Why we changed this site: Click here to find out why the website changed.

Close
Created by e-skills uk

e-skills UK Guide

Controlling access to data

Protecting your data from unauthorised access

Every business has data that needs to be secured. If you are running a business as a sole trader then you do not need to really worry about others seeing any confidential data. But what happens when you start to employ people who may have access to your PC?

Even if they are not employed to work on a computer they may decide to jump into your seat when you are out and have a browse around the internet or your laptop data, looking at your confidential information.

Steps to secure your data

The chances are you will already have most, if not all, the equipment and software you need to implement the security measures you decided on in the planning phase.

Unfortunately, we cannot provide specific guidance for how to do that here because security features vary widely between products, operating systems and even versions of the same operating systems.

It is therefore possible that you will need to find someone that can help you create your access controls.  If you do, make sure that you allow time for them to: 

  • Show you or someone else in the business what they are doing.
  • Document the security measures they have implemented.

Most access controls are simple to update once you know what needs to be done.  In your documentation, make copies of key screens and make notes as you go along so you build up a small user manual that means you do not have to involve someone from outside every time you want to make a change.

As you implement each security measure you should test it is effective.

Security responsibilities

It can be difficult for businesses to decide how best to manage and implement security controls.  In particular, who should hold high-level passwords that provide access to sensitive data?

It is clearly desirable that managers make the decisions about who should have access to what data.

It is also likely that managers will not be able or willing to implement those decisions and will want to delegate that job to a relatively junior administrator.  However, what is to prevent that administrator using their privileges to gain access to data they are, themselves, not authorised to see?  If that person leaves the company, what is to prevent them creating holes in the security measures that they can exploit later on?

This is obviously not an issue in smaller businesses where the chief focus is on preventing external access to data or where you can place a high level of trust in your administrator.

If you are concerned about the access available to an administrator, we suggest you consider:

  • Giving the business owner or a senior manager responsibility for changing high-level passwords once they have been created.  Those passwords should be kept in a secured place readily available in case of emergency.  If the passwords are needed, then either:

- The appointed manager can enter the password; or

- if they are not available, the password can be accessed and a new one can be created later on.

  • Making sure anyone with sensitive data that needs to be withheld from the administrator knows how to encrypt that data with a personal password.
  • If there is any concern about the circumstances in which an administrator leaves the business, ask a security consultant to:

- Look for possible security holes;

- Make sure all key passwords are changed; and

- ensure that the business is not locked out from any data or systems.

  • Implement some type of separation of duties, if appropriate. This is the principle of preventing one person having control of the data as well as the data security. For example you may have a database administrator who has complete access to your business data. By implementing separation of duties they will not be able to view the data they are backing up as their role is separate to the security role. This can be a difficult process to implement by may be beneficial if you deal with sensitive data.
Rate This:
i
Bookmark this page:
DiggDigg
del.icio.usdel.icio.us
redditreddit
FacebookFacebook

What Now

floppySave this guide to your profile
printPrint this guide
pdfDownload the guide in PDF version *

* In order to print the guide or open it in PDF format, you will need to install Adobe Acrobat Reader.

Send to a friend

Friend's Name
Friend's Email
Submit

Credits

Close

You have:

0

Credits

For FREE UNLIMITED access:

Login to your account

Email:
Password:

Forgot your password?

Login
Not a member already?
Register Here
You don't want to login? Cancel
Quick Registration

Quick Registration

Get unlimited* access to guides, tips and facts, by becoming a FREE member.

Email:
Password:
Re-type Password:
First name:
Company name:
County:
Region:
Sign up for free site updates
REGISTER FREE
Already a member? Login Here
Don't want FREE access? No Thanks

Registration Benefits

Post Code

Hello User,

In order for us to provide you with the most relevant information, please supply us with your postcode so we can determine your region.

Thank you

Your Post Code:
submit
No Thanks