5TH SEM SYLLABUS WEEK 1

WEEK 1 [morning session]

KLE’S C.I.Munavalli, CS dept 1

 5TH SEM SYLLABUS WEEK 1

Data and information protection is the most technical and tangible of the three pillars. The data we
gather comes from multiple sources, such as information technology (IT), operational technology
(OT), personal data and operational data. It must be properly managed and protected every step of
the way.
11 Ways to Protect Your Personal Information Online

KLE’S C.I.Munavalli, CS dept 2

 5TH SEM SYLLABUS WEEK 1

1. Create strong passwords.

2. Don't overshare on social media.
3. Use free Wi-Fi with caution.
4. Watch out for links and attachments.
5. Check to see if the site is secure.
6. Consider additional protection.
7. Use passcodes for your devices
8. Create strong and unique passwords for your online accounts
9. Limit social media sharing
10. Be wary of free Wi-Fi
11. Close unused accounts

 Create strong passwords

o When creating a password, think beyond words or numbers that a cybercriminal could
easily figure out, like your birthday. Choose combinations of lower and upper-case
letters, numbers, and symbols and change them periodically. It’s also better to create a
unique password instead of using the same password across multiple sites—a password
manager tool can help you keep track.
 Don't overshare on social media
o We all have that one friend who posts too many intimate details of their life online. Not
only can this be annoying, but it can also put your personal information at risk. Check
your privacy settings so you are aware of who’s seeing your posts, and be cautious when
posting your location, hometown, birthday, or other personal details.
 Use free Wi-Fi with caution
o A little online shopping never hurt anyone…or did it? Most free public Wi-Fi networks
have very few security measures in place, which means others using the same network
could easily access your activity. You should wait until you’re at home or on a secure,
password-protected network before whipping out that credit card.
 Watch out for links and attachments
o Cybercriminals are sneaky, and will often compose their phishing scams to look like
legitimate communications from a bank, utility company, or other corporate entity.
Certain things like spelling errors or a different email address than the typical sender can
be a clue that the email is spam.
 Check to see if the site is secure
o Before entering personal information into a website, take a look at the top of your
browser. If there is a lock symbol and the URL begins with “https,” that means the site is
secure. There are a few other ways to determine if the site is trustworthy, such as a
website privacy policy, contact information, or a “verified secure” seal.
 Consider additional protection
o Install anti-virus software, anti-spyware software, and a firewall. For additional
protection, you may want to consider cyber insurance, which can keep you and your
family safe if you fall victim to a cyberattack. At Chubb, our experts are ready to
evaluate your cyber vulnerabilities, help cover fraudulent charges, and ensure your
family has the resources you need to recover emotionally, too.
s

KLE’S C.I.Munavalli, CS dept 3

 5TH SEM SYLLABUS WEEK 1

 If you were to leave your smartphone in a coffee shop or taxi, would the person who found it be
able to access what’s on it? That’s a scary scenario. Losing your smartphone is one thing, but
giving the finder access to everything from your email and social media accounts to all the
personal information you may have stored on the device could play havoc with your life. Make
sure to use a passcode to help keep your apps, accounts, and personal information protected. Do
the same for your laptops and even desktop computers.
 Create strong and unique passwords for your online accounts
 If you have an online account with a company that suffered a data breach, ideally, that one
account is your only concern. But if you use the same login credentials on other accounts, then
that single breach incident could give hackers access to your other accounts, as well. That’s why
it makes sense to use a unique password for each of your online accounts.
If you’re like me and have way too many sets of online credentials to commit to memory,
consider using a password manager to keep track of those many, unique passwords. There are
several out there with different prices and plans, but it shouldn’t take you too long to figure out
which one works best for you. Just do an Internet search for “password managers” and see what
suits your needs.
 Limit social media sharing
 Sharing too much on social media may put your personal information in the wrong hands. Pay
attention to not only the pictures and posts you share, but also to your privacy settings, as well,
so that you’re limiting the number of people who can see what you’re sharing. The Center for
Identity at the University of Texas offers tips for managing privacy settings on a variety of
social media platforms. If your kids are on social media, you may also want to check their
privacy settings. And when it comes to posting, make sure they understand what’s safe to share
—and what’s not.
 Be wary of free Wi-Fi
 You get what you pay for, right? Free public Wi-Fi is a good example. Sure, it’s convenient, but
in terms of security, most free public Wi-Fi networks don’t offer much. That means, with the
right tools, anyone else on the same Wi-Fi network could be “eavesdropping” on your online
activity. Given that, would you want to log in to your bank account or enter a credit card number
while on public Wi-Fi? The answer is, no!
Even a password-protected Wi-Fi network is only as safe as the people who have the password.
Save transactions for when you’re on a secure network, perhaps at home. If you must log in or
transact online on public Wi-Fi, use a VPN (virtual private network), which encrypts your
activity so that others on the same network can’t easily see what you’re doing.
 Close unused accounts
 Think about all of the online accounts you’ve opened over time. Now, consider which ones are
still open, but that you never use. If there’s a breach involving one of those entities, hackers may
have access to whatever personal information is tied to that account. An old email account, for
instance, could be holding any number of past bank statements and healthcare forms—and those
documents may be filled with personal data that could lead to identity theft. Invest some time in
identifying unused online accounts and, then, shutting them down. The less personal information
you have stored online, the better.
 No one can prevent all identity theft, but by using these tips, you’ll help keep your personal
information a little more “personal” online—and in this digitally connected age, that’s something
to strive for.

ONLINE IDENTITY

KLE’S C.I.Munavalli, CS dept 4

 5TH SEM SYLLABUS WEEK 1

Our online identity is all the information we leave on the Internet. It’s our digital footprint, with
such details as our email address, date of birth, bank details, and even our purchasing habits
on online stores.
Online identity goes beyond what we do online. It also verifies that we are who we say we are.
From traditional passwords to facial recognition and fingerprints, we have many ways
to identify ourselves online.

Online identity in our day-to-day

Laura is a young student who loves sports and socializing. While getting ready in the morning, she
listens to a personalized playlist of her favourite songs on a music streaming app. She grabs food
prepared the night before with a recipe she stumbled across online and rushes out to catch the bus that
her public transport app says will arrive in eight minutes.
After work, she goes to the gym. To enter, she scans a QR code on her mobile and then follows the
exercise plan that her personal trainer sends her every day via email.
One day, she cuts short her workout to meet her friends, Javier and María. They go to a new, nearby
restaurant that they found out about on social media.
After a nice meal, María pays the bill with the virtual bank card she keeps in her e-wallet. Javier and
Laura will send her their share immediately on their mobiles through Bizum, CoDi, Paym or other
means of quick money transfer (available depending on location and bank). They use biometrics to
confirm the payment.
Biometrics are gaining importance as threats of cyber attacks become more common. Cyber criminals
try to clone users’ identities for illicit gain. That’s why public and private organizations are working
tirelessly to protect their systems, customers and employees.
Every day, we’re exposed to threats that can compromise our online identity. To protect ourselves, we
should be mindful of what we share on social media and always keep our devices’ operating systems up
to date. These online safety tips can help protect our online identity:

1. Protect our devices and data: Only browse websites that begin with “https”. If you need to
sign up to anything, use passwords that are hard to crack.
2. Be discrete on and offline: Avoid sharing personal or confidential information, especially on
social media. You can also check your accounts and profiles’ privacy and security settings.
3. Think before clicking or responding: Be wary of surprise emails and messages that ask you
to click a link, download a file, give confidential information or carry out other actions.
4. Keep your passwords safe: Passphrases of three or more words are much more unbreakable.
Never share them.
5. If it looks off, report it: Organizations’ cyber security teams can cut off or stifle an attack if
we let them know of a possible threat early.

1. Install Security Suites

A security suite is a collection of tools that prevent malicious software from compromising your data. It
offers anti-theft features such as anti-spam, website authentication, password storage, and spam
detection to prevent sensitive data exposure and data breach.

Norton Antivirus, McAfee, and AVG Internet Security are just a few well-known examples of security
suites that you can use to protect yourself online.

KLE’S C.I.Munavalli, CS dept 5

 5TH SEM SYLLABUS WEEK 1

2. Check Encryption on Applications Before Use

Confirming that applications are encrypted before making transactions online helps secure your identity.
For a start, you need to look out for the most trusted security lock symbol; the extra "s" after internet
protocol HTTP in the URL or web address bar.

This means that "HTTP" becomes "HTTPS" on a secure credit card website. You'll also see a lock icon
in your browser's address bar or bottom-left corner. These two signals show that the site is encrypted,
and no one can view the information provided to the owner. Encryption protects your identity, phone
number, address, payment card number, etc.

3. Create Strong Passwords

Another way to stay safe online is by creating a strong password. When creating a password, it's
crucial to select a passphrase that hackers can't guess easily.

For example, it's not a good idea to use a word or number that someone else can easily associate with
you, such as your first name, the name of your spouse or child, phone number, or any other characters or
symbols that can be used to identify you.

To protect yourself, choose a password with a mixture of letters, numbers, and symbols, as well as
uppercase and lowercase versions of the same number. You can also leverage password managers for
more security. It'll help you generate and store passwords, providing additional protection against
unauthorized access.

Password managers like NordPass and 1Password are some well-known password managers.

4. Install Web Browser Blacklisting

Have you ever encountered the display message, "this site may harm your computer"? This is a warning
display message that shows that the site you are about to access is blacklisted.

A web browser blacklist is a basic access control mechanism that blocks malicious attempts of hackers
from accessing your email addresses, user logins, and passwords. When you add a website or email
address to a blacklist, it means that they are potentially dangerous and not secure for visiting.

Blacklisting is an efficient method for keeping you safe from visiting websites or links that may cause
significant damage to your files. So, you must blacklist sites that show signs of phishing.

5. Use Private Data Protection

KLE’S C.I.Munavalli, CS dept 6

 5TH SEM SYLLABUS WEEK 1

Private data protection is an additional layer of cybersecurity that keeps sensitive information away from
the public space. The privacy data protection suit keeps your data within your network and prevents
external access.

You'll be notified if unauthorized users try to get into your network. And until you grant them access,
their efforts will be in vain.

6. Enable Only Vital Browser Cookies

Cookies are little text files that enhance your surfing experience by allowing websites to remember your
browsing preferences. Cookies also make it possible for you to visit select websites without having to
sign in each time you visit.

Unfortunately, hackers can use the information obtained by these cookies to wreak havoc on your
company's computer infrastructure. This is because when cookies are enabled on a website, that site will
be able to track your browsing patterns on other websites. So, don't enable cookies on a site until you are
sure it's necessary.

7. Delete Existing Cookies

There are several reasons why you should consider deleting cookies from your browser. They pose a
risk to your network as they could enable cybercriminals to gain access through accessing your browser
sessions.

Cookies can track your data, including search and browsing history, IP addresses, and other online
interactions.

8. Avoid Using Public Wi-Fi

Public Wi-Fi connections are open to just about anyone, and malicious actors can easily infiltrate them.
Hackers understand that many users connect to public Wi-Fi, and they devise means to break into
connected devices.

Make it a rule to steer clear of public internet connections, especially when you can't vouch for their
security. In situations where you have no choice but to utilize free access to the public internet, avoid
inputting anything that could compromise your identity.

You can also choose a secure Virtual Private Network (VPN) for browsing while you're away from
home. The information you send and receive will be encrypted, making it much harder for
cybercriminals to tap into them.

9. Don't Overshare Online

KLE’S C.I.Munavalli, CS dept 7

 5TH SEM SYLLABUS WEEK 1

With the rise of social media apps such as TikTok, Twitter, Instagram, Discord, and Twitch, many users
are caught in the cycle of sharing too much personal information over the web. Most of the time, the
pieces of information users share on these social platforms lead to invasion of privacy and identity theft.

Be mindful of what you share with the online audience. If you don't post your personal details, attackers
won't have much information about you to work with. Data such as your home address, social security
number, credit card details, and bank information should be off limits.

10. Limit Credit Card for Online Shopping

Another way to secure your online identity against cyber threats is to limit your credit card use for
online shopping and general payments on third-party sites. But if you must shop online, be mindful
of online shopping security threats and how to prevent them.

How reputable is the store you are shopping on? Stores with a reputation put extra security measures in
place to secure their customers. When a site asks for your personal or financial information, look for
"HTTPS" in the URL to verify the site's safety and privacy.

Protect Your Online Identity at All Costs

Your identity is a huge part of who you are as a person. Protecting it is the same thing as protecting
yourself. As long as you know the potential indicators of identity theft, you'll have a better chance of
nipping it in its early stages, allowing you to continue enjoying the time you spend online.

So, keep yourself up to date with emerging cyber threats that endanger your identity online and
implement the necessary measures to stay safe.

Where is your data?

Where is security information stored?

Data Storage Security

← All Topics

KLE’S C.I.Munavalli, CS dept 8

 5TH SEM SYLLABUS WEEK 1

Data storage security involves protecting storage resources and the data stored on them
– both on-premises and in external data centers and the cloud – from accidental or
deliberate damage or destruction and from unauthorized users and uses. It’s an area that
is of critical importance to enterprises because the majority of data breaches are
ultimately caused by a failure in data storage security.

Secure Data Storage:

Secure Data Storage

collectively refers to the manual and automated computing processes and technologies
used to ensure stored data security and integrity. This can include physical protection of
the hardware on which the data is stored, as well as security software.

KLE’S C.I.Munavalli, CS dept 9

 5TH SEM SYLLABUS WEEK 1

Secure data storage applies to data at rest stored in computer/server hard disks, portable
devices – like external hard drives or USB drives – as well as online/cloud, network-
based storage area network (SAN) or network attached storage (NAS) systems.

How Secure Data Storage is Achieved:

 Data encryption
 Access control mechanism at each data storage device/software
 Protection against viruses, worms and other data corruption threats
 Physical/manned storage device and infrastructure security
 Enforcement and implementation of layered/tiered storage security architecture
Secure data storage is essential for organizations which deal with sensitive data, both in
order to avoid data theft, as well as to ensure uninterrupted operations.

Data Security vs Data Protection:

Storage security and data security are closely related to data protection. Data security
primarily involves keeping private information out of the hands of anyone not authorized
to see it. It also includes protecting data from other types of attacks, such as ransomware
that prevents access to information or attacks that alter data, making it unreliable.

Data protection is more about making sure data remains available after less nefarious
incidents, like system or component failures or even natural disasters.

But the two overlap in their shared need to ensure the reliability and availability of
information, as well as in the need to recover from any incidents that might threaten an
organization’s data. Storage professionals often find themselves dealing with data security
and data protection issues at the same time, and some of the same best practices can
help address both concerns.

Threats to Data Security:

Before looking at how to implement data storage security, it is important to understand
the types of threats organizations face.

Threat agents can be divided into two categories: external and internal.

External threat agents include:

 Nation states
 Terrorists
 Hackers, cybercriminals, organized crime groups
 Competitors carrying out “industrial espionage”
Internal threat agents include:

KLE’S C.I.Munavalli, CS dept 10

 5TH SEM SYLLABUS WEEK 1

 Malicious insiders
 Poorly trained or careless staff
 Disgruntled employees
Other threats include:

 Fire, flooding and other natural disasters

 Power outages

Storage Vulnerabilities:
Another huge driver of interest in data storage security is the vulnerabilities inherent in
storage systems. They include the following:

 Lack of encryption — While some high-end NAS and SAN devices include automatic
encryption, plenty of products on the market do not include these capabilities. That
means organizations need to install separate software or an encryption appliance in
order to make sure that their data is encrypted.
 Cloud storage — A growing number of enterprises are choosing to store some or all
of their data in the cloud. Although some argue that cloud storage is more secure
than on-premises storage, the cloud adds complexity to storage environments and
often requires storage personnel to learn new tools and implement new procedures
in order to ensure that data is adequately secured.
 Incomplete data destruction — When data is deleted from a hard drive or other
storage media, it may leave behind traces that could allow unauthorized individuals to
recover that information. It’s up to storage administrators and managers to ensure
that any data erased from storage is overwritten so that it cannot be recovered.
 Lack of physical security — Some organizations don’t pay enough attention to
the physical security of their storage devices. In some cases they fail to consider that
an insider, like an employee or a member of a cleaning crew, might be able to access
physical storage devices and extract data, bypassing all the carefully planned
network-based security measures.

Data Storage Security Principles:

At the highest level, data storage security seeks to ensure “CIA” – confidentiality, integrity,
and availability.

 Confidentiality: Keeping data confidential by ensuring that it cannot be accessed

either over a network or locally by unauthorized people is a key storage security
principle for preventing data breaches.
 Integrity: Data integrity in the context of data storage security means ensuring that
the data cannot be tampered with or changed.
 Availability: In the context of data storage security, availability means minimizing the
risk that storage resources are destroyed or made inaccessible either deliberately –
say during a DDoS attack – or accidentally, due to a natural disaster, power failure, or
mechanical breakdown.

KLE’S C.I.Munavalli, CS dept 11

 5TH SEM SYLLABUS WEEK 1

Data Security Best Practices:

In order to respond to these technology trends and deal with the inherent security
vulnerabilities in their storage systems, experts recommend that organizations implement
the following data security best practices:

1. Data storage security policies — Enterprises should have written policies specifying
the appropriate levels of security for the different types of data that it has. Obviously,
public data needs far less security than restricted or confidential data, and the
organization needs to have security models, procedures and tools in place to apply
appropriate protections. The policies should also include details on the security
measures that should be deployed on the storage devices used by the organization.
2. Access control — Role-based access control is a must-have for a secure data storage
system, and in some cases, multi-factor authentication may be appropriate.
Administrators should also be sure to change any default passwords on their storage
devices and to enforce the use of strong passwords by users.
3. Encryption — Data should be encrypted both while in transit and at rest in the
storage systems. Storage administrators also need to have a secure key management
systems for tracking their encryption keys.
4. Data loss prevention — Many experts say that encryption alone is not enough to
provide full data security. They recommend that organizations also deploy data loss
prevention (DLP) solutions that can help find and stop any attacks in progress.
5. Strong network security — Storage systems don’t exist in a vacuum; they should be
surrounded by strong network security systems, such as firewalls, anti-malware
protection, security gateways, intrusion detection systems and possibly advanced
analytics and machine learning based security solutions. These measures should
prevent most cyberattackers from ever gaining access to the storage devices.

KLE’S C.I.Munavalli, CS dept 12

 5TH SEM SYLLABUS WEEK 1

6. Strong endpoint security — Similarly, organizations also need to make sure that
they have appropriate security measures in place on the PCs, smartphones and other
devices that will be accessing the stored data. These endpoints, particularly mobile
devices, can otherwise be a weak point in an organization’s cyberdefenses.
7. Redundancy — Redundant storage, including RAID technology, not only helps to
improve availability and performance, in some cases, it can also help organizations
mitigate security incidents.
8. Backup and recovery — Some successful malware or ransomware attacks
compromise corporate networks so completely that the only way to recover is to
restore from backups. Storage managers need to make sure that their backup
systems and processes are adequate for these type of events, as well as for disaster
recovery purposes. In addition, they need to make sure that backup systems have the
same level of data security in place as primary systems.

Secure Data Storage:

Secure data storage applies to data at rest stored in computer/server hard disks, portable
devices – like external hard drives or USB drives – as well as online/cloud, network-based
storage area network (SAN) or network attached storage (NAS) systems.

data used in cyber security?

Big data gathered from networks, computers, sensors, and cloud systems, enables system
admins and analysts to get to know the details of vulnerabilities and cyber threats
accurately. They can then plan a better framework for developing security solutions to cope
with the threats.

3 types of data that we have to secure in cyber security?

Data and information protection is the most technical and tangible of the three pillars. The data
we gather comes from multiple sources, such as information technology (IT), operational
technology (OT), personal data and operational data. It must be properly managed and
protected every step of the way.

types of data in cyber security?

Classify
 Customer data.
 Personal data.
 Protected health information.
 Credit card data.
 Competitive data/trade secrets.
 Publicly available data.

Every time we interact on the Internet we are generating loads of data: when you purchase,
take photos or videos and upload them to Dropbox or similar servers. When posting things
on Facebook, Instagram or Twitter or when using the Cloud (OneDrive, Google Drive, etc.).

KLE’S C.I.Munavalli, CS dept 13

 5TH SEM SYLLABUS WEEK 1

When you use your email accounts and obviously when you move around with your
smartphone location tracking your movements or measuring your activity in a Fit app.

Many of the above are personal data:

 Protected: ideology, religion, biometric data

 Identification: name, address, identity document, phone number
 Personal: marital status, age, gender
 Social: family situation, assets, hobbies
 Economic-financial: card numbers, accounts
Do we know where all this data is stored? Is it regulated in any way? Is your data safe?

Where is our data physically stored

An initial distinction can be drawn depending where the data is physically stored. If it is stored
in the organisation’s own systems it is known as On-Premises data. On the other hand, if it is
stored with a service provider it will be located on the Cloud.

On-Premise

This is data stored by the organisations responsible for managing the data in physical systems
located on their Data Centers. This requires the organisation to have in-house servers,
software licences, qualified IT personnel and system maintenance and updates.

This option is ideal for storing sensitive user data or where required by the regulations.

KLE’S C.I.Munavalli, CS dept 14

 5TH SEM SYLLABUS WEEK 1

Cloud

Gartner predicts that by the 2025, 80% of enterprises will shut down their traditional Data
Centers and also that Data Center is almost dead. Furthermore, according to the latest report
by Canalys, in 2018 spending in the worldwide cloud infrastructure market grew by
46.5%. This means that more and more businesses are considering the option of moving their
systems, and therefore their data, to the cloud.
Cloud service providers usually offer:

 Storage of data in Data Centers

 Hardware and software maintenance and uploads.
 Guaranteed high availability rates of up to 99.99%
 Scalability to assume any peaks in demand
 Replication of data in different regions to avoid any loss in the event of a disaster.
The regions are series of data centers connected via a dedicated low-latency network
(optimized to process high volumes of data with minimal delay). At the same time,
these regions have different availability zones (normally three for each region),
physically separated locations consisting of one or various data centers connected with
high bandwidth low-latency networks.
Microsoft Azure has 54 regions, Amazon 22 and Google 19. Amazon recently announced that
it will be opening a new region in Aragon, Spain, in late 2022 or early 2023.
What law regulates our data and the right we have over them
GDPR for Europe

There are countries where data is regulated by laws governing their protection and use. In
the Euro zone we have the General Data Protection Regulation (GDPR), which regulates
the processing of personal data by individuals, businesses and organisations in the
European Union (EU).
? A couple of month ago also came into force and applies accross the EU the law PSD2: what
is it and how it affect you?

KLE’S C.I.Munavalli, CS dept 15

 5TH SEM SYLLABUS WEEK 1

There are no borders on the Internet… be aware where

you give your data

It is very important to consider where our data goes when we upload it to the Internet. A
recent example is the viral sensation FaceApp, which after uploading a photo of your face
simulates what you will look like when you get older. Many people did installed it and
celebrities even appeared on TV using the app.
But when you stop and read the fine print, you realise that you are granting your personal
data, in this case a photo of yourself, to the Russian company Wireless Lab. The terms and
conditions specify that they are not governed by the GDPR and accordingly we have no
idea what they are doing with our data or who is receiving it. Nor does it indicate how to
delete the data, as is the case with other apps like Facebook.
This data is very useful for training of facial recognition algorithms based on massive
databases of anonymous faces, a necessary step for Artificial Intelligence (AI) to be able to
read faces.

Accordingly, the only sure-fire way to know that the law protects your data is to read
the terms and conditions you agree to when entering your personal data.

Smart devices in cyber security?

Smart devices – like voice assistants, smart fridges, smart plugs, thermostats and even
smart Bluetooth. speakers – are changing the way we use everyday appliances and devices
by, well, making them smarter. Thanks to these smart devices, boring and time-consuming
tasks are now significantly easier to accomplish

Their methodology, outlined on their site, focuses on scoring smart-home

devices based on the security maturity of four main components:
KLE’S C.I.Munavalli, CS dept 16
 5TH SEM SYLLABUS WEEK 1

1. The device – the hardware purchased (Alexa, SmartThings, Sonos,

etc.).
2. The mobile application – the companion mobile application that
interacts with the device (Android or iOS application.)
3. Cloud endpoints – Internet services that the device or the mobile
app communicates with.
4. Network communication – Network traffic between each
component (local and Internet traffic).
Each of these components has properties that are used as features to compute
a score.

While the Your Things Scorecard is not exhaustive, it launches an approach that
gives consumers more quantified insight into the data security requirements
they should look for when making their world smarter, allowing them to better
asses the risks associated with their IoT devices.

Why is Cyber Security a Smart Home Issue?

Smart Home and IoT devices are increasingly being targeted by hackers as the weak point of
any home or enterprise security network. Imagine what would happen if someone hacks a
single device and obtains all your Wi-Fi credentials. Perhaps worse, what if a cybercriminal
gains access to your smart thermostat and learns when you’ll be away? They may use that
information to determine the best time to burgle your home. If someone compromises your
connected home, your data could easily be leaked.
Top Five Smart Devices That Made an Impact on Cyber Security in 2019

1. Smart TVs: With a click of a button or by the sound of our voice, our favourite shows will play,
pause, rewind ten seconds, and more – all thanks to smart TVs and streaming devices.
Although a great way to enjoy entertainment, it’s also a breeding ground for cyber-attacks; but
how do they do it? By infecting a computer or mobile device with malware, a cybercriminal could
gain control of your smart TV if your devices are using the same Wi-Fi.
2. Voice Controlled Assistants: Voice-controlled assistants and smart speakers are always
listening and, if hacked, could gain a wealth of information about you. Often used as a central
command hub, connecting other devices to them (ie. smart speakers, smart lights, security
cameras, refrigerator or smart locks). Some people even opt to connect accounts such as food
delivery, driver services, and shopping lists that use credit cards. If hacked, someone could gain
access to your financial information or even access to your home.
3. Connected Cars: Today, cars are essentially computers on wheels. Between backup cameras,
video screens, GPS systems, and Wi-Fi networks, they have more electronics stacked in them
than ever. Despite the advancements in technology, these remain access points for an attacker.
In fact, an attacker can take control of your car a couple of ways; either by physically implanting
a tiny device that grants access to your car through phone or by leveraging a black box tool and
your car’s diagnostic port completely remotely. Hacks can range anywhere from cranking the
radio up, to cutting the transmission or disabling the breaks.
4. Connected Baby Monitors: When you have a child, security and safety fuels most of your
thoughts. While smart baby monitors are helpful, they are also an easy target for cybercriminals.
5. Cell Phones: In any given day, we access financial accounts, check work emails and
communicate with family and friends. That’s why it’s shocking to know how surprisingly easy it
is for cybercriminals to access personal data on your cell phone. Phones can be compromised

KLE’S C.I.Munavalli, CS dept 17

 5TH SEM SYLLABUS WEEK 1

in a variety of ways, here are a few: accessing your personal information by way of public Wi-Fi
(say, while you’re at a coffee shop using free Wi-Fi), implanting a bug, leveraging a flaw in the
operating system, or by infecting your device with malware by way of a bad link while surfing the
web or browsing email.

Stay Smart Home/IoT Safe in 2020

Here are ten things you can do to stay smart home/IoT safe in 2020:

1. Change the default username and password. Always remember to change your passwords
regularly.
2. Stick with protected devices only.
3. Set up a guest Wi-Fi network.
4. Set up two-factor authentication.
5. Stay on-top of software updates.
6. Never manage your smart devices from public Wi-Fi networks.
7. Disable unnecessary features.
8. Use biometric authentication.
9. Secure your network fully and make sure you have a firewall.
10. Rename and reboot your router regularly.

Security for smart home devices is as critical as security on laptops and smartphones – and
because many are less user-friendly when it comes to customizing settings, it can take far
more effort to get right. While there’s absolutely no doubt that smart home/IoT devices make
life easier, our everyday items are extremely hackable.

Common threats against your smart devices

Threats to smart devices are real. Here are the most common ones you
need to know about.

KLE’S C.I.Munavalli, CS dept 18

 5TH SEM SYLLABUS WEEK 1

Hackers

Smart devices are particularly susceptible to hacking and device

hijacking.
Many smart home devices, like thermostats, lights and locks, are of
high interest to intruders looking to spy on you or enter your home
when you aren’t around.
That’s because they can tell someone a lot about your schedule, and if
infiltrated, can put you at the complete mercy of a hacker.
For example, your smart thermostat may be set to run higher at
certain points in the day but be set to turn off when you’re on vacation.
Your smart lights might be set to turn on just before you get home at
the same time every day.
A hacker who gains access to your smart device may also be able to
steal your personal information, including your location, images from
your camera, or audio from your microphones.

Lack of security

Smart devices are designed to be easily accessible – for instance, you

don’t need a password to interact with your voice-activated smart
speaker each time you use it or to record messages on your smart
fridge while you’re cooking.
But while these features are convenient, they may also be risky. Fewer
security measures on these devices can create new opportunities for
hackers to compromise them.
So, you can counter that threat by using all available security features
on your smart devices.
Equip your device with a passphrase or complex password whenever
possible. You should also use multi-factor authentication (like a pattern
combined with facial recognition or a thumb print) when it’s available
as well.

How to protect your smart devices

KLE’S C.I.Munavalli, CS dept 19

 5TH SEM SYLLABUS WEEK 1

Use a separate network for your smart devices

Your home network – also known as your modem and router – is

responsible for connecting all of the Wi-Fi enabled devices you own to
the internet, and to each other. Your Wi-Fi doesn’t know the difference
between the laptop, or printer, or fridge, or doorbell connected to it. It
just knows it has several mini-computer systems on it, as that’s
essentially what each smart device is. Each one is another port of entry
on to your Wi-Fi.
This creates a cyber security risk for you, since hacking into your Wi-
Fi can also give cyber criminals access to other devices – especially
since your smart devices may not be as secure as other types of
devices. Hacking into your smart device may give hackers access to all
of the devices on your Wi-Fi network
To protect your network and your devices, it’s best to create a
secondary network for all of your smart gadgets. This makes it more
difficult for hackers for gain access to your devices. If one or your
devices does get hacked, your primary network and all of your other
gadgets on it will likely be unaffected.

Update your devices’ operating system

Updating your devices’ operating systems may seem inconvenient, but

it’s an important part of keeping your devices safe.
Software updates include crucial security patches, bug fixes, and,
occasionally, new features for your device that help enhance their
security and run more smoothly.
Update your software when you are prompted to. If you don’t have
time, remind yourself to run the update at the end of your workday or
when you’re done using your device. You can also change your settings
to run updates overnight, so your day won’t be disrupted.

Disable features when not in use

Some of the features that make your smart devices convenient – like
geolocation, microphones, and cameras – may seem innocent enough
when in use.
KLE’S C.I.Munavalli, CS dept 20
 5TH SEM SYLLABUS WEEK 1

Unfortunately, these features also make it easy for hackers to analyze

your patterns and steal information from you.
Protect yourself and your devices by disabling these features when you
aren’t using them. This can stop hackers from device eavesdropping
(infiltrating your device and listening or watching you without your
knowledge or consent) and help keep you protected.

Conclusion
Smart devices are like having a cool new best friend. They know a
bunch of new tricks and tips that you didn’t even know existed until
you met them, introducing you to a whole new way of doing things.
But smart devices, exciting and innovative as they are, have the
potential to pose new dangers and risks to your personal data. By
educating yourself on how to keep them safe from cyber attacks, you
can spend more time discovering new adventures together and less
time worrying about online threats.

What do attackers want ?

Hackers are those who use a computer system to obtain unauthorized access to another
system for data or those who make another system unavailable. These hackers use their
skills for a particular goal, such as gaining fame by bringing down a computer system,
stealing money, or making a network unavailable.

Some hackers focus only on gaining notoriety or defeating computer systems, and some
could even have criminal intentions. The knowledge gained by these hackers and the self-
esteem boost that originates from successful hacking could become an addiction and a way
of life. Some hackers just aim at making your life miserable, whereas others just want to be
seen or heard. Some common reasons for hacking include basic bragging rights, curiosity,
revenge, boredom, challenge, theft for financial gain, sabotage, vandalism, corporate
espionage, blackmail, and extortion. Hackers are known to regularly cite these reasons to
explain their behavior.

KLE’S C.I.Munavalli, CS dept 21

 5TH SEM SYLLABUS WEEK 1

Very often, hackers steal data to assume your identity and then use it for something else like
taking a loan, transferring money, etc. The occurrence of such incidents has increased after
mobile banking and Internet banking started to gain popularity. With the growth of mobile
devices and smartphones, the potential for monetary gain via hacking has also increased.

Key Reasons Why do Hackers Hack

1. Server Disruption
Server disruption attacks have just one aim in mind, which is to shut down or render a
specific website useless. Distributed Denial of Service (DDoS) is considered to be one
of the most popular forms of server disruption attacks. In simple terms, DDoS attacks
are those that occur when a hacker seizes control over a network of zombie computers
called a botnet. The botnet is then used as an army of mindless zombies to endlessly
ping a particular web server to overload a website and eventually shut it down.
2. Monetary Loss
Online banking has become so popular and has been a revelation, however, the
benefits have their drawbacks. Online banking has paved the way for cyber thieves to
digitally steal from you by inserting banking Trojans or malicious lines of code
specifically designed for stealing money from you.
3. Vulnerability Scanning
Vulnerability scanning is a security technique employed for identifying security
weaknesses in a computer system. This security measure is mostly used by network
administrators for obvious security reasons. However, hackers can also infiltrate this
security method to gain unauthorized access, thus opening the door to other
infiltration tactics and motivations. Vulnerability scanning is essentially considered to
be the gateway to additional attacks.
4. Unauthorized Code Execution
Unauthorized Code Execution motives can be a bit complicated. Typically, hackers
aim at infecting a user with malware to take control of said user's computer via the
execution of a code or commands. This extremely powerful form of hacking permits
hackers to take complete control of the victim’s computer. Running unauthorized

KLE’S C.I.Munavalli, CS dept 22

 5TH SEM SYLLABUS WEEK 1

code can be one of the first steps in turning a user's computer into a zombie or bot.
Thus, the very aspect of possessing unprecedented access can lead to an unlimited
number of suspicious activities that a hacker can accomplish without even a trace of
being caught.

Why Comodo cWatch Web is the Best Hacking

Prevention Tool
cWatch Web is a web security tool developed by Comodo, a cybersecurity company. This
tool protects you from a wide range of web security threats, identifies new threats, and
blocks them in real-time with the help of the Comodo Security Information and Event
Management (SIEM) team. As a hacking prevention tool, cWatch protects you against:

 Data breaches
 Malware
 DDoS
 SEO hacks
 Web scrapers
 Website defacement
 Spam email attacks
 OWASP Top 10 Security Risks

With cWatch you will be able to prevent an attack even before it could reach the network,
thus helping you to save time and cost. This web security tool achieves this with the help of
its key features which have been discussed below:

 Web Application Firewall (WAF): Comodo’s WAF protects vulnerable websites by

detecting and removing malicious requests and preventing hack attempts. It also
focuses on application targeting attacks, for example, WordPress and plugins, Joomla,
Drupal, etc. It explicitly blocks all non-HTTP/HTTPS-based traffic, with a current
network capacity of over 1 TB/s.
 Secure Content Delivery Network (CDN): A global system of distributed servers to
enhance the performance of web applications and websites.

KLE’S C.I.Munavalli, CS dept 23

 5TH SEM SYLLABUS WEEK 1

 Malware Monitoring and Remediation: Detects malware, provides the methods and
tools to remove it, and helps to prevent future malware attacks.
 Cyber Security Operations Center (CSOC): A team of always-on certified
cybersecurity professionals providing 24x7x365 surveillance and remediation
services.
 Security Information and Event Management (SIEM): Advanced intelligence that
can leverage current events and data from 85M+ endpoints and 100M+ domains.
 PCI Scanning: This scanning enables service providers and merchants to stay in
compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Identity theft
Identity theft happens when someone steals your personal information to commit fraud.

This theft is committed in many ways by gathering personal information such as transactional

information of another person to make transactions.

What Is Identity Theft?

Identity theft is the crime of obtaining the personal or financial information of
another person to use their identity to commit fraud, such as making unauthorized
transactions or purchases. Identity theft is committed in many different ways and its
victims are typically left with damage to their credit, finances, and reputation.

KEY TAKEAWAYS

 Identity theft occurs when someone steals your personal information and
credentials to commit fraud.
 There are various forms of identity theft, but the most common is financial.
 Identity theft protection is a growing industry that keeps track of people's
credit reports, financial activity, and Social Security Number use.

Understanding Identity Theft

Identity theft occurs when someone steals your personal information—such as
your Social Security Number, bank account number, and credit card information.
Identity theft can be committed in many different ways. Some identity thieves sift
through trash bins looking for bank account and credit card statements.

More high-tech methods involve accessing corporate databases to steal lists of

customer information. Once identity thieves have the information they are looking
for, they can ruin a person's credit rating and the standing of other personal
information.1

KLE’S C.I.Munavalli, CS dept 24

 5TH SEM SYLLABUS WEEK 1

Identity thieves increasingly use computer technology to obtain other people's

personal information for identity fraud. To find such information, they may search
the hard drives of stolen or discarded computers; hack into computers or computer
networks; access computer-based public records; use information-gathering
malware to infect computers; browse social networking sites; or use deceptive
emails or text messages.1

Victims of identity theft often do not know their identity has been stolen until they
begin receiving calls from creditors or are turned down for a loan because of a bad
credit score.

Types of Identity Theft

There are several types of identity theft including:

Financial Identity Theft

In financial identity theft, someone uses another person's identity or information to
obtain credit, goods, services, or benefits. This is the most common form of identity
theft.2

Social Security Identity Theft

If identity thieves obtain your Social Security Number, they can use it to apply for
credit cards and loans and then not pay outstanding balances. Fraudsters can also
use your number to receive medical, disability, and other benefits.3

Medical Identity Theft

In medical identity theft, someone poses as another person to obtain free medical
care. 1

Synthetic Identity Theft

Synthetic identity theft is a type of fraud in which a criminal combines real (usually
stolen) and fake information to create a new identity, which is used to open
fraudulent accounts and make fraudulent purchases. Synthetic identity theft allows
the criminal to steal money from any credit card companies or lenders who extend
credit based on the fake identity.1

Child Identity Theft

In child identity theft, someone uses a child's identity for various forms of personal
gain. This is common, as children typically do not have information associated with
them that could pose obstacles for the perpetrator.

The fraudster may use the child's name and Social Security Number to obtain a
residence, find employment, obtain loans, or avoid arrest on outstanding warrants.
Often, the victim is a family member, the child of a friend, or someone else close to
the perpetrator. Some people even steal the personal information of deceased
loved ones.1

KLE’S C.I.Munavalli, CS dept 25

 5TH SEM SYLLABUS WEEK 1

Tax Identity Theft

Tax identity theft occurs when someone uses your personal information, including
your Social Security Number, to file a bogus state or federal tax return in your name
and collect a refund.1

Criminal Identity Theft

In criminal identity theft, a criminal poses as another person during an arrest to try
to avoid a summons, prevent the discovery of a warrant issued in their real name or
avoid an arrest or conviction record.2

What are the 7 types of identity theft?

The Many Different Forms of Identity Theft

 Account Takeover Fraud.
 Debit Card Fraud or Credit Card Fraud.
 Driver's License Identity Theft.
 Mail Identity Theft.
 Online Shopping Fraud.
 Social Security Number Identity Theft.
 Senior Identity Theft and Scams.
 Child Identity Theft.

Identity theft is a major problem in the United States. According to consulting firm Javelin
Strategy & Research, 13 million consumers fell victim in 2019—and it cost them $3.5
billion in out-of-pocket costs.

With technology evolving so rapidly, fraudsters now have more opportunities than ever
before to access your private data for their own gain. Safeguarding sensitive information can
help protect you from becoming a victim. In addition to being proactive, knowing how to
spot fraudulent activity that's already occurred can help you prevent further damage and
potentially regain your losses.

There are many different types of identity theft and fraud, including some lesser-known
schemes that could wreak havoc on your financial life if undetected. Here's what to look out
for and, most important, what to do if it happens to you.

KLE’S C.I.Munavalli, CS dept 26

 5TH SEM SYLLABUS WEEK 1

Account Takeover Fraud

Account takeover is when somebody gains access and takes control of one or more of your
accounts without your knowledge or permission. At that point, they can use the account just
as you would, potentially using it to make fraudulent transactions, transfer money or gain
access to additional accounts, for example. Account takeover fraud accounted for 53% of all
existing-account fraud in 2019, according to Javelin.

Since criminals need access to your user credentials to break into your accounts and
impersonate you online, keeping this information safe is vital. This involves creating strong
passwords that are unique to each of your accounts. Opting for two-factor authentication and
using a VPN when accessing public Wi-Fi can add an extra level of security.

If you think you've been the victim of an account takeover, change your passwords
(especially if you use the same one for multiple accounts) and contact customer support to
see what recourse you may have. Many services allow you to see a list of devices your
account has been logged in from, and shut down any log-in instances that may seem
suspicious. If, for example, your bank account shows a log-in session from an iPhone in
Florida and you're an Android user living in Los Angeles, it's possible your account has been
compromised.

Debit Card Fraud or Credit Card Fraud

Debit and credit card fraud occurs when someone uses your card without your permission.
Even if a criminal doesn't have your physical card in hand, they can still make unauthorized
transactions with your credit card number, PIN and security code. Someone could even use
your card information to try to gain access to your other accounts. Either way, fraudulent
activity could potentially hurt your credit in several ways, such as by causing your credit
card balances to spike.

The good news is that many card issuers have systems in place to help prevent and identify
credit card fraud before it results in long-term harm. If you suspect this type of identity theft,

KLE’S C.I.Munavalli, CS dept 27

 5TH SEM SYLLABUS WEEK 1

contact your card provider as soon as possible to prevent more unauthorized charges. Most
won't hold you accountable for charges you didn't authorize.

Driver's License Identity Theft

If your wallet goes missing, you may be most concerned about your debit and credit cards.
It's easy to overlook your driver's license, but this little card can be a golden ticket for
thieves, as it contains your address, driver's license number and other sensitive
information. Driver's license identity theft takes many forms, whether your license number is
stolen in a data breach or someone physically steals your wallet.

Once your driver's license number is in someone else's hands, a criminal could falsely use it
during a traffic stop to avoid a citation—which means it could end up on your driving
record. It's a form of criminal identity theft that could even result in an erroneous warrant for
your arrest. If your license goes missing, report it to the police and the DMV.

Mail Identity Theft

This type of identity theft has gotten more sophisticated in recent years. One mail identity
theft scam involves stealing checks out of mailboxes, then altering and cashing them. Other
con artists have been known to intercept credit and debit cards to rack up unauthorized
charges. Also be mindful about the mail you throw away. Anything containing account
statements, banking information or other personal details can be stolen and used against you.
If you've been the victim of mail theft or tampering, you can report it to the U.S. Postal
Inspection Service at 877-876-8455.

Online Shopping Fraud

Online shopping fraud can happen in several ways. Some criminals have mastered the art of
hacking their way into website accounts, then use your saved card information to make
unapproved purchases. This can happen in many ways, but a common situation occurs when
shoppers use their accounts while connected via an unfamiliar Wi-Fi network, such as one at
KLE’S C.I.Munavalli, CS dept 28
 5TH SEM SYLLABUS WEEK 1

a coffee shop. Hackers can set up seemingly legitimate networks with the intention of
stealing the information of anyone who connects. That's why it's always smart to shop, do
your banking and handle any other sensitive information on a private Wi-Fi network you
trust.

Another form of this type of fraud involves compromising the website itself and gaining
access to accounts that way, either by stealing customer information or redirecting them to a
phony website. Pay close attention to the URL of the website you're using, and check to see
if the website is secure before entering your credit card information. Misspellings, low-
quality images or too-good-to-be-true deals may also be red flags for fraud. If you're
skeptical, don't go through with a purchase, or find it from another retailer you can trust.

Social Security Number Identity Theft

Your Social Security number can be a very powerful tool for fraudsters, especially if they
also get their hands on other personal information that can be used together to open
fraudulent accounts in your name. This can lead to delinquent accounts showing up on your
credit reports and affecting your credit scores. That's why keeping your Social Security card
in your wallet is so risky. Instead, store it in a safe place and shred any documents
containing your SSN before throwing them away.

When periodically checking your credit reports, check your identifying information closely.
Variations of your Social Security number will be listed. Names, addresses or other
identifying information you don't recognize could be signs of fraud. Those who've been
victimized can report it to the Social Security Administration and also notify their state's tax
office.

Senior Identity Theft and Scams

Senior identity fraud can take many forms, and elderly citizens are particularly vulnerable to
cybercriminals. This includes tech scammers who call asking for passwords and personal
information. Many will say they're from the IRS or Medicare office to gain trust; others even

KLE’S C.I.Munavalli, CS dept 29

 5TH SEM SYLLABUS WEEK 1

pose as grandchildren who are in trouble and need money. The Federal Trade Commission
reports that older consumers who experience fraud typically incur greater financial losses
than younger folks. Warning the seniors in your life about these scams can help prevent
them from being victimized.

Child Identity Theft

Many child identity theft cases are perpetrated by someone within the family. Ill-intentioned
family members can use Social Security numbers, birthdays, addresses and more to open
fraudulent accounts. They may also apply for government benefits, take out loans or find
other ways to rack up debt in the child's name. This can come back to haunt the victim when
they're old enough to apply for legitimate credit on their own, only to find delinquent
accounts and unpaid balances. If your child has a credit report, freezing it can prevent further
fraud while protecting them from future attacks.

Tax Identity Theft

This type of identity fraud happens when someone uses your personal information, including
your Social Security number, to file a tax return in your name and collect a refund. Tax
identity theft is usually identified when the victim goes to file their tax return and finds that
one has already been processed for them.

Beware of any communication from someone posing as an IRS official requesting private
information. The IRS will never contact you in person or by phone or email without first
sending notice through the mail. If you've been the victim of tax identity theft, you'll want to
fill out an Identity Theft Affidavit with the IRS.

Biometric ID Theft
Biometric ID theft is a very real form of fraud that involves stealing or spoofing a person's
physical or behavior characteristics to unlock a device—think facial or voice recognition to
unlock your phone, or to tap into your other devices. Biometric ID theft can be a goldmine
KLE’S C.I.Munavalli, CS dept 30
 5TH SEM SYLLABUS WEEK 1

for hackers, who can gain access to digital wallets and loads of private information. To
protect yourself from this type of identity theft, update your devices as recommended. Also
be sure your biometric data is being stored securely and safely by a company that requests it.
If it isn't, opt out.

Synthetic Identity Theft

Synthetic ID fraud is the fastest-growing kind of financial crime in the U.S., according to
consulting firm McKinsey & Company. It's a sophisticated operation that draws on a mix of
real personal consumer data, such as Social Security numbers, addresses and birthdays, from
a variety of people. This information is blended together to create new fictitious identities
that are designed to look like real consumers with good credit.

From there, criminals can open new accounts, apply for credit, receive auto loans and
commit other types of financial crimes. If you start to receive mail or phone calls asking
about new credit accounts, or you get mail addressed to a different name, these could be
signs of synthetic ID theft.

Medical Identity Theft

This kind of identity theft happens when someone poses as another person in order to
receive medical services. There are many ways your medical data could fall into the wrong
hands. The medical/health care sector had the second-highest number of data breaches in
2019, according to the Identity Theft Research Center.

No matter how it happens, medical identity theft could result in bills for medical services,
prescriptions or goods you never requested or received. Making a habit of reviewing your
medical claims can help you spot fraud and take steps to remedy it. This involves filing a
police report and contacting your insurer and medical providers to correct your medical files.
You can also consider filing a health privacy complaint with the U.S. Department of Health
& Human Services online or by calling 800-368-1019. If you suspect Medicare fraud, you
can report it to 800-HHS-TIPS.

KLE’S C.I.Munavalli, CS dept 31

 5TH SEM SYLLABUS WEEK 1

Mortgage Fraud
Mortgage fraud doesn't just apply to buyers and sellers who lie on their mortgage
applications. It can also occur if an identity thief steals a homeowner's Social Security
number or comes across their mortgage account number. With this information, it might be
possible to take out a home equity line of credit or second mortgage, then make off with the
money. If it happens to you, contact your mortgage lender immediately. Learn different
ways to detect and avoid mortgage fraud.

Home Title Fraud

Home title fraud is when a scammer gains possession of the title to your property. By
stealing other components of your identity, they may be able to transfer the ownership on
your property title to themselves. At that point, they can use your home equity to gain access
to loans and lines of credit. The repercussions can come as a terrible shock to the rightful
homeowner, who could face unexpected foreclosure notices. Prevent home title fraud by
periodically checking your home information with your county's deed office. If you
suddenly stop receiving things like your tax bill or mortgage bill, that's another potential
cause for alarm.

Lost or Stolen Passport

A valid passport number can fetch a hefty price on the dark web. It's a business that helps
criminals turn a profit by falsifying travel documents for those willing to pay top dollar for
them. This can spell trouble for consumers who've lost their passport or are victims of theft,
especially if it happens while they're away from home. If your passport number has been
compromised, the U.S. Department of State recommends reporting it as lost or stolen. This
will subsequently invalidate it so that it can no longer be used for international travel. Still,
the victim will have to cover the fees to get a new passport.

Internet of Things Identity Fraud

KLE’S C.I.Munavalli, CS dept 32
 5TH SEM SYLLABUS WEEK 1

Everything from smartphones to household appliances to cars are now synced up to the
internet and linked to one another. Smart devices that can tell you your day's schedule while
you brush your teeth, for example, are certainly convenient, but this so-called internet of
things (IoT) has also created a new vulnerability point for hackers to exploit. This type of
identity theft occurs when someone exploits a security flaw in an internet-connected device
to gain access to your personal data. Since devices are almost always connected to important
user accounts (such as your email), each device potentially represents an entry point for a
hacker.

If you use these devices, be sure to periodically check your financial statements and credit
reports for signs of fraud. If you spot something fishy, change your passwords on all
internet-connected devices as soon as possible. Secure your home's wireless network with a
secure password, and make sure all smart devices use the network you've set up. Or, you
may decide that these devices aren't worth the risk, and avoid bringing them into your home
altogether.

What Should You Do if You're an Identity Theft Victim?

If you are a victim of identity theft, you should report it immediately. Here are some other
things you can do if you suspect you've been a victim:

 File a police report after identity theft, which is important to protect yourself if an ID
thief starts using your information to commit crimes. Get copies of the police
report—you may be asked for them when notifying your insurer, medical
providers, the credit bureaus and others that you have been victimized.

 File an identity theft complaint with the Federal Trade Commission online or call the
FTC's toll-free hotline at 877-IDTHEFT (438-4338).

 Consider placing a freeze or fraud alert on your credit reports.

KLE’S C.I.Munavalli, CS dept 33

 5TH SEM SYLLABUS WEEK 1

Monitor Your Credit to Spot Potential Identity Theft and

Fraud
Being persistent by monitoring your accounts and reviewing your personal information is the
best way to stay on top of potential threats. First and foremost is your credit. If someone
opens a fraudulent account in your name, you'll want to be the first to know, especially if it's
dragging down your credit scores. Experian's free credit monitoring takes it a step further
and offers real-time alerts so you'll get a notification whenever a key change occurs. You can
even review and correct inaccuracies on your credit report at no charge.

There are all kinds of identity theft and fraud—and innocent consumers are unfortunately
easy prey if they aren't paying attention. Staying on top of your credit is crucial. Experian
allows you to pull your credit report at no charge to help you spot potential identity fraud
sooner. Detecting threats and responding to them quickly is the best way to safeguard your
financial life.

Warning Signs of Identity Theft

It can be difficult to know if you've been a victim of identity theft, especially if you're
not always checking your financial statements.

Some clear indicators of identity theft include bills for items that you didn't buy;
these can be seen on your credit card or received via email or other means, calls
from debt collectors regarding accounts that you didn't open, and your loan
applications being denied when you believed your credit is in good standing.

Other warning signs include bounced checks, a warrant for your arrest,
unexplainable medical bills, utilities being shut off, inability to sign into accounts,
hard inquiries into your credit report not caused by your actions, and new credit
cards in your name that you didn't apply for.

Potential Victims of Identity Theft

Anyone can be a victim of identity theft. Children and aging adults are particularly
vulnerable to identity theft as they may not understand specific situations, bills, and
their care and finances are handled by others.

Children may be victims of identity theft but not aware of it until they are adults.
Seniors often provide a lot of information to hospitals, caregivers, and doctor's
officers, where information can be obtained by those seeking to commit fraud.
KLE’S C.I.Munavalli, CS dept 34
 5TH SEM SYLLABUS WEEK 1

Identity Theft Protection

Many types of identity theft can be prevented. One way is to continually check the
accuracy of personal documents and promptly deal with any discrepancies.4

If you believe you are a victim of identity theft, start by going to IdentityTheft.gov, a
website administered by the Federal Trade Commission (FTC). It provides
directions on how to help you recover your identity and repair any damage you
have experienced.

There are several identity theft protection services that help people avoid and
mitigate the effects of identity theft. Typically, such services provide information
helping people to safeguard their personal information; monitor public records and
private records, such as credit reports, to alert their clients of certain transactions
and status changes; and provide assistance to victims to help them resolve
problems associated with identity theft.

In addition, some government agencies and nonprofit organizations provide similar

assistance, typically with websites that have information and tools to help people
avoid, remedy, and report incidents of identity theft. Many of the best credit
monitoring services also provide identity protection tools and services.4

Recovering From Identity Theft

Managing identity theft can be a painstaking and long process. Once you have
determined that you have been a victim of identity theft and filed a report with the
FTC, there are other steps that you need to take.

You can start by placing fraud alerts on all of your credit reports as well as freezing
your credit reports. Fraud alerts are an added layer of protection in that lenders
must confirm your identity before opening an account, usually via phone. Freezing
your reports prevents access to any credit information. Your credit report is
removed from circulation so that a lender will not have access to it. If they don't
have access to your report, they cannot open an account in your name.

Once you've managed the above, you need to contact all of the companies
involved. Demonstrate to companies that you are a victim of identity theft, that you
did not open these accounts, and that your accounts should be frozen.

You can demonstrate that you are a victim of fraud by filing complaints, disputing
charges, and showing any other reports you have filed, such as police reports or
reports with the FTC. The Fair Credit Billing Act and the Electronic Funds Transfer
Act work in your favor. You must also dispute any incorrect charges and
information on your credit reports as well.

KLE’S C.I.Munavalli, CS dept 35

 5TH SEM SYLLABUS WEEK 1

This should be done once you have the report that you filed with the FTC. Banks
and credit card companies should close your old cards and send you new ones,
and you should change all of your login and password information.

From there, continue monitoring your reports to ensure that your information is no
longer available for thieves to use.

What Do You Do If Someone Has Stolen Your Identity?

The first step to take if someone has stolen your identity is to report the theft to the
Federal Trade Commission (FTC) at IdentityTheft.gov. You can also call them at 1-
877-438-4338. From there, you can freeze your credit reports, file a police report,
and change all your login and password information. It would also be wise to close
your current credit and debit cards and receive new ones. Check your credit reports
for false accounts and dispute these with the credit agencies once you have a
report from the FTC.

What Are the First Signs of Identity Theft?

The first signs of identity theft are unexplainable charges on your credit card or
debit card statements, new cards that you did not apply for, incorrect items on your
credit report, medical bills for doctor's visits that you did not have, and collection
notices for accounts that you did not open.

What Are the 3 Types of Identity Theft?

The three main types of identity theft are medical identity theft, financial identity
theft, and online identity theft.

The Bottom Line

Identity theft is a traumatic and difficult experience and can severely damage your
creditworthiness and leave you with bills that you did not incur. It's important to
always monitor your bank and credit card statements as well as your credit report
for any signs of fraud.

If you have detected that you are a victim of fraud, there are ways to dispute the
charges, fix the theft, and stop your information from being available to thieves. The
government provides many resources to help you get back to a good credit
standing.

The four types of identity theft include medical,

criminal, financial and child identity theft.

KLE’S C.I.Munavalli, CS dept 36

 5TH SEM SYLLABUS WEEK 1

Medical identity theft occurs when individuals

identify themselves as another to procure free
medical care.
Criminal identity theft generally takes place when
one identifies himself or herself as someone else
during an arrest to avoid a summons, detection of a
warrant in their real name or to evade an actual
arrest or conviction.
Financial identity theft is the most common. It
occurs when someone uses another person’s
information to attain goods, services or information.
Child identity theft is common among those who
know the child and understand that the child is
unlikely to discover identity theft. It may be used to
gain employment or a residence.

Worried about cyber-attacks on your business? Get

coverage here.

One of the best methods for preventing identity theft

is to continually check your personal records for
accuracy and activity. AND purchase insurance
protection from FAPCO should all your preventions
fail. Most homeowners policies we sell offer Identity
Fraud expense reimbursement coverage for less than
$50.00 annually. The ID theft coverage reimburses
KLE’S C.I.Munavalli, CS dept 37
 5TH SEM SYLLABUS WEEK 1

the homeowner for recovery expenses such as legal

fees, postage and other related costs of identity theft.
Also included are help line services to guide you
through the process of recovery.

Defence in depth
Cyber security, the new No. 1 priority for businesses
Cyber security has become a key area in all business sectors, particularly for companies that
store data. Security mismanagement can lead to very serious economic losses, as well as
affecting a company’s reputation.

To enhance security, a model is used known as defence-in-depth involving multiple layers

of security controls, with each level focusing on possible attacks and creating different means
of protection.

KLE’S C.I.Munavalli, CS dept 38

 5TH SEM SYLLABUS WEEK 1

Defence-in-depth layers and some possible attacks

examples:

 Data: exposure of cipher keys that can make data vulnerable.

 Apps: insertion of malware such as SQL injection attacks and cross-site scripting (XSS).
 Virtual machines/processes: execution of malware to compromise the system.
 Networks: leaving ports open unnecessarily. Once an open port has been detected,
access is attempted using brute force attacks.
 Perimeter: denial of service (DoS) attacks consisting of overloading network resources
and forcing disconnection.

KLE’S C.I.Munavalli, CS dept 39

 5TH SEM SYLLABUS WEEK 1

 Physical security: unauthorised access to facilities.

 Policies and access: this is the layer where the application is authenticated. The risk
here consists of potential exposure of credentials.

Protecting your organization data

- Traditional data
- Cloud; IoT; Big data
What is organizational data in cyber security?
Organizational data security refers to protective digital privacy measures that are applied
within an organization in order to prevent unauthorized access to computers, databases
and websites.

Protect your company from cyber attacks

1. Secure your networks and databases. Protect your networks by setting up firewalls and
encrypting information. ...
2. Educate your employees. ...
3. Create security policies and practices. ...
4. Know how to distinguish between fake antivirus offers and real notifications. ...
5. Inform your customers.
Protect your company from cyber attacks
Cyber crime can have a significant negative impact on your business if proper
precautions are not taken to prevent it. The OCABR has tips to help you keep
your businesses information secure.

Cyber crime can have a significant negative impact on your life or business if
proper precautions are not taken to prevent it.
Secure your networks and databases
Protect your networks by setting up firewalls and encrypting information. This
will help minimize the risk of cyber criminals gaining access to confidential
information. Make sure your Wi-Fi network is hidden and the password
protected. Make sure to be selective of the information that is being stored in
the company databases. Databases can be a great means for companies to
have a central location of data and documents, but this does not mean it is
favorable to store any and all information. Automatic backing up of company
data should be set to be completed either once a day or once a week,
depending on the level of activity within your company. Backing up your
company’s data will increase the likelihood that with a cyber attack, your
company’s data will not be lost completely, which is all too common.
Educate your employees

KLE’S C.I.Munavalli, CS dept 40

 5TH SEM SYLLABUS WEEK 1

Talk to your employees about their role in securing and protecting the
information of their colleagues, customers, and the company. Have policies set
in place so they know what practices are acceptable and unacceptable. Limit
the number of users within the company who will have administrative access.
This will minimize the amount of programs they will be able to download,
therefore, minimizing the risks of downloading viruses and malicious software
Create security policies and practices
Establish practices and policies to protect your company from cyber attacks
and provide guidelines for resolving issues if they arise. Make sure to outline
how situations will be handled and the consequences if an employee violates
the policies. Control physical access to company devices and dispose of them
properly. Prevent access to company computers and handheld devices from
unauthorized users. Laptops and cellphones are easy targets for cyber theft
since they can be misplaced easily or stolen quickly. Reset devices that are
being disposed of back to factory setting. Never get rid of a cellphone or laptop
without completing this step. Failure to do so could result in company
information winding up in the hands of the cyber criminal.
Know how to distinguish between fake antivirus offers
and real notifications
Train your employees to be able to recognize fake antivirus warning messages
and alert IT as soon as they notice anything questionable occurring (if
necessary). Make sure your company has a policy in place for the steps to be
taken should an employee’s computer become infected with a virus. Malware is
a sneaky program that can obtain information by making its way onto devices
via the Internet, social media, email, attachments, and downloads. For
example, key-logging malware can track everything the user types on their
keyboard. This means cyber criminals could access bank accounts, customer
information, passwords, and other company-sensitive information. Make sure
to keep your security software up-to-date to help prevent malware from
sneaking onto your system and networks.
Inform your customers
Let your customers know the reasons why you collect their personal
information and what it is used for. Assure them that your company will not
request any sensitive information such as their social security number or their
bank account information over unprotected methods of communication, such
as through text message or email. Ask them to report suspicious
communications.

KLE’S C.I.Munavalli, CS dept 41

 5TH SEM SYLLABUS WEEK 1

Five ways you can help

protect your organization
from cyber attacks
Mathieu Chevalier

Principal Security Architect & Manager

With threat actors becoming more creative, social engineering

attacks evolve as well, making it increasingly difficult to protect
your organization. Our last cybersecurity blog on cyber
hygiene explores the importance of implementing cyber hygiene
policies and continuous user education.
Here are five steps to help put your organization in the best
possible position to defend against cyber threats that lurk online.

1. Learn how to detect a potential social

engineering attack
Whether in the form of phishing,
ransomware, or pretexting — among
others — social engineering attacks are
dangerous and often hard to pinpoint. The
ability to detect them as soon as possible
is vital to protecting your organization
against such cyber threats.

Every single member of your organization

should learn how to detect a potential
social engineering attack. All it takes is
one employee to click on the wrong link or send personal
information to the wrong person, for a large-scale data breach to
occur.

Here’s a list of data and communication exchanges that you should

think twice about before offering or engaging in:

KLE’S C.I.Munavalli, CS dept 42

 5TH SEM SYLLABUS WEEK 1

 Requests for user or shared credentials

 Requests for contractual or financial information
 Requests for personal information
 Unusual or suspicious links and files
 Unusual or suspicious phone calls

2. Educate users on devices

User education on devices is a
straightforward, yet vital step in
protecting them. It ensures that every
member of your organization is aware of
the best practices around protecting your
organization data. While this begins at
onboarding, educating your employees on
how to secure their devices is an ongoing
process.

Whether it be for a 5-minute washroom

break or a 10-minute chat with your co-worker, locking your
devices before you leave your workstation is an essential starting
point since your password acts as the first line of defense.

Refraining from using third-party applications that haven’t been

approved by your IT department is also a key factor, as it ensures
that you’re not using any vulnerable programs that could be
exploited. You should also limit any unnecessary use of personal
devices for work. Instead, use the devices made available by your
organization to help reduce the risk of a cyber attack.

3. Implement multi-factor authentication

and password management
Password management policies and multi-factor authentication
(MFA) are essential when it comes to securing your devices. While
a password’s role is straight forward, consistently rotating a strong
and randomized password is just as crucial.

It’s important to change all default passwords on your devices, as

this is a vulnerability often exploited by threat actors. And of
course, never share your passwords — with anyone.

KLE’S C.I.Munavalli, CS dept 43

 5TH SEM SYLLABUS WEEK 1

MFA is also key to securing your systems, as it forces the user to

confirm their credentials through a secure, secondary application
every time a device is used.

4. Keep up with software and hardware

best practices
Software and hardware physical security
best practices help to ensure that you’re
doing all you can to secure your
organization, whether it be choosing
systems with built-in defense functions or
regularly updating your software and
hardware.

Choosing systems with built-in layers of

defense strengthens your organization’s
cybersecurity the minute they’re up and
running. With many solutions containing built-in security functions
like data encryption and endpoint protection, these obstacles make
it harder for threat actors to penetrate your systems.

When it comes to software updates, many overlook the important

role that they play in helping to secure your organization. Prioritize
updating the software and firmware on all your devices, as this
allows them to function at their optimal level. Product updates
often provide critical fixes for newfound vulnerabilities.

5. Choose the right technology

Finding a technology provider that offers the solutions you need, all
while operating with transparency, is not easy. While it may take
time to decide which vendor is the right fit for your organization,
it’s an important step towards shaping your ideal security solution.

Most vendors offer their customers hardening guides — guides that

provide tips on how to keep your system secure — so ask the right
questions to ensure you receive your vendors’ relevant data and
privacy protection policies.

Choosing the right technology is central to a strong cybersecurity

strategy, as operating with transparency and maintaining clear
communication around vulnerabilities allows your organization to
create an optimal cybersecurity strategy.

KLE’S C.I.Munavalli, CS dept 44

 5TH SEM SYLLABUS WEEK 1

Maintaining your cybersecurity is an

ongoing process
With the constant flow of people throughout your organization,
especially in the form of new and departing employees, educating
each member of your organization on cybersecurity best practices
is an endless process.

KLE’S C.I.Munavalli, CS dept 45