Home » Posts tagged 'data security'
Tag Archives: data security
Accountants have an inherent interest in corporate data, and as such, its security and privacy. In our book, we write about the newest technologies, including cloud computing, where we claim that the cloud can provide a measure of security to companies that the companies themselves would be unable to garner. However, not always is the newest technology the only way to go – in this article on BBC Tech, the author explains how the good old floppy disk, in spite of swan songs having been sung for decades by now, is still alive and kicking. Why is that? Why do organisations like the Pentagon or manufacturing companies keep using this seemingly outdated format? In short, the floppy disk has proven age-resistant, nigh impossible to hack (unless it is lost and found by unauthorised third parties), and usually found in systems that are very cumbersome and costly to update.
So it is one thing to appreciate the newest of technologies, but one should never forget or discard the old ones! As accountants, we should not forget that – for some businesses, it might be better to stick with the old.
All to often, when it comes to cloud risk, there is no clear distinction between data security and data privacy. Accordingly, they are often used synonymously or all-encompassing. As this post by Brian Anderson details, this is not the case. Data security comprises of concepts and instruments that are put in place to ensure that sensitive data is not accessed, modified or taken by unauthorised parties. Data security instruments are therefore data protocols, access level rights, firewalls and even antivirus software that picks up on trojans or key loggers that may enable a third, unauthorised person to access data that they should not. At the same time, data security ensures that the data is reliable, integer, available and confidential.
Distinct from that is the concept of data privacy that details the adequate use of sensitive data. Companies in the UK, for instance, are required to follow the Data Protection Act that requires companies to use sensitive data fairly and lawfully, for limited, specifically stated purposes, and in a way that is adequate, relevant and not excessive. At the same time, the information embodied in the data needs to be accurate, kept for no longer than is absolutely necessary, handled according to people’s data protection rights, kept safe and secure, and not transferred outside the UK without adequate protection. Therefore, data security protocols need to be in place to ensure the privacy of sensitive data, mostly customer-related data. Often, companies are criticised on how they treat the data they are supposed to protect. Facebook, for instance, has been heavily criticised (and even sued) for their data security protocols, impacting the data privacy of their users’ personal data.
To summarise the relationship between data security and data privacy, data security is the means to ensure data privacy. They are certainly not the same, but typically come together.
While networks have many advantages – the key one being connected systems and data – their key problem is security. The only way to be absolutely certain that data transmitted on a network is secure is secure is to encrypt it – and this is an issue of much debate in recent times.
While a wired network may offer some physical security – hackers have to get one the premises effectively – wireless networks have always had an issue in that they can be “scanned”. Many of use have probably used unsecure/free public wifi on a bus or in a coffee shop. This is fine once you are not sending confidential information.
And I am sure many of us have used the sometimes costly wifi in hotels. We may think as we pay, it is more secure. A recent blog post on the Economist suggests otherwise. The post notes a report by Kaspersky Labs, which found that specific persons staying in hotels were targeted and their hotel wifi connection snooped. This was down to some clever malicious software, but the lesson to be learned for a business might be – assume all wifi you do not control is unsecure.