Computer Data Recovery & Security Tips

Live house 通常都會供樂隊或獨立音樂人去表演的，每次表演，也可能會被錄影，錄影後的片段放在呢？這個就是 live house 需要保護的資料了。談到資料保護，比較舊的方法就會會用上磁帶，每日，每週做 backup。不過隨著科技發展，現在也不一定用磁帶，反而會將一些資料轉移至雲端，利用例如，SFTP 這樣的命令做 backup rotation。

不過這樣備份計劃是否最好呢？做備份最怕就是所謂 single point failure，做遠程備份，不單只得一點，而是多點”failure“。最可能出現的錯誤，就是互聯網突然斷線，此外還有遠程機器『死機』，或硬碟問題不能做備份。不過就算做本機備份，也有『死機』，硬碟的問題，所以筆者認為除本機備份外，也要做遠程備份，這樣就萬無一失了！

Live house is basically a venue rental service. For managers, its information is the list of customers and attendees (viewers). These data can basically be recorded with an RDBMS or Excel. But with more and more data, backup is necessary, so how to back up?

If it is an Excel file, it is easiest to do it with a USB flash drive, but if it belongs to the website data, it can be backed up into a server file and then backed up by tape. Of course, if there is more data, you may need to use progressive backup to back up the updated data part. This method has the advantage of saving some backup resources.

Security issues

Network security is an indispensable subject for the development of the Internet. With the development of cloud computing, data and data security is necessary, so companies should use a more secure database connection method, that is, the database allows only certain IPs to enter, and you must be careful Handle vulnerabilities in phpMyadmin and database user settings. I have tried to break into the server illegally because the database has too many test accounts and does not properly manage user permissions, so I advise you to really be careful.

現在很多公司都有自己的考勤系統，有的用指模、有的用傳統打卡機、也有的使用最新的面部識別系統。不過無論用那款考勤系統，尤其後者，系統的數據存放與保安是一個很大的問題。就著這個課題，筆者嘗試在三方面探討如何處理。

網路保安

要成功紀錄員工的出勤紀錄，系統必須有個相應的軟件紀錄，而該軟件紀錄了員工的個人資料包括姓名、近照、員工卡號碼、生物紀錄等。而這些資料會紀錄在自家或雲端的服務器裏。服務器必須與門禁感應器連線，並通過互聯網給予限制人士使用。

一講使用互聯網便會有網路保安問題。外在的網路保安可透過連接服務器的路由器作 IP 地址及網路端口過濾嚴格控制入站的流量。

系統保安

有網路保安亦有系統保安，在系統保安上必須安裝防毒軟件確保系統不受病毒影響，而且要定期更新系統軟件補丁，確保系統的安全。除此之外，系統也必須限制職員登入，只准許授權職員登入，確保系統安全。

數據保安

要確保數據安全除了限制職員使用該系統外，還需要定期作備份，備份可以將資料以加密形式儲存到別的電腦或硬體內，確保就算該系統遭人為或天災破壞，也會有備份。至於為何以加密方式，就是防止第三方盜取，加密了的資料是需要私匙才能解密的。

遵守了以上原則，整個考勤系統就會非常安全了！

GDPR is an acronym for General data protection regulation, which any organization operates in any European countries or target customers in the area, must comply with this new data security rules or you may be fined up to €20 million or 4% of your turnover (whichever is greater).

The Use of CCTV & GDPR

CCTV is used very commonly among all businesses, but under the GDPR, business owners need to have a ‘strong’ and ‘fair’ reasons explaining why they need to use CCTV in the areas. One particular example will be to protect employees health and safety. When CCTVs are installed, the business owners, must have signs and contact information which warns the people around CCTVs are in placed or they contact you if they have any enquiries.

Most CCTVs footages can be kept in 30 days, but if business owners want to keep in longer period, they must have a risk assessment and explain why.

The CCTVs footages must be encrypted and the business owners must have a contract in place with their
data processors and explain what they can do and can’t do.