Protecting data: privacy and security
Security: authentication
One strategy to minimise the potential for data breaches is to ensure that data is only accessible to those people who need to access it. As more people have access to data, the risk of a security breach increases.
Authentication refers to a process that ensures that the correct user is identified and is authorised to conduct specific transactions. These controls permit access to information and technology on a need-to-know, job-function-related basis. They ensure users cannot gain access to information and technology for which they are not authorised.
It is useful for businesses and organisations to develop a program which includes:
- password use (see below)
- data back ups
- general computer use, such as not leaving a logged-in computer unattended
- safe and appropriate use of email and the internet
- security awareness as part of the general business culture
- access to sensitive or confidential data (personnel files, financial records, customer details, sales figures, planning documents) on a need-to-know basis only
- individual accounts for each user
- clearly defined job roles and user accounts to support these roles
- documented acknowledgement of user rights and responsibilities related to access authorisations, including the company policy on acceptable use of systems, hardware and software, communications (email and internet) and the use of peripheral equipment such as printers and scanners
- access control procedures that are documented and implemented and reviewed periodically
Username and passwords
Passwords are the first line of defence against unauthorised access to information and systems.
All new accounts should receive initial passwords set by administrators. Once in the system, new users can specify their own passwords, following a set of password definition guidelines. Basic password rules should include:
- Avoid passwords that are readily identifiable or easy for anyone to guess (such as family names, birth dates), as well as dictionary words.
- Use a mix of upper and lower case alpha, numeric and special characters. (For a useful video on how to come up with strong passwords see www.YouTube.com/watch?v=VYzguTdOmmU)
- Memorise your passwords and make sure that you do not write them down or store them in easy-to-find places or file them on or near your computer.
- Never share your password with anyone.
- Never send your password via email.
- Change your passwords regularly.
- Use a different password for every account.
Further authentication
For further information, search for articles on multifactor authentication at:
