Home » Posts tagged 'data security'

Tag Archives: data security

Old-school data security – the floppy disk is alive and kicking

Accountants have an inherent interest in corporate data, and as such, its security and privacy. In our book, we write about the newest technologies, including cloud computing, where we claim that the cloud can provide a measure of security to companies that the companies themselves would be unable to garner. However, not always is the newest technology the only way to go – in this article on BBC Tech, the author explains how the good old floppy disk, in spite of swan songs having been sung for decades by now, is still alive and kicking. Why is that? Why do organisations like the Pentagon or manufacturing companies keep using this seemingly outdated format? In short, the floppy disk has proven age-resistant, nigh impossible to hack (unless it is lost and found by unauthorised third parties), and usually found in systems that are very cumbersome and costly to update.

So it is one thing to appreciate the newest of technologies, but one should never forget or discard the old ones! As accountants, we should not forget that – for some businesses, it might be better to stick with the old.

Data security as means to data privacy in the cloud

All to often, when it comes to cloud risk, there is no clear distinction between data security and data privacy. Accordingly, they are often used synonymously or all-encompassing. As this post by Brian Anderson details, this is not the case. Data security comprises of concepts and instruments that are put in place to ensure that sensitive data is not accessed, modified or taken by unauthorised parties. Data security instruments are therefore data protocols, access level rights, firewalls and even antivirus software that picks up on trojans or key loggers that may enable a third, unauthorised person to access data that they should not. At the same time, data security ensures that the data is reliable, integer, available and confidential.

Distinct from that is the concept of data privacy that details the adequate use of sensitive data. Companies in the UK, for instance, are required to follow the Data Protection Act  that requires companies to use sensitive data fairly and lawfully, for limited, specifically stated purposes, and in a way that is adequate, relevant and not excessive. At the same time, the information embodied in the data needs to be accurate, kept for no longer than is absolutely necessary, handled according to people’s data protection rights, kept safe and secure, and not transferred outside the UK without adequate protection. Therefore, data security protocols need to be in place to ensure the privacy of sensitive data, mostly customer-related data. Often, companies are criticised on how they treat the data they are supposed to protect. Facebook, for instance, has been heavily criticised (and even sued) for their data security protocols, impacting the data privacy of their users’ personal data.

To summarise the relationship between data security and data privacy, data security is the means to ensure data privacy. They are certainly not the same, but typically come together.

 

Wifi security

image from tinker-tailor-solider-spy.com

While networks have many advantages – the key one being connected systems and data – their key problem is security. The only way to be absolutely certain that data transmitted on a network is secure is secure is to encrypt it – and this is an issue of much debate in recent times.

While a wired network may offer some physical security – hackers have to get one the premises effectively – wireless networks have always had an issue in that they can be “scanned”. Many of use have probably used unsecure/free public wifi on a bus or in a coffee shop. This is fine once you are not sending confidential information.

And I am sure many of us have used the sometimes costly wifi in hotels. We may think as we pay, it is more secure. A recent blog post on the Economist  suggests otherwise. The post notes a report by Kaspersky Labs, which found that specific persons staying in hotels were targeted and their hotel wifi connection snooped. This was down to some clever malicious software, but the lesson to be learned for a business might be – assume all wifi you do not control is unsecure.

 

Keeping data secure

Image from wikipedia

Image from wikipedia

It is good practice to keep a backup copy of key business data. Basis practice is to take a backup of key organisational data regularly on a medium that can be stored offsite if necessary. Arguably, in a cloud computer environment a backup is not needed, but many organisations still (and probably always will) maintain some data internally.

One quite old method of storing a backup copy of data – or even storing data – is on magnetic tape. As recently noted in the Economistthis backup medium has gained a new lease of life. Cloud storage has become so cheap and fast, that the tape could have been seen as redundant. But one thing a magnetic tape has is portability – it can thus be easily secured anywhere, away from normal business risks or even hackers. As noted in the Economist article, many organisations also now generate huge volumes of data (i.e. big data) which may be useful for analysis. Tapes can easily store such data.

The article also notes four advantages tapes have as a backup medium:

1- data can be retrieved fast

2- power is not needed to store the data

3- there are secure as mentioned

4-  they can be repaired (spliced).

There are also likely to be improvements in tape technology in coming years as their value for storing large amounts of data has come back into vogue.