Wednesday, June 9, 2021

Data Security 8

TECHNICAL MEASURES RELATED TO PERSONAL DATA SECURITY

Ensuring Cyber ​​Security

The view that complete security can be achieved with the use of a single cyber security product to ensure personal data security is not always true. Because threats are expanding their spheres of influence by changing their size and nature day by day.

πŸ‘‡πŸ‘‡πŸ‘‡Click Read more

The recommended approach in this context is the implementation of a number of complementary and regularly checked measures.

The information technology systems containing personal data are priority measures that can be taken against the unauthorized access threats over the internet are the firewall and a gateway. These will be the first line of defense against attacks from environments such as internet.

A well-structured firewall can stop the violations that take place before the in-depth penetration of the network. The Internet gateway may prevent employees to access to internet sites or online services that are threatened in terms of personal data security.

However, some installation and configuration is required for almost every software and hardware.  However, some widely used software, especially older versions, have documented vulnerabilities, and removing unused software and services from devices will help reduce potential security vulnerabilities.  For this reason, deleting unused software and services instead of keeping them up-to-date is a method that can be preferred primarily due to its convenience.

One of the other important elements is patch management and software updates, and it is necessary to regularly check whether the software and hardware work properly and whether the security measures taken for the systems are sufficient to close possible security gaps.

In addition, access to systems containing personal data should be limited.  In this context, employees should be granted access to the extent necessary for their jobs and duties, and their authorities and responsibilities, and access to the relevant systems should be provided by using a user name and password.  When creating these passwords, combinations of upper and lower case letters, numbers and symbols should be preferred instead of numbers or letter sequences that are associated with personal information and can be easily guessed.

Accordingly, it is recommended that data controllers create an access authorization and control zone and create a separate access policy and procedures, and put these policies and procedures into practice within the data controller organization.

In addition to the use of strong passwords, limiting the number of password attempts to protect against common attacks such as the use of Brute Force Algorithm (BFA), ensuring that passwords are changed at regular intervals, opening the administrator account and admin authority for use only when needed, and for employees who are dismissed from the data controller, without wasting time.  Access should be limited by methods such as deleting the account or closing the logins.

In order to be protected from malicious software, it is also necessary to use products such as antivirus and antispam that regularly scan the information system network and detect dangers.  However, only the installation of these products is not enough, it should be kept up to date and the necessary files should be scanned regularly.

If personal data is to be obtained from different websites and/or mobile application channels by data controllers, it is important to ensure made via SSL or a more secure way.

No comments:

Post a Comment

Your comment will taken into consideration.