-
NIS GUIDANCE (Network and Information Systems)
-
NIS and GDPR Interrelationship
As part of my freelance website design and IT services, I adhere to the guideline of NIS and GDRP integration. My purpose is to monitor the security of local and network systems in order to prevent an unauthorized user from accessing the computers/portable devices and avoid spreading the malicious codes. I also regulate the system managements to allow a client to use the comprehensive or limited computer applications depends on the cost of software services.
NIS (Network and Information Systems) concerns the security of network and information systems and any processing of personal data that they are stored onto storage devices including desktop, laptop, smartphone, portable tablets, website server and cloud computing service. This is a part of GDPR (General Data Protection Regulation) and it's also adjunct to NIS. Please visit a self page of GDPR GDRP and Cookie Policy
Resource information:
https://www.legislation.gov.uk/uksi/2018/506/contents
https://ico.org.uk/for-organisations/the-guide-to-nis/
External Digital Service Provider
With NIS regulation, it must be classed as an RDSP (relevant digital service providers) if someone has a head office in the UK or nominated a representative in the UK. Accordingly, I am a self-employed and do not offer any external softwares such as online marketing or cloud computing. Any of them may be used in the subsequent future.
Manual PC Security Management
I use a combination of website and graphic design softwares on Apple Macintosh, Microsoft Window and Linux (Fedora - based on Red Hat). A premium antivirus up-to-date software is installed onto Mircosoft Window to detect any unknown network connection that it will be blocked to avoid spreading multiple viruses. This ensure that all kind of client's files doesn't contain any malicious codes before they can be used. Linux has a strong security of authentication system called SELinux (Security-Enhanced Linux), it won't get much virus and will be still monitored with an open source antivirus such as ClamAV, it's same apply to Apple Macintosh.
Entry level of System Access Control
I will inform a client for permission to access the sharing files such as website server, storage server (e.g dropbox, google drive). I also contact a technical team on behalf of a client to resolve any issues and manage a domain name (personal website address), control panel (Cpanel or Plesk) and website server configuration.
Recovery Data
The digital files including ongoing design works and client's project will be backed up securely from either server or PC to physical storage disk that it can be restored later.
Useful Security Advisements
You can minimise the risk of becoming a victim when an attacker succeed in accessing the accounts such emails, banking online and personal documents.
Anti-virus Software - It is essential to have a premium antivirus software with up-to-date virus databases and the recommended firewall setting will be configured automatically. A firewall configuration can be modified later but it could harm a computer, it is required to follow an instruction of manufacturer's software. The desktop and portable devices will be monitored and detected entirely to ensure that the system files and personal work documents has no malicious codes.
Prominent Web browsers - Firefox, Chrome, Safari and Edge are the main popular web browsers. If a browser reads both sessions and cookies data without enabled HTTPS when you browse shopping onlines and banking onlines, it will be vulnerable and an attacker can manage to collect the sensitive informations. Be sure you update the latest version to fix the security patches and check HTTPS is enabled (locked icon).
Up-to-date Operating Systems - Microsoft Window and Apple Macintosh with the latest system files must be updated regularly in order to stable the computer programs and crucially rectifying the security flaws.
Two-factor authentication - It generates an additional security for both phone and computer devices during the processing of login account temporarily, it decreases the risk of computer hacking. It is recommended to enable two-factor authentication through an administration accounts setting (ie Amazon, Mircosoft 365, Banking online), look for the phone number and email options. There are another type of authentication factors such as biometric, fingerprint, facial scan, etc. This is known as MFA (Multi-Factor Authentication).
Email Inboxes - Many people became victims and their login accounts has been stolen such as banking onlines and other shopping websites. This is known as MITM (Man in the the middle) attack. If you see any phishing website links or spoofing email addresses, do not open them.
WiFi Connection - Private network (home) is more secure than public network. Be sure that a network connection is secured and choose WPA2 or WPA3 encryption option during create a new or reset password.
Own Personal Website - If you have the capability to manage the website with administration panel (Wordpress, CPanel, Plesk,etc), it is best practice to change the password with strong mixed values if you recieve a notification of alert reports that it might be suspicious. TIP: You can increase further security by installing a SSL certificate.
If you need to know particular informations and have any questions, please feel free to contact me.