Protecting the data

How do you protect your own data? What more could you do to secure your own data?

All data or information that your organisation keeps, or handles, needs to be properly protected. This kind of data ranges from financial information and payment details to staff contact information, and this personal data usage is protected by law. But data protection is not just a legal requirement, it is also essential to safe-guarding and sustaining your business.

Key data to protect

Key pieces of information that are commonly stored by businesses include personally identifiable information (PII) like employee records, customer details, loyalty schemes, transactions, or data collection – and they need to be protected from hackers and other malicious third parties.

Typical data that your business might store include financial (personal financial information (PFI), intellectual property, as well as names, addresses, and health information (protected health information (PHI).

This data contains sensitive information that could relate to your shareholders, business partners and clients, and current staff and their families, etc.

The potential for data breach or misuse is clearly extremely high on an unsecured network, so, as you have seen, various steps are taken to defend against data fraud. Another tool you are now going to look at in relation to data protection is cryptography. Later in the course you will be learning about cryptography in more depth, but now you are going to consider it in the context of data protection.

Along with Firewalls, DMZ, gateways, etc, cryptography also plays a role in securing and protecting communications traffic. Simply, cryptography is defined as a way of storing and sending data in a special form so that only the sender and the intended receiver can access it. This can be particularly useful in the context of network security.

There are four main purposes of cryptography in relation to network security:

• An attacker with a network sniffer or listening equipment cannot see the traffic if it is encrypted – this helps to maintain confidentiality. Cryptography can be used to prevent usernames and passwords being transmitted in clear text over the network.
• It can detect whether data has been deleted, modified, or additional data has been inserted. However, it cannot prevent data being modified or deleted, it only provides notification that it has happened.
• It can support user authentication and device authentication. User authentication occurs when the system verifies a claimed identity, for example, if a user logs in with the username of johnsmith and a password of 12345678, the system verifies that they are the person they claim to be.
• Providing non-repudiation through digital signatures. Non-repudiation is mostly used to ensure a sender cannot later deny they sent a message.

As you can see, cryptography can play a crucial role in guarding against data compromise and identification fraud as well helping to maintain device security. It is another valuable weapon in your arsenal against cyber attacks.

What's next?

So, did this step give you any new ideas about how you might protect your data? Did you know how much cryptography is already used in protecting your data? Later in the course you will be learning more about cryptography and its use in authentication, SSL and Disk encryption.

You’re now going to continue our comprehensive overview of network protection by learning about virtual private networks or VPNs. These can offer a further layer of security when working on public or less secure networks.