ECE Lead

You are here:

Security of business data

Overview

Connecting computers together in a local area network (LAN) has many advantages. It permits the sharing of information and resources such as printers, data backup systems, and an internet connection.

While not wishing to diminish the security threat that the internet presents, the greatest threat to business information (data) security is actually internal users. Therefore, a data security policy should be implemented and updated regularly.

ECE Services which provide secure web browser access to a centralised repository of business information have provided (arguably) the best structure for the ECE environment by relieving individual Services of the technical and financial overhead of storing and backing-up their business data.  However, their data security responsibilities in all other respects remain undiminished.

Data shall be stored securely and accessible only to those authorised to view and use the information. Access to information stored in computers should be secured by:

  • Storing ICT equipment securely
  • Proper user authentication – logon/password
  • Keeping passwords secret
  • Controlling network access to shared files – setting privileges

Data integrity and protection against loss shall be secured by:

  • Regular back-up and storage off-site
  • Up to date antivirus software

Physical Security

The loss of a computer to theft is, at worst, inconvenient.  The loss or disclosure of personal information about children has potentially far more detrimental consequences.

All ICT equipment which stores ECE business information and images shall be held securely in a lockable cabinet.

ECE Service records (business information) should be stored on a single central computer which is mounted in a lockable ICT equipment cabinet. The cabinet should be located in the Supervisor’s office or other secure location out of public view. The cabinet will, most likely, also be the point of termination and patching for the building computer cabling, the internet modem, firewall, router, and Ethernet switch.

Business information should not be stored on laptops, unless it is used as the means of data back-up. Laptops, by their nature, are portable and attractive to thieves.

Control of Access to Information

Business data held on computers connecting to the workgroup network shall be properly secured and access to that data strictly controlled.

Each computer user should have their own User Account so that their private information can be concealed from other users. User Accounts are identified by logon name and secured by password.

Workgroup file sharing shall be configured to permit or deny specific users, or groups of users, access to particular shared files or folders.

User Accounts shall be allocated an access status which controls access to shared files or folders.

For guidelines on sharing files between Windows and Apple Mac computers see Microsoft’s: How to configure file sharing in Windows XP  and How to create and configure user accounts in Windows XP  and Apple’s Small Business Tutorials on common integration tasks in a cross-platform context.

Windows XP Home Edition does not support the Shared Documents feature.

Wireless Security

A wireless signal may be able to be detected more that 100m from the wireless access point – from a neighbouring property or even the street. Setting security features to prevent unauthorised use of your internet connection and to prevent unauthorised access to business information is imperative.

Power output should be set to the lowest level, consistent with required coverage and data throughput, to reduce coverage of neighbouring properties.

Because code crackers for 64/128-bit WEP are freely available on the internet, WPA-PSK should be the minimum level of encryption employed to preserve password and data privacy. Both Windows XP SP2 and Mac OS X (release 10.3.7) support WPA-PSK. WPA2-PSK provides even better encryption and may be considered if the wireless router and wireless computers support it.

Preservation of Information

ECE Service Supervisors shall take appropriate measures to ensure that business data is backed up and recoverable in the event of equipment failure, theft, or loss by natural disaster.

There are a number of simple, convenient and easy to use ways in which regular (at least weekly) back-up of business data and secure off-site storage can be facilitated. These include back-up to:

  • Portable hard disk drive
  • Laptop
  • Writable CD or DVD
  • USB memory stick

A centralised repository for browser-based online information storage and access which is supported by ECE associations, may provide the simplest, most reliable, and cost-effective means of securing information for ECE Services.

Antivirus

ECE Service Supervisors shall ensure every computer used by the Service runs and keeps up-to-date reputable antivirus software. Antivirus software is essential whether or not a computer connects to a private network or the internet.

The transfer of files from one computer to another using USB memory sticks and other media is common. Malicious software or “Malware” (viruses, worms, Trojans, spyware and adware) may be transferred and automatically installed along with the intended files unless normal security measures are invoked.

Last updated: 7 July 2009