No log on to the Network
There is no log on to the network so with 50 users anyone can get on to the network and view or delete work. The files can be very disorganised as people are adding in there own work and have it all over the place and you can’t find any of your work. Everyone has access to all the same information even if it has nothing to do with them or the information have no relevant to the work they are doing. People can take other peoples work and pass it off as their own. People will need user names and passwords so that they can only access them and passwords should be changes regularly. There should be different levels for different people example only accounting people can access anything to do with pay and the head of the company can access any file. Internet (unrestricted access)
The Internet is unrestricted access. They will have access to any webages and can get distracted from their work e.g. Facebook and Youtube. They can pick up viruses from unverified Web Pages. They can go on Web Pages that are illegal and they should not be allowed on them. Have certain Web Pages blocked so they can’t view them.Staff is allowed to install and remove software
Staff is allowed to install and remove software. They can remove important or valuable software that cost a lot of money to install or replace. They can install software that can have viruses and damage the system. They can use up the disk space by installing software they don’t need. For example if they remove like Microsoft Office they work production would slow down and not get as much work done. Don’t allow anyone to install or remove software. This is a breach of the Computer misuse law as they are allowed to remove or install software.Data is backed up once a month
The data is backed up once a month. If data is lost or deleted between that month then you can’t get the data back you have to start from the last time you backed it up. You should back up data once or twice a day so that if your system crashes you will have the latest data for your work.
Data Tapes are kept secure in a locked plastic box on top of the server
Data Tapes are kept in a plastic box. The plastic can melt and damage the data tapes you should put them away some where safe so they are out of sight. Don’t put the tapes on top of the server as the server will heat up and melt the box. Put the Data Tapes is a fireproof box and in a remote location away from your business because if you’re building is broken into or burnt down you will have your backed up data and can start from it.
Database on Customers
The company has a database of all their customers and all staff members have access to all the customers’ personal formation in the database. A few times the manager has over heard staff members discussing account details with other suppliers this is a breach of the Data Protection Act as they are giving personal details to third party without the person knowing about it. Another breach is that they are only allowed to hold data for that purpose and not give out the information to anyone without the person’s approval and not over the phone. Only allow certain staff members to access the database to protect personal details and not breach the data Protection Act.
Email is available to all
All the emails are available to everyone so if you are waiting on a personal email everyone would be able to view the email. If you are waiting on account details for a customer and someone else looks at the email and takes the account details and commit fraud. With emails being available to all someone could open an email that has a virus and could ruin your system. You should have individual emails for all staff at the company so you have your own emails and no one else can view your own emails.
IP Address are not kept
The IP addresses are not kept of the websites that are visited by staff members so that you can not see what websites your staff has been visiting. If they are visiting any websites that would distract them from their work then you wouldn’t be able to tell if they were. They should have a record of all the websites that their staff has been on so they can monitor them.
No Firewall in place
There is no firewall for their system so anybody can hack into their system and take peoples personal information or delete important data about them. Anything can get into the system so they have no way to know if it has been hacked or not. Put a firewall in place so people can’t get into the system easier and have better security for the system. Downloads are not monitored
The downloads are not monitored so the staff could be downloading viruses into the system by being able to down load what ever they want. They could download illegal stuff on to the computer and it could distract them. They should not allow anything to be downloaded only certain people have access to download things.
Entrance doors are not protected
The entrance doors are not protected so anyone can walk in and out of the building. Every staff member should have a key card so they can enter and leave the building by swiping the card. There should also be a security guard at the door so he can monitor how comes and goes from the building.
Data Protection Act
The act creates a register of those individuals or organisations which hold and process personal data. With the data protection act you as a company are not allowed to hold any irrelevant information on a person unless there is an agreement with the person. A company is not allowed to share any personal information with another party without consulting the person and they agree. In the paragraph about the database of information on customers the company have broken two Data protection acts which are sharing information to a third party over the phone and giving account details to other suppliers. All the data should be accurate and kept up to date, should only be kept for the necessary amount of time. Any customer is allowed to find out what information is held on them or what data needs corrected or erased. So with the database on the customers they can find out what information the company has on them. Appropriate measures have to be taken to prevent unauthorised access or modification to personal data.
Computer misuse Act
The computer misuse Act was designed to protect the integrity of computer systems by deterring the activities of hackers.Unauthorised access to computer programs or data with having no firewall in place they are allowing hackers to access their system and take any information easily. Unauthorised access with a further criminal intent so they could take customers personal information and commit fraud. Unauthorised modification of computer material
y u do dis
ReplyDelete