Security, Protection of Data, Information &

PasswordsCOMP2071

Protection Of Data

Company Data:• Data that belongs to the company. Financial

Statements, etc.

Employee Data:• Data that belongs to the employee.

Employee evaluations, personal emails, etc.

Customer Data:• Data that is confidential in nature towards a

customer. SIN number, phone numbers, etc.

Protection Of Data

• As the helpdesk analyst it is your job to assist in the protection of data at all levels

• You may be providing services that help other employees protect data or you may be the intermediary of the data

• No matter which type of data it is you need to understand your role is to not just provide data for no reason and without approval

• Don’t ever give out data or personal details to anyone but the owner

Protection Of Data

• For example, if a manager requests access to an employees data you would need to specify what data (email, documents, etc.), then you would request the written approval of the manager of the requestor

• To truly cover all issues with granting access you may also be asked to get approval from the head of HR as well

• From there you may have to send your ticket to an Nth dept. or you may be able to grant access through the tools in the helpdesk

Protection of Information

• Everything we talked towards rings true for protecting information as well

• The main thing to remember here, don’t give out any information that is not readily accessible to an employee already

• On the other side, don’t give out internal company information to any sales agents, vendors, or telemarketers that may call the helpdesk as well

• If in doubt, transfer the call to your second level or team lead

Passwords

• Passwords are very important to keep confidential• If another employee got your password they could

logon as you and do illegal things such as fraud or even just watch porn which is grounds enough to be fired in some companies

• The users are asked to protect their password and it is their responsibility to do so

• That being said, users often will give their password to helpdesk staff as there is a feeling of “trust” there

• You as the helpdesk analyst will need to know that you should never know or ask a user for their password

Passwords

• If users give their passwords to you or you reset a password without verifying the user, this can mean an audit failure for the whole helpdesk department which means your job will be on the line

• Most enterprise helpdesks will have some sort of mechanism and policy in place to verify a user for a password reset

• This can include secret questions, a users employee number, etc.

• You should never give a password through email• And final note, a new password should always be set to

expire

Encryption

• Most enterprises will have some sort of encryption built into their architecture

• Some types of encryption you may support on the helpdesk is:– Encryption of data on a desktop or laptop especially.

Here the data would decrypt when the user logs in successfully

– USB encryption, where a user’s thumb drive would be encrypted when it plugs into a company device

– Encrypted email transmission– Blackberry or other company held devices

Encryption

• Some key things to remember when supporting encryption are:– Most of the time the files will be flagged by a word or the

colour green– Before you make a copy of a file you must decrypt it first,

this is important if backing up a users data before a reimage– Users may put their own personal devices into the network,

thus encrypting their personal device. There is no reversing it so you would work with the user to get the data off and they could reformat it at home

– Email sent out with encryption is usually easier to get back after it is sent, this can be useful

Lost or Stolen Devices

• You may run into an instance where a user has lost a device or has been stolen

• In these cases, there is usually a process around this which could include some of the following items:– Remotely wiping a device (if possible) using tools on

the helpdesk– Reporting the loss to information security– Ordering new devices

• Users will always call the helpdesk for everything so be prepared to assist on all levels

Hand-held devices

As an extra bit of learning some tools….• You may also need to help people with the

password to their handheld devices, or just access to email on their devices

• The email team has the ability to send out scripts to devices to try and resolve some of these issues but if the user has already begun tinkering with them and set strange passwords on them these scripts often fail

• Another interesting thing IT does is the policies on the devices, we will look at some

Hand-held devices

• A pretty cool tool Blackberry offers is a Blackberry simulator

• For this example you can run the one that’s on Blackboard

• Let’s work through this together…..