Unauthorized access (NSD) is access to employee data without the authority granted by management or an attacker. Also, in some cases, NSD is called gaining access to data by a person who has the right to access this data to a certain extent, but exceeded it.
Causes and consequences of NSD
Among the main reasons for obtaining unauthorized access to data are:
- incorrect software configuration: firewalls, access rights, restrictions on bulk database requests, etc.;
- minimal security of authorization tools (theft of usernames and passwords, key cards, direct access to an unsecured computer, etc.);
- errors in the operation of the security software;
- abuse of official authority (stealing data, transferring backups to external devices, etc.);
- interception of information by intruders via unsecured data transmission channels;
- the use of malicious software, “keyboard viruses”, Trojans, etc. by attackers.
As a result of unauthorized access to data, the company risks a leak:
- personal data of employees, partners, system users, customers, etc.;
- commercial secrets and secret developments of the company;
- personal correspondence between officials;
- state-important information.
In any case, with VAT, the operation of the security system of the entire company may be disrupted, which can lead to very disastrous consequences.
Information security audit
Providing protection against NSD
Activities, the main task of which is to ensure information security, are conditionally divided into 2 protection groups:
- Information arrays from access to them by intruders.
- Employees of the company from psychological influences from the outside.
The first group includes technical grade processes. Among them, the most active are considered to be:
- protection of equipment from natural disasters (floods, fires), where confidential data is stored and processed;
- minimizing the risk of remote access to information by an attacker;
- protection of information from leakage through technical and network data transmission channels, which include both wired and wireless systems;
- protection of electronic equipment, which is important for mobile operators, military units, etc.;
- installing special software on working machines that will protect computers from malicious applications, attempts to connect to the database of unauthorized users, etc.
In addition to the above, it is important to use simpler, but accessible to all employees of the company, means of countering NSD: complex passwords, data encryption, renaming work directories, etc.