Understanding your data.
To be able to protect any form of data, you need to understand what data you have collected, identify the most sensitive part of that data, employ two-factor authentication and encryption and as a business encourage personal data protection for employees and customers as you educate them on the steps the business have taken to protect the data.
What is data integrity?
Data integrity is the process of ensuring and preserving the validity and accuracy of data throughout its lifecycle. It is the trustworthiness of data.
Data integrity threat
A data integrity breach is where unauthorized or accidental alteration of data happens. An Example is when a file is accessed and altered to reflect information other than what was intended.
Common threats that can alter the state of data integrity include:
- Malicious or unintentional human error
- Transfer errors. This include unintended alterations during transfer from one device to another.
- Misconfigurations and security errors
- Malware, insider threats and cyberattacks
- Compromised hardware.
How to preserve data integrity?
- Check errors to identify any error in data transmission.
- Input validation to verify and validate that the data supplied by a known or unknown source is accurate.
- Validate data to identify specifications and key attributes that are important to your organization before you validate the data.
- Remove duplicate Data. Always clean up and remove duplicates to prevent sensitive data from being compromised by unauthorized people. Some tools that can help in cleaning up the duplicate files are:
- Back-up your data to prevent permanent data loss.
- Use access controls to limit the number of people authorized to access data at any given time.Anaccess Control is a mechanism of controlling who has the proper access to any system or computer or server or online services where the information is stored.
- Keep an Audit trial to be able to determine the main source of the problem.
A data breach exposes confidential and sensitive information to an unauthorized person. It happens after a successful infiltration of a data source to extract sensitive information by unauthorized person.
In a data breach attack.
The cybercriminal looks for possible security weaknesses in the system or networks of their target individuals.
In a Network attack they use an infrastructure or system weakness to infiltrate the targets network to acquire confidential information.
In a Social attack they trick employees to give access to the company’s network by using their login credentials or clicking in malicious attachments.
What to do when a data breach occurs
Maintain your organizations reputation and help in complying with the cybersecurity regulations by reporting any form of data breach.
When a data breach occurs,
- If you think that your data has been misused and breached, you should contact the organization responsible and inform them.
- The data protection act requires the organization controlling the data to report the data breach within 72 hours of becoming aware of the breach.
- If the data breach poses a high risk to the individuals affected the organizations should inform the individuals to allow them take proactive measures against the potential consequences of the data breach.
- Comply with the data protection regulations.
- Investigate to know how the breach occurred and the information exposed to be able to fix all weak points that may have contributed to the breach.
- Always establish the facts of what happened, what personal data was involved, the number of people likely to be affected and the impact on the number affected.
- Take preventive measures by implementing latest cybersecurity techniques and tools to ensure the data you control is secure.
- You need to keep records of breaches and take action to reduce the risk of them happening again.
A good backup plan helps to keep data safe, secured and ready to use. The idea of Back up is to make a copy for safeguarding your data. Once you have decided the data backup plan that suites your needs best, it important to carefully considered where to store it.
MAJOR TYPES OF BACK UP
FULL BACKUP A Full Backup is the process of copying everything that is considered important. INCREMENTAL BACKUP Incremental backup involves making copies of files by taking into account the changes made since the previous backup. DIFFERENTIAL BACKUP In differential backup all files created since the original full backup will always be copied again. MIRROR BACKUP Mirror Backup produces an exact copy of the original data.
GOOD PRACTICES IN BACKING UP DATA
- Save and store the backup copy in a different location from where the original files are kept.
- Test the Backup to verify that the data you save as a backup is accessible when you need it.
- Label the backup files to keep a good record and ease in recovering lost and corrupted data.
- Schedule Frequent Backups.
- Encrypt backups to add an extra layer of security to your backup files.
Understanding the CIA triad
It is good to understand what the CIA triad is and how it is used.
CIA stands for confidentiality, Integrity and Availability.
- Control mechanisms and policies to maintain confidentiality, integrity and availability when data is collected, transmitted, processed and stored is important.
Confidentiality ensures that data exchanged is not accessible to unauthorized users.
Integrity is an essential component designed to protect data from deletion or modification by unauthorized party. It is the assurance that information is trustworthy and accurate.
Availability means information is consistent and readily accessible for use by authorized parties.
DATA CLEANSING FOR QUALITY DATA
A review of all data within a database to either remove, update information that is incomplete, incorrect, improperly formatted, duplicated or irrelevant. Businesses must ensure that personal information like business info, employee info, customer and client info is kept safe and organized.
Benefits of cleansing data
- It removes major errors like spelling mistakes, inconsistent data formats and outdated data.
- It allows you to map different data functions and understand what your data is intended to do.
- It Improves the performance of your business and enable you make effective business intelligent solutions.
- Helps in creating a positive customer experience and improve marketing campaigns to target audience and potential customers.
- When you have data cleaning it saves a great deal of time and allow your business maximize the capacity of your workforce.
Get a copy of the data protection act in Kenya
In a collaborative webinar hosted by Kenya Cyber Security & Forensics Association (KCSFA) & Kenya Magistrates & Judges Association (KMJA) on the 28th of May 2020 the legal & technical aspects of Email Security was ably addressed by Hon Justice Fred Ochieng & Mr Silvanus Sewe. The session was moderated by KMJA President Hon Justice Jacqueline Kamau & KCSFA Chairperson Mr Keniz Agira. You can view the recorded session here.
What legal statutes guide the presentation of emails as digital evidence?
Emails fall under the larger group of documentary evidence referred to as Digital evidence. The various principles that determine the admissibility of this type of evidence are laid out in various sections & sub-sections of the Evidence Act, namely S78A & S106B of the act.
Section 78A goes on to set out that Electronic Evidence shall be admissible before a court of law & it need not be in it’s original form. In addition to this, it sets out that in addition to being admissible, the weight attached to that evidence shall be dependent upon certain factors i.e.
(a) the reliability of the manner in which the electronic and digital evidence was generated, stored or communicated; (b) the reliability of the manner in which the integrity of the electronic and digital evidence was maintained; (c) the manner in which the originator of the electronic and digital evidence was identified; and (d) any other relevant factor.
Further, it states that this electronic evidence is admissible during any civil, criminal, administrative or disciplinary proceedings.
Section 106B then proceeds to state the conditions for admissibility of electronic evidence i.e.
1. Doesn’t have to be in its original form.
2. The electronic evidence was produced by the computer which during the period of the alleged incident was known to store that particular kind of evidence by someone who had lawful control over that particular device(computer)
3. That the computer during that period of interest was working properly & if not working properly, that it’s ‘deficiency’ did not affect the particular electronic evidence of interest
In addition to this S106B(4) prescribes that a certificate shall be provided which contains:
(a) identifying the electronic record containing the statement and describing the manner in which it was produced; (b) giving such particulars of any device involved in the production of that electronic record as may be appropriate for the purpose of showing that the electronic record was produced by a computer; (c) dealing with any matters to which conditions mentioned in subsection (2) relate; and (d) purporting to be signed by a person occupying a responsible position in relation to the operation of the relevant device or the management of the relevant activities (whichever is appropriate)
These can be classified into two: Internal emails & Internet emails. Internal emails are organization-specific i.e. firstname.lastname@example.org while internet emails are available to general pubic use i.e. email@example.com etc.
As far as the presentation of emails as electronic evidence is concerned, they have to adhere to the dictates of the aforementioned sections of the Evidence Act. In particular, the presentation of a certificate which requires the signature of someone who was occupying a responsible position in relation to the operation of the relevant device.
In the case of Internal Emails , the IT officer in that organization responsible for the maintenance of the mail servers or any duty that includes email management should be the person “…occupying a responsible position..”
In the case of Internet emails, this could be the email service provider if the request to obtain email contents went through them. However in some cases, internet email data is stored locally on disk & there is no need to contact the email provider. The individual in this case who handles the extraction of this data & analyzes it will be considered the person “…occupying a responsible position..”
In addition to the signature of the individual “…occupying a responsible position..” , the other aspects of the certificate must be included as well as set out in S160B(4).