (Gitlin, 2008). These were just a few examples of what a data loss means. KPMG reports that 92 million people around the world have been affected by data loss incidents in 2008, and predicts the number to rise up to 190 million in 2009 (KPMG Europe LLP, 2009). The outcomes may be horrible, and range from company’s reputation being spoiled, to both corporate and individual financial losses. Regarding this matter Reto Gallati (2003: 294) outlines that loosing a reputation and a good name is one of the worst losses a company may suffer since a positive reputation is one of the most valued assets of an organization. Besides: Damage to that good name, is one of the most difficult risks to overcome: you usually can’t pay a fine or take a charge that will quickly reduce the risk to your firm’s reputation (2003: 294-295). However, nowadays an organization cannot function without digital devices. According to Tipton and Krause (2007: 1294), out of the companies that faced a serious data loss, ‘43 percent never reopen, 51 percent reopen but close within 2 years’. So, since we cannot avoid using electronic data storage devices, we must find the ways of coping with the risk of data loss. First of all, let’s take a look at the data loss incidents – they can be related to either software or hardware. Boston Computing Network (2009) reports that 42% of data loss cases in Europe take place due to hardware problems, such as power surge damage, and drive, controller or CPU failure. On the second place stand human errors (31%), such as accidental deletion or overwrite of information. Other reasons may include software errors (such as file corruption or a virus infection), natural disasters, theft, or hardware loss (Boston Computing Network, 2009). So, in order to ensure all the company’s information remains safe and protected, an organization should develop specific rules and policies that would reduce the chance for any data to be lost or corrupted. Purpura, for example, recommends ‘to develop an effective loss prevention program’ (2007: 31), which would be controlled and managed by a loss prevention manager. However, not all the small companies can afford such a solution. Therefore, let’s take a look at the simplest options that can provide the basic security and safety of your company’s data. The lowest level of data loss is usually caused by company employees by means of portable storage devices, such as USB memory drives, CDs or iPods (Miller, 2008: 54). The solution here can be purchasing computers with no writeable devices, or simply prohibiting using portable data storage devices at a workplace. Another option is disabling your computers’ USB drives via the computer’s Operational System, for example. In addition, there exists special software which allows you to monitor the access to removable storage devices on the company computers (Miller, 2008: 56). In order to prevent your corporate information being viewed by unauthorized individuals, make sure all your computers are protected by passwords, or that the files are encrypted so that only authorized users can access the information. Another important action is to ensure that the access to your data storage systems is controlled and monitored. It’s better to have all the storage media stored in one easy to protect place, access to which is allowed only to the authorized personnel, and is even protected by, for example, an alarm system. It also relates to physical data, such as printed documents (Miller, 2008: 63). Since the network computers of a company have access to sensitive information, its use should be monitored: any information being sent via the Internet is at risk of being stolen. So, ‘content monitoring software can detect this activity and block it’ (Miller, 2008: 63). Digital rights management programs can help to make sure that only authorized people can access, copy, send or edit company files. In such a way the risk of files being overwritten or stolen is reduced. So, in order to ensure your company’s data is protected and safe, make sure you have protected it from unauthorized access, first of all. Secondly, protect the computers form viruses by means of antivirus software, and use licensed software. Thirdly, take regular care of the hardware in use so that the risk of loosing data due to hardware problems is minimal. In addition, ensure that in case your data gets lost or damaged, you have some backup options: a solution could be, for example, regularly saving copies of information on supplementary dives, or using special software to recover lost data from hard drives. Word count: 1065 References BBC News. 2007. Brown apologises for records loss. [Online]. BBD Home. Available at: http://news.bbc.co.uk/1/hi/uk_politics/7104945.stm [Accessed 17 January 2009]. Boston Computing Network. 2009. What is Data Loss? [Online]. Available at: http://www.bostoncomputing.net/consultation/databackup/dataloss/ [Accessed 15 January 2009]. Codd. J., 2006. Credit card fraud fear as slips found in road. [Online]. Available at: http://attrition.org/dataloss/2006/07/oasis01.html [Accessed 16 January 2009]. Gallati, R., 2003. Risk Management and Capital Adequacy. McGraw Hill Publishing. Gitlin, J. M., 2008. Latest UK data loss due to misplaced USB thumb drive. [Online]. Ars Technica. CondéNet Inc. Available at: http://arstechnica.com/news.ars/post/20080824-latest-uk-data-loss-due-to-misplaced-usb-thumb-drive.html [Accessed 15 January 2009]. KPMG Europe LLP. 2009. From the UK: Data losses set to soar, predicts KPMG. [Online]. Available at: http://www.kpmg.eu/headlines/6211.htm [Accessed 16 January 2009]. Miller, M., 2008. Is It Safe? Que Publishing. Tipton, H.F. & Krause, M., 2007. Information Security Management Handbook. 6th ed. CRC Press. PinkNews.co.uk. 2008. NHS hit by loss of sexual health data. [Online]. Available at: http://www.pinknews.co.uk/news/articles/2005-8916.html [Accessed 17 January 2009]. Purpura, P., 2007. Security and Loss Prevention. 5th ed. Butterworth-Heinemann.  . Read More