Unauthorized access (UAI)
Unauthorized access (UAA) – access to employee data without authorization from management or an intruder. Also, in some cases, an NSD is defined as access to data by a person who has the right to access that data to a certain extent, but has exceeded it.
Causes and Consequences of NSD
. Among the main reasons for gaining unauthorized access to data are:
- incorrect configuration of software: firewalls, access rights, restrictions on bulk requests to the database, etc.
- minimal security of authorization tools (theft of logins and passwords, key cards, direct access to unprotected computer, etc.);
- errors in the operation of security software;
- abuse of authority (stealing data, transferring backups to external devices, etc.);
- interception of information by malicious persons via unsecured data transmission channels;
- application of malicious software, “keyboard viruses”, Trojans, etc.
.
As a result of unauthorized access to data, the company risks a data breach:
- personal data of employees, partners, system users, customers, etc.
- commercial secrets and secret developments of the company;
- personal correspondence between officials;
- publicly important information
- publicly important information.
In any case, the security system of the entire company may be compromised during VAT, which can lead to very dire consequences.
[text_with_btn btn=”Read more” link=”/en-ru/services/info-security/security-audit/” btn_size=”small”]Information security audit[/text_with_btn]Provision of protection against intrusion
Measures, the main task of which is to ensure information security, are conditionally divided into 2 groups of protection:
- Information arrays from access to them by intruders.
- Company employees from psychological influences from the outside.
The first group includes processes of the technical class. Among them the most active are considered:
- protection of equipment from natural disasters (floods, fires), on which confidential data are stored and processed;
- minimizing the risk of remote access to the information of an intruder;
- protection of information from leakage through technical and network channels of data transmission, which includes both wired and wireless systems;
- protection of electronic equipment, which is relevant for mobile operators, military units, etc.;
- installation of special software on working machines that will protect computers from malicious applications, attempts to connect to the database of unauthorized users, etc.
.
In addition to the above, it is important to use simpler, but accessible to all employees of the company means of countering intrusion: complex passwords, data encryption, renaming of working directories, etc.