Scribd
Upload
2 views

CH-6 (1)

The document discusses various risks to data and personal information, including unauthorized access, malware, accidental deletion, and theft of personal data through phishing and pharming. It also outlines methods to secure data online, such as using firewalls, encryption, strong passwords, CAPTCHA tests, anti-malware software, and backup procedures. Additionally, it covers online payment systems and the importance of secure transactions to protect sensitive information.

Uploaded by

May Myat Noe
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

CH-6 (1)

The document discusses various risks to data and personal information, including unauthorized access, malware, accidental deletion, and theft of personal data through phishing and pharming. It also outlines methods to secure data online, such as using firewalls, encryption, strong passwords, CAPTCHA tests, anti-malware software, and backup procedures. Additionally, it covers online payment systems and the importance of secure transactions to protect sensitive information.

Uploaded by

May Myat Noe
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 41

CHAPTER-6

Risks to Data and Personal Information


Unauthorised Access

• Access to networks by users who are not permitted to access them is


called unauthorised access.
• Unauthorised users can attempt to gain access to networks directly by
themselves.
• They may create software that runs thousands of times per second on
devices, inputting multiple login details in order to attempt to gain
access to networks with poor security.
Unauthorised Access

• Sometimes, devices on a network can be targeted by unauthorised


users in order to be used as botnets.
• Botnets are groups of computers that have their resources used for
harmful purposes, such as running and spreading malware.
Deliberate Damage by Malware

• Malware can show messages, play sounds, delete files or reprogram


systems to perform tasks that will harm the system and the connected
hardware.
• Some malware (known as ransomware) threatens to delete a user's files
or places restrictions on a user's access to software or resources until
money is paid, usually to an anonymous account.
Accidental Deletion

• Users can sometimes delete files or even the entire contents of a drive
by mistake.
• This can happen if:
■ they press a key on a keyboard by accident
■ they format media on the wrong storage device
■ their device loses power unexpectedly.
Theft of Personal Data

• Criminals use a number of methods to steal personal data.


❑ Phishing
• Is used by criminals to get personal information and payment details
from users.
• Phishing messages are sent as emails, SMS or instant message apps.
• These emails ask the user to provide their information by replying to
the message or following a hyperlink that opens a webpage into which
the user is asked to type their personal details.
Theft of Personal Data

• Phishing messages are highly customised or personalised and are


targeted at a smaller number of particular users.
• This technique is known as spear phishing.
Theft of Personal Data

❑ Pharming
• Like phishing
• Criminals create fake versions of trusted websites to trick users into
entering their login details, which are then used by the criminals to
access users' accounts.
Theft of Personal Data

• Two main methods by which users are directed to a pharming site


1. Internet traffic going to the real website is redirected to the fake
website, so that users think they are visiting the real thing. Criminals
do this by altering the domain name servers to make internet traffic
go to their fake site.
2. The URL of a pharming website is designed to be very similar to the
URL of the real website.
Methods to Secure Data and Personal Information Online

• Much of the data transmitted online is sensitive and valuable, and it is


important to protect that data from unauthorised access.
Methods to Secure Data and Personal Information Online

1. Firewalls
• Firewalls control the data travelling into and out of a network.
• They examine the network addresses and ports of the data.
• They compare those details to a list of rules that can be changed by
network administrators.
• The list of rules determines what traffic should be allowed to travel
into and out of the network.
• In this way, firewalls can prevent unauthorised access to a network and
protect the network from malware.
Methods to Secure Data and Personal Information Online

2. Encryption
• Encryption uses a key to scramble data into an unreadable form.
• If encrypted data is intercepted on the network, it is useless unless the
interceptor has or can identify the key.
Methods to Secure Data and Personal Information Online
3. Passwords, PINs and Biometrics
• Passwords, PINs and biometrics are used online to authenticate a user so
that they can access an online system, such as webmail or an online bank
account.
• Users should make sure that their password is:
■ more than eight characters long
■ a mix of letters, numbers and symbols
■ a mix of uppercase and lowercase letters
■ made up of random characters
■ changed frequently
■ something that they have not used before.
Methods to Secure Data and Personal Information Online

• When entering a password or a PIN, the characters are often masked


so that anyone watching the screen cannot see what is typed.
• Some services allow the password to be remembered.
• This is not recommended for multiple users of computers with stand-
alone operating systems, as it may mean that another user can access
someone else's accounts.
• Network operating systems are more secure and will not allow
different users to see each other's stored passwords.
Methods to Secure Data and Personal Information Online

4. CAPTCHA Tests and Security Questions


• CAPTCHA stands for Completely Automated Public Turing Test To Tell
Computers and Humans Apart.
• When users create an online account, they may be given a test called a
CAPTCHA test.
• CAPTCHA tests are used to make sure that data is entered by a human
and not by an automatic software program known as a bot or web
robot.
Methods to Secure Data and Personal Information Online

• Some CAPTCHA tests work by asking users to enter a randomly


generated series of letters and numbers that are displayed on the
screen.
Methods to Secure Data and Personal Information Online

• reCAPTCHA tests work in the same way as CAPTCHA tests, but they
use extracts of text from scanned books or a selection of images that
share common features.
• When a user solves a reCAPTCHA test, their solution is used to help
digitise books and annotate images.
Methods to Secure Data and Personal Information Online

5. Anti-malware
• Anti-malware prevents malware from accessing or operating on
computers.
• It scans computer files in real time and allows users to scan files,
folders, disks or whole systems.
Methods to Secure Data and Personal Information Online

➢ Anti-virus
• A virus is malware that uses networks to spread to connected devices.
• Viruses are spread via communication software such as email or web
browsers or by being loaded into a computer's memory from external
storage such as USB flash drives.
• Viruses often look like normal files.
Methods to Secure Data and Personal Information Online

• They have unique virus definitions that can be identified by anti-virus


software.
• Anti-virus software constantly checks files that are downloaded and
loaded by a computer for signs of virus definitions.
• If the anti-virus software finds a match, it quarantines the file so that it
cannot be run.
Methods to Secure Data and Personal Information Online

• Anti-virus software has to be updated regularly because virus code can be


changed, either automatically or by the developers of the virus.
• Anti-virus utilities are often combined with software that protects against
adware and spyware.
• Anti-virus software is often known as anti-malware.
Methods to Secure Data and Personal Information Online

➢ Anti-adware
• Adware displays unwanted adverts to users.
• Anti-adware software detects, quarantines and removes adware.
Methods to Secure Data and Personal Information Online

➢ Anti-spyware
• Spyware secretly monitors and records computer data and user input.
• For example, a keylogger is a type of spyware that monitors and
records actions such as key presses or mouse movements.
• Criminals can analyse this information to identify a user's passwords
for websites, or financial data such as credit card numbers and security
codes.
• Anti-spyware software detects, quarantines and removes spyware.
Methods to Secure Data and Personal Information Online

6. Access Rights and File Permissions


• Permissions can be set for access to files, folders or drives, allowing
users to read only or read and write to the file.
Methods to Secure Data and Personal Information Online

7. Secure Websites
• Hypertext Transfer Protocol (HTTP) is used to exchange data between a
web server and a client.
• Data transferred using HTTP is not secure, so Hypertext Transfer
Protocol Secure (HTTPS) was developed.
• HTTPS authenticates payment servers and provides encryption using
Secure Socket Layer (SSL) and, more recently, Transport Layer Security
(TLS).
Methods to Secure Data and Personal Information Online

• HTTPS keeps communications private and provides security for users'


online accounts.
• Web browsers often show that a website is secure by displaying a
green padlock in the address bar.
Methods to Secure Data and Personal Information Online

8. Email Attachments and Web Links


• Users should always be careful when opening email attachments or
hyperlinks in emails and other messages.
• This is because some are fake and designed to steal users' personal
information.
Methods to Secure Data and Personal Information Online

• Users should ensure that their anti-malware software is up to date and be


especially careful if:
■ they do not recognise the sender
■ the text is general, impersonal or irrelevant to the user
■ the text contains spelling or grammatical errors
■ the attached file is an executable file such as an .exe or .zip file
■ the text contains a message telling the user to do something immediately
■ the user does not recognise the URL
Methods to Secure Data and Personal Information Online

9. Backup procedures
• Backups create one or more copies of data.
• A backup is usually stored to an external storage device.
• This makes the data more secure, because the backup files will be safe
even if the original storage device fails or is damaged, lost or stolen.
Methods to Secure Data and Personal Information Online

• There are three types of backup.


1. A full backup creates a copy of all files.
2. A differential backup creates a copy of all files that have changed since the
last full backup.
3. An incremental backup saves a copy of only the files that have changed since
the last full or incremental backup.
Methods to Secure Data and Personal Information Online

• Backups can also be saved to online storage.


• Backing up to online storage can be slower because the process uses an
internet connection.
• More regular backups will require more storage space.
• However, less frequent backups may result in a loss of data.
Methods to Secure Data and Personal Information Online

• Loss of files or damage to files can be caused by:


➢ theft
➢ malware
➢ flooding or fire
➢ power cuts
Methods to Secure Data and Personal Information Online

• Good ideas for backup procedures are as follows


➢ Set automatic backups.
➢ Do not use optical media because they deteriorate over time and are fragile.
➢ Schedule backups for late in the evening when users will not be using the
data that is being backed up in order to avoid conflicts.
➢ Create more than one copy.
Methods to Secure Data and Personal Information Online

➢ Keep one copy of a folder containing important files backed up using online
storage.
➢ Store copies at multiple locations.
➢ Store important data in a fireproof safe.
Online Payment Systems

• People can pay for goods and services online using various payment systems.
• These systems send payment details across networks to computers that
process the payments.
Online Payment Systems

➢ Online third-party payment processors


• Online third-party payment processors like PayPal that allow users to create an
account so that they can send and receive money using email accounts for
identification.
• Users can also use systems that link with online shopping applications, which
can make shopping easier and faster.
Online Payment Systems

➢ Bank cards
• Bank cards allow customers to pay for goods and services online and in shops.
• When paying online, you usually need to enter the:
✓card number
✓expiry date (and sometimes the start date) of the card
✓name on the card
✓three-or four-digit card security code (CSC)
Online Payment Systems

• When a user chooses to use a card online, they are sometimes asked to
authenticate the payment by entering a password using a secure system.
• These systems are used by financial organisations such as Mastercard which
operates the Mastercard SecureCode system.

▪ The card security code is often called a card


verification code (CVC) or card verification
value (CVV).
▪ The card number is not the same as the
bank account number.
Online Payment Systems

➢ Contactless cards using NFC


• Near field communication (NFC) is used in payment cards to allow the transfer
of payment data.
• The payment does not require a PIN or any form of user-authentication.
• If a card reader is in range and requesting payment, then the contactless card
will take payment up to a maximum amount.
Online Payment Systems

• This amount is limited, so that any people using card


readers or apps to commit fraud can only steal a
small amount.
• NFC cards can be wrapped in foil to prevent the very
weak signal from being intercepted by criminals.

You might also like