Here we provide some information and guidance relating specifically to information technology equipment i.e. computer data and associated hardware.
Advice and guidance on general office equipment and preventing it from being stolen is also covered under Your Business – Security of premises.
The Computer Misuse Act 1990 provides for the securing of computer material against unauthorised access or modification. It is intended to be used against 'hackers' (i.e. people who break into computer systems without authority, either externally or within an organisation).
The legislation is not intended for individuals who have lawful access to a computer system but misuse that privilege by looking at material they are entitled to recall, but have no legitimate reason for so doing, but can include individuals who have lawful access to specific files on a system, but then look at other material on the same system (e.g. an operator is given a number of computer files to work on, he accesses other files which do not concern him).
The Computer Misuse Act 1990 legislates against unauthorised access to or modification of computer material.
Section 17 of the Act contains interpretation of terminology used within the Act and covers:
- Secure access to programs or data held in a computer
- Unauthorised access
- Reference to programs or data held in computer
- Modification of computer contents
- Reference to programs
Computer (internet) crime is a growing industry and sensible precautions should be taken to guard against it. The ease of access offered by the internet provides the opportunity for a relatively simple point of illegal entry into company computers and their data.
There are many sections within the legislation, but misuse of company hardware is covered by Section 1 of The Computer Misuse Act 1990 and legislates against unauthorised access to or modification of computer material.
What do you need to protect yourself against?
1. The theft of your computer software or data, including virus contamination
- Crime against business is reaching into new dimensions as criminals target data and information used by you to conduct your business.
2. The theft or corruption of your computer hardware or associated equipment
- Business premises are targeted by thieves looking for high-value equipment, such as computers, printers, copiers or fax machines that are easy to remove and sell on.
- The physical security of the equipment within your business can be mitigated by implementing the advice guidance in our business security and property marking sections.
What can you do to protect yourself?
The theft of your computer software or data, including virus contamination.
- Maintain the system security on your computer(s) – this can be automated. An unprotected computer is more likely to have software vulnerabilities that can be exploited.
- Install protective software. When installed, the software should be set to scan your files and update your virus definitions on a regular basis.
- Choose strong passwords. Use letters, numbers, and special characters to create a mental image or an acronym that is easy for you to remember. Create a different password for each important account, and remember to change passwords regularly.
- Backup your data on from your computers regularly. Keep a few months' worth of backups and make sure they are stored securely in a safe place (preferably off site) and the files can be retrieved if needed.
- Control access to your machine. Don't leave your computer in an unsecured area, or unattended and logged on, especially in public places. Remember that the physical security of your machine is just as important as its technical security.
- Use email and the Internet safely. Ignore unsolicited emails, and be wary of attachments, links and forms in emails that come from people you don't know, or which seem "phishy." Avoid untrustworthy (often free) downloads from freeware or shareware sites.
- Use secure connections when out and about with mobile devices. When connected to the Internet, your data can be vulnerable while in transit.
- Protect sensitive data appropriately to reduce the risk of identity theft. All existing and new business and data processes should include a data security review to ensure data is safe from loss and secured against unauthorized access
- Don't save your logon information and always log out of websites by clicking "log out" on the site. Disable automatic login features so no one else can log in as you.
- Don't leave the computer unattended, espcially if there is sensitive information on the screen. If you have to leave the office computer, log out of all programs and close all windows.
- Use desktop firewalls. Most computers have basic desktop firewalls as part of their operating systems. When set up properly, these firewalls protect your computer files from being scanned, but dependent on the size of your business, you may need to obtain bespoke arrangements.
- Keep up to-date and stay current with the latest developments and upgrades for the computers you use.
- Plan ahead and have a plan to review your data security status and policies. Implement routine processes to access, handle and store the data safely as well as archive unneeded data.
- If you don’t need it, don’t keep it. Only keep data that you need for day-to-day current business. Safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks).
Remember – It is vital to your business to have a contingency plan to ensure that you and your staff know about and how to respond if you have a data loss or data breach incident.
A virus is a program that enters a computer, usually without the knowledge of the operator, and either causes messages to appear on the screen, or is more destructive and can potentially clear the computer's memory or cause more severe damage. They may also allow another person to take control of your computer (and/or system) without authorisation. Such viruses can spread from machine to machine from use of ‘memory (USB) sticks’, CD/DVD disks or, more commonly, over the Internet or company intranet systems.
Remember - The creation of computer viruses can be part of cyber-warfare and can be a threat at the highest level.
Examples of viruses include:
Trojan Horse – designed to deliver a malicious program that may cause destruction to your computer. A Trojan horse is delivered by someone or hidden within another program that may seem harmless. Data may be routed back to the originator about you and/or your company.
Spyware – intended to monitor your actions on a computer. A common type of spyware is a key-logger program. This program can record every key stroke and mouse click you make and can be delivered via a Trojan horse program.
Worms – these are more than annoying and will cause sluggishness in a network. A worm will replicate itself and spread from computer to computer. Worms are commonly spread via email attachments.
There is no easy answer to this as technology and the skills of those that write such programs continues to improve.
However, some viruses will evidence themselves because they may cause your computer to:
- operate very slowly
- suffer numerous pop-ups
- fill up the hard drive
- launch applications by themselves
- open and close CD/DVD drive by itself
- freeze or even crash totally
The theft or corruption of your computer hardware or associated equipment
- Thieves have been known to walk into premises, pick up an expensive piece of equipment and walk out in full view of everyone. Always challenge strangers who enter your premises, particularly if they are found to be in areas not normally accessible to the public.
Minimise the equipment you have on show
- Where possible, put equipment, such as computers, out of view from passersby, or install blinds or reflective film to prevent people seeing what you have.
Never leave any mobile devices lying around
- Whether in a car or on your desk it will only take a few seconds for a thief to remove it.
Secure your equipment(s)
- Chains and cables - including lock-down plates, lockable clamps and similar devices can be used to secure equipment to a solid surface or structure. Devices are even available for laptops and other small devices.
- Cages and boxes – for more permanent security solutions. Access to any part of the equipment is denied once the cage or box is locked. The cages or boxes are bolted to a solid structure, e.g. wall or floor, and are ideal for items such as computer servers or central processing units (CPUs). The equipment can still be used even when the cage or box is locked.
- Localised alarm systems – can be installed that will activate if the ‘tagged’ item goes beyond the geographical boundary set up. This type of application is used on items in retail outlets where there are limited access/exit points and the system triggers as the ‘tagged’ item passes a receiving station.
Track your equipment
- Tracking devices (many products available with varied specification) can be fitted to more expensive items of equipment. Property that has a device fitted and is stolen can be tracked and located.
- Equipment that is removed from an office for work purposes can present a security challenge. Implementing specific staff guidelines to minimise the risk of theft should be considered. Such guidelines might include locking equipment in the boot of a car or staff always keeping the equipment with them and secure. For business vehicles it is possible to purchase secure storage boxes which can be bolted into the vehicle.
Replacing stolen equipment
- If you are unfortunate and suffer a loss due to a burglary or theft your premises will be considerably more vulnerable. The offenders will now know the layout of your premises and that you will have to replace the stolen equipment. Quite often replacement equipment is the upgraded version which is an added attraction to the criminal. Therefore, after any crime, consider improving security (make the changes obvious and advertise them to increase the deterrent), also ensure any new equipment has the security features enabled, and mark/register by following our advice on property marking.
Remember – a good advert to thieves is the inappropriate disposal of labelled packaging that new equipment arrived in.
Where can YOU get more help and advice?
The National Mobile Phone and Property Register (NMPR) provides further information and allows you to set up an account which is password protected individually to you and enables you to record images, serial numbers and more about all of your property and equipment. Not only do you manage the account, which means you can flag any items subject to loss /theft, but the industry uses it to check items against before they are purchased e.g. to used mobile phone dealers. The police do have access and in addition to local checks, national checks can be conducted to assist with investigations that extend across individual police force borders.
There is plenty of free advice and guidance available online as well as those services you can purchase. Whatever your choice, it is necessary to confirm that you have confidence in the security of your systems and the equipment that operates it.
One such free service is Knowthenet which is an impartial website that helps individuals, families and businesses get the most out of the internet.
It is funded by Nominet - the not-for-profit organisation responsible for the smooth and secure running of the .uk internet infrastructure – as part of its commitment to making the internet a more trusted space for everyone who uses it.