Staff are allowed to install and remove software
Allowing staff to install and remove software could lead to staff installing non protected programs carrying viruses and uninstalling actual important programs that the company paid for and needs which may lead to data being lost and money being lost. A solution to this problem is to allow limited access to certain programs for the staff and to monitor what is being installed and uninstalled at all times also installing and anti virus software to protect the system from threats.
Data is backed up once a month
If data is being backed up once a month then this is not enough. Data should be backed up at least once a week as the system could crash at ant given time which will lead to data and important information being lost which could consequently lead the company to lose important information and business. 
Data Tapes in a Plastic Box
Having data tapes in a plastic box on top of a server is by no means secure. The sever heats up which could melt the plastic box which could then lead to a fire starting and the data and other equipment being destroyed therefore the business being destroyed as all important data has been lost. And also as the data is not secure it could be stolen and the data on those tapes could be used by someone planning on committing identity theft. The safest way to secure your backed up files is in a fire and waterproof case that has a lock and placed in a different location.Records in a Database on Customers
Allowing all staff to access a database that consists of the customer’s purchases, account numbers, bank details, name and address and purchase history is very risky. Any of these users could steal a customer’s personal information at any time and use that information which is known as identity theft for example they could use their bank details to purchase goods for themselves. To tolerate staff that discusses customer’s information to other staff and over the phone to other suppliers is forbidden. The Data Protection Act 1998 that is in place must be followed here and as it is being breached the company and the users are breaking the law this makes your business look very unprofessional. Let your staff know that discussing customers details is unacceptable as it is breaking the law and will lead to a written warning or being Paid Off. Email is Available to All
Emails being available to all staff can lead to spam and malware as staff may click in to emails, links to websites that ask for personal details and adverts that consist of viruses, worms and Trojans. Worms and viruses carry out nasty actions like shutting down the system, making the system slow and unresponsive. Viruses spread from one program to another and from one computer to another. Trojans steal information and harm computers. The outcome of this is a slow responsive system which means business can not be run to standards. I recommend that you install an anti virus software and give authorisation to a few members of staff to access emails.IP Address Log
Not keeping the IP address log of the sites visited means you can not see what websites your staff are visiting during working hours and as there are no restrictions for internet access the staff could be viewing inappropriate and offensive sites. Sites that carry viruses and worms may be viewed by the staff. Firstly I suggest that you install an anti virus software and secondly I suggest that you set more discipline within the company to monitor the sites that are being visited by your staff.No Firewall
Having no firewall in place means you have no form of protection from worms, viruses, Trojans etc. Without a firewall your network is vulnerable to viruses and hackers. Therefore unauthorised individuals can get in to your personal details, files and documents and steal this information and ruin your business and corrupt your system and with no internet restrictions the network is even more vulnerable to threats from the internet. You should install a powerful and recommended anti virus software to protect your files and the personal details of your customers from hackers and viruses.Downloads are not Monitored
When downloading media files like videos, music, photos, these downloads must be monitored as the files that are being downloaded could be corrupt and contain viruses and also to know when and why they were downloaded. As there is no form of protection on the system then it is more than likely that viruses will get through when downloading which will corrupt the system, slow it down and slow business down. When an anti virus is in place it will scan the download for viruses, worms, Trojan etc before downloading it so it is recommended you install one.Entrance Doors are not Protected by Keypad
You should keep a building secure to prevent unauthorized personnel from entering the building and viewing important files, stealing some ones identity, viewing confidentiality files and stealing information. If this were to happen your business would crash and burn as no one would trust you with their details therefore no new customers and current customers would cancel their account. You can secure a building by having CCTV…giving all employees an ID card that has to be swiped through a keypad to enter the building. Also a security man to stand at the entrance at all times depending on how large and important the information inside the building is.
Egos a catalogue sales company has asked me to evaluate a network for security threats and this is what I have found;
No log on to the network
Unrestricted Internet Access
With no restriction to what is accessed on the internet within the company, could possibly lead to viruses, worms, spam, malware etc and this usually leads to the system being non responsive or failing which means customers may be impatient while making orders and cancel their order which looks unprofessional and the company will lose money. To avoid this it is recommended to put restrictions in place and to install an anti virus software to protect the network from viruses.
