Introduction
Data stored in computers need to be secured to prevent its leakage to unauthorised people. Firms, both public and private, must develop policies to prevent privacy intrusion as a way of securing their customers and employees’ data. This paper examines the privacy policies that are applied by IT firms to guarantee data privacy for their clientele and workforce.
Privacy Policies in IT Firms
Establishment of Firewalls and Passwords
More IT firms today are using computers to store customers and employees’ details. The storage of data in computers increases the risk of unofficial access by criminals. It is important to note that computers are also prone to attacks by malware if proper policies are not in place. Notwithstanding, the law requires public and private IT organisations to protect their stakeholders’ data at all cost (Bhadauria et al. 2011). To secure the data from unauthorised access, most IT firms maintain full-time employees who ensure that the Local and Wide Area Networks are safe. The IT departments work in line with the security policies served to them by the company. One of the tactics used to protect the network and computers from attacks is by creating a firewall. The firewall bars intruders from accessing data stored in computers. Any attempt by an intruder to use the company’s network is repelled to the extent that only the permissible individuals have the privilege of accessing other persons’ credentials. Besides, computers are protected from unauthorised access using authenticated passwords, which are only known to authorised individuals.
Physical Inventory Protection
In addition to the protection of the firms’ network, the IT firms must maintain the physical security of the computers. Physical security is important since it helps to protect the privacy of the data stored in the computers. Additionally, physical protection ensures that important data regarding the firm remains inaccessible by intruders. To guarantee physical security, most IT organisations store computers containing sensitive information under lock and key where only the authorised staffs have access to them. The authorised staffs must follow the security procedures outlined by the company to combat insecurity of any data stored in the devices. IT firms install CCTV cameras inside the rooms in which the gadgets are stored, as well as their surroundings, to track the entry of unauthorised individuals (Bhasin 2007). A security team is usually in place on a full-time basis to repel any attempt by unauthorised individuals to access the site.
Malware Prevention Mechanisms
Another measure that IT firms employ to enhance cybersecurity is malware prevention, which is achieved by installing antivirus software on its system. In most IT firms, the malware prevention policy entails installing detectors on the entire systems. Such malware detectors often notice any form of cyber threat and warn the IT security team of an imminent danger (Ertaul, Singhal & Saldamli 2010). In some firms such as Google Inc., malware detectors are designed in a way that they warn customers of any possible threats. Such warnings often help users to refrain from navigating through websites that are deemed precarious, thus preventing possible threats to the clients’ security. Data in transit is secured using Transport Layer Security system, which ensures that the information is encrypted during its shipment. Such encryption ensures that unauthorised people cannot understand the messages between Google and its customer.
Conclusion
Conclusively, other than the prevention measures described above, IT companies also have an incident management policy, which specifies the measures to be adopted in case a security issue occurs. Most companies have an incident management team, which is available 24 hours per day (Bhasin 2007). Incidences revolving around customer information are prioritised, followed by those that involve the company’s data. If an emergency incident occurs, the incident management team analyses it and develops immediate mitigation measures. The emergency response team is composed of IT experts and security personnel who receive continuous training to prepare them for emergencies.
Reference List
Bhadauria, R, Chaki, R, Chaki, N & Sanyal, 2011, ‘A survey on security issues in cloud computing’, IEEE Communications Surveys and Tutorials, vol. 7, no. 3, pp. 1-15.
Bhasin, M 2007, ‘Mitigating cyber threats to banking industry’, The Chartered Accountant, vol. 50, no. 10, pp. 1618-1624.
Ertaul, L, Singhal, S & Saldamli, G 2010, ‘Security challenges in cloud computing’, Security and Management, vol. 1, no. 1, pp. 36-42.