Risks to Data and personal information

1. Unauthorised Access
Access to networks by users who are not permitted to access them is called unauthorized
access. They can do this in three possible ways like:

a) attempt to gain access to networks directly by themselves.

b) create software that runs thousands of times per second on devices, inputting multiple login
details in order to attempt to gain access to network with poor security.
c) sometimes, devices on a network can be targeted by unauthorized users in order to be used
as botnets. Botnets are groups of computers that have their resources used for harmful
purposes, such as running and spreading malware.

2. Deliberate Damage by Malware

Malware is any software intentionally designed to cause damage to a computer, server, client,
or computer network. A wide variety of types of malware exist, including computer viruses,
worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.

Malware can show messages, play sounds delete files or reprogram systems to perform tasks
that will harm the system and the connected hardware. Ransomware malware threatens to
delete a user’s files or places restrictions on a user’s access to software or resources until money
is paid, usually to an anonymous account. This puts pressure on the user to act before they have
time to think clearly about the threat and how to manage it.

3. Accidental Deletion
Users can sometimes delete files or even the entire contents of a drive by mistake. This can
happen if:

 They press a key on a keyboard by accident

 they format media on the wrong storage device
 their device loses power unexpectedly.

4. Theft of personal data

 Phishing

Phishing is the fraudulent attempt to obtain sensitive information, or data, such as usernames,
passwords and credit card details by disguising oneself as a trustworthy entity in an electronic
communication. It involves sending large numbers of messages that appear to be from real
organisations, such as shops, banks or charities. These emails ask the user to provide their
information by replying to the message or following a hyperlink that opens a webpage into
which the user is asked to type their personal details.
 Sometimes, phishing messages are highly customized or personalized and are targeted at a
smaller number of particular users. This technique has become known as spear phishing.

Phishing messages can also be sent via sms or instant message apps so that users open the fake
webpage in a mobile browser.

[Link]

 Pharming

Pharming is actually a type of phishing but with the absence of 'the lure'. It involves a hacker
infiltrating a computer system and installing malicious code that causes website traffic from the
system to be redirected to bogus sites developed by the hacker. This is done without the
victim's knowledge or consent.
Many websites require the user's personal information. Private and personal information
entered into these bogus sites is then captured by the hacker. As such, customers of banks,
financial, and online payment services with any form of monetary exchange are the most highly
targeted.
There are two main methods by which users are directed to a pharming site.
1. It deceives the computer system by changing the correct IP address information (domain
name servers) stored on the computer into different numbers that direct the traffic of the user
to undesirable websites. Victims type in the correct URLs to legitimate websites as opposed to
clicking a link in a suspicious email and they are confident that the web pages presented to them
are authentic. They can also use malware to redirect web requests.
Domain name servers are computers connected to the internet that translates domain names.
2. Often, the URL of a pharming website is designed to be very similar to the URL of the real
website. This means that if a user misspells the URL when typing it into the address bar of their
web browser, they could go to the pharming site by mistake.

Methods to secure data and personal information online

1. Firewalls
Firewalls control the data travelling into and out of a network. They examine the network
addresses and ports of the data. They then compare those details to a list of rules that can be
changed by network administrators. The list of rules determines what traffic should be allowed
to travel into and out of the network. In this way, firewalls can prevent unauthorized access to a
network and protect the network from malware.
2. Encryption
Encryption uses a key to scramble data into an unreadable form.
3. Passwords, PINs and biometric
Passwards, pINs and biometrics are used online to authenticate a user so that they can access an
online system.
 When using passwords users should:
 Change passwords frequently
 Use a mixture of uppercase, lowercase, letters numbers and symbols
 Passwords should be long than eight characters
 Made of random characters
 They should be something they have not used before.

4. Captcha tests and security questions

Captcha tests are used to make sure that data is entered by a human and not an automatic software
program known as a bot or web robot. Some CAPTCHA tests work by asking users to enter a
randomly generated series of letters and numbers that are displayed on the screen.

Captcha stands for “Completely Automated Public Turing test to tell Computers and Humans Apart".

Kinds of captchas:

 image-based visual captchas

 sound-based audio captchas
 text-based puzzles

5. Anti-malware

Antimalware (anti-malware) is a type of software program designed to prevent, detect and remove
malicious software (malware) on IT systems, as well as individual computing devices. It scans
computer files in real time and allows users to scan files, folders, disks or whole systems.

Anti-malware can also do the following:

 prevent users from visiting websites that are known to distribute malicious code;
 prevent the spread of malware if one device is infected;
 generate and track metrics about the number of infections and the amount of time
required to clean up those infections; and
 offer insight into specific malicious software to help administrators understand how the
malware has affected the compromised device or network.

Anti-virus

A virus is malware that uses networks to spread to connected devices. Viruses are spread through
communication software such as email or web browsers or by being loaded into computer’s
memory from external storage such as USB flash drives. They have unique virus definitions that can
be identified by anti-virus software. Virus definitions are sequences of codes that are found in
computer viruses.

Files that are downloaded and loaded by a computer are constantly checked for signs of virus
definitions. If the anti-virus software finds a match, it quarantines the file so that it cannot be run.
Anti-virus software has to be updated regularly because virus code can be changed, either
automatically or by the developers of the virus.

Anti-virus utilities are often combined with software that protects against adware and spyware.

Anti-adware

Adware displays unwanted adverts to users. Anti-adware software detects, quarantines and
removes adware.

Anti-spyware

Spyware secretly monitors and records computer data and user input. For example, a keylogger is a
type of spyware that monitors and records actions such as key presses or mouse movements. Anti-
spyware detects, quarantines and removes spyware.

6. Access rights and file permissions

Permissions can be set for access to files, folders or drives, allowing users to read only or read
and write to the file.

7. Secure websites

Data transferred using HTTP is not secure, so Hypertext transfer Protocol Secure (HTTPS) was
developed. HTTPS authenticates payment servers and provides encryption using Secure Socket
Layer (SSL) and, more recently Transport Layer Security (TLS). Web browsers often show that a
website is secure by displaying a green padlock in the address bar.

[Link]
[Link]

8. Not opening Email attachments or following web links

Users should always be careful when opening email attachments or hyperlinks in emails and
other messages. Users should ensure that their anti-malware software is up to date and be
careful if:
 they do not recognize the sender
 the text is general, impersonal or irrelevant to the user
 the text contains spelling or grammatical errors.
 the attached file is an executable file such as an .exe or .zip file
 the text contains a message telling the user to do something immediately
 the user does not recognize the URL
 9. Backup procedures

A back is usually stored to an external storage device. Backups can also be saved to online
storage. Backing up to online storage can be slower because the process uses an internet
connection.

Users need to decide how many files to back up and how often they should back them up. More
regular backups will require more storage space.

Types of backup:
a) Full backup – creates a copy of all files
b) Differential backup – creates a copy of all files that have changed since the last full backup.
c) Incremental backup – saves a copy of only the files that have changed since the last full or
incremental backup.

File could be lost through;

 Theft
 flooding or fire
 Malware
 Power cuts

Back up procedures ideas:

 set automatic backups
 Do not use optical media because they deteriorate over time and are fragile.
 Schedule backups for late in the evening when users will not be using the data that is
being backup in order to avoid conflicts.
 Create more than one copy.
 Keep one copy of a folder containing important files backed up using online storage.
 Store copies at multiple locations.
 Store important data in a fireproof safe.

ONLINE PAYMENT SYSTEMS

These systems send payment details across networks to computers that process
the payments. The online payment system has grown increasingly over the last
decades due to the growing spread of internet-based banking and shopping.
1. Online third-party payment processors: these allow users to create an account
so that they can send and receive money using email accounts for identification.
Users can also use systems that link with online shopping applications, which can
make shopping easier and faster. Payment information gets to be reviewed by
the processor, along with running through a variety of anti-fraud measures,
before they allow the completion of a transaction. Examples include paypal, skrill,
square etc
2. Bank Cards: Allow customers to pay for goods and services online and in
shops. When paying online, you usually need to enter the:
 Card number
 Expiry date ( and sometimes the start date) of the card
 Name on the card
 Three-or four-digit card security code (CSC)
Sometimes card users are asked to authenticate the payment by entering a
password using a secure system.
3. Contactless cards using NFC: Near field communication (NFC) is used in
payment cards to allow the transfer of payment data with entering a PIN or any
form of user-authentication. If a card reader is in range and requesting payment,
then the contactless card will take payment up to a maximum amount. This
amount is limited, so that any people using card readers or apps to commit fraud
can only steal a small amount.
NFC cards can be wrapped in foil to prevent the very weak signal from being
intercepted by criminals.
Protecting online payments using https