THE INDIAN PUBLIC SCHOOL – CAMBRIDGE

INTERNATIONAL

COMPUTING AND DIGITAL LITERACY

UNIT 5
CYBER SECURITY AND AWARENESS

What is Cyber security?

Cyber security is an all-encompassing term, which includes the tools to secure
technology, assets and personal identity in the online and mobile world. Good
practices and tools such as anti-virus software, web-services, biometrics and
secure personal devices, e.g., smart-card based USB token, the SIM card, the
secure chip in payment card or an ePassport are digital security devices
because they offer freedom to communicate, work, travel and shop using your
digital identity in a way that is convenient, enjoyable and secure.
Common threats to devices
Viruses on digital devices are malicious programme codes that can corrupt the
system and destroy the data within the computer.
• Malware is a type of malicious software designed to gain unauthorized
access or to cause damage to a computer without the knowledge of the
owner. Malicious files or programmes, such as worms, computer viruses,
Trojan horses and spyware, can steal, encrypt or delete sensitive data, alter or
hijack core computing functions and monitor users' computer activity without
their permission.
• Ransomware is a type of malicious software designed to extort money from
the user. The attacker locks the victim's computer system files or blocks access
to files or the computer system typically through encryption until the ransom is
paid. Paying the ransom is no guarantee that the files will be recovered or the
system will be restored. While this has declined in recent times, it still remains
a serious threat.
A hacker is someone who uses or exploits technology for an unintended use
thereby disrupting operations or causing financial or reputation loss to people.
Hackers often use malwares, viruses or Trojans to attack computer and gain
access to your data.
• Hacking is a broad term used to define gaining entry into a computer without
permission, with the intention to harm, cause loss, steal, or destroy the data
contained in it. Usually hackers are well versed with computer technologies by
using various applications or programmes that penetrate the defence
mechanism employed by the target computer and send back the sensitive
information like usernames, passwords, IP addresses and using them to gain
access into the computer itself. These applications or programmes can be in the
form of Trojans, worms, malware and viruses, which will install in the system
and compromise its security. After all of this the hacker can gain administrative
rights and can do anything with the data contained in the compromised
computer system.
• Distributed Denial of Service or DDoS occur when a server is intentionally
overloaded with requests, with the goal of shutting down the targets website
or net- work system. Users will not be able to access your site or network,
resulting in a partial or complete shutdown of your business operations,
depending on how heavily you rely on the Internet.
• Password attacks: Cracking a password is the simplest way for hackers to gain
access to their target's accounts and databases. There are three main types of
password attacks: brute force attack, which involves guessing at passwords
until the hacker gets in; dictionary attack, which uses a program to try different
combinations of dictionary words; and key logging, which tracks all of a user's
keystrokes including login. IDs and passwords.
• Phishing: Perhaps the most commonly deployed form of cyber theft, phishing
involves collecting sensitive information like login credentials and credit card
information through a legitimate-looking (but ultimately fraudulent) website,
often sent to unsuspecting individuals in an email. As people become more
aware of common phishing techniques - for instance, a notice from a financial
institution with a mismatched or unsecured URL hackers have become more
sophisticated, so it's essential to keep up with the latest tactics to protect
yourself."
• Ransomware: It is a new type of malware that encrypts documents, pictures
and otherfiles, making them unreadable. The attacker then holds the
decryption key for ransom until you agree to pay money, usually through an
untraceable method such as BitCoin or other digital currency.
• Social engineering is a range of malicious activities undertaken by
cybercriminals intended to psychologically manipulate someone into giving out
sensitive information and data.
Preventing and countering threats and risks
Install anti-virus software.
Make sure all of your devices are protected by a rigorous anti-malware and
security solution and ensure that it's updated as regularly as possible.
a) Regularly update software and operating systems. Exploiting email and
web browsing applications is the most common way hackers and malware try
to gain access to devices and your information. Protect yourself before you
start browsing the web by making sure that your operating system, web
browser, security software, browser plugins (like Java or Adobe products) and
other applications are up-to-date.
b) Use privacy settings on mobile phones, apps and browsers. Privacy settings
on social media platforms enable you to select who can access your posts
online. Try to restrict access of your profile to your friends only. Remember
what you post online remains there almost forever, so do not post personal
phone and other details on social media platforms.
C) Learn to create VPN to avoid downloading of data through public Wi-Fi. Use
your mobile phone to create VPN* If you need to access any websites that
store or require the input of any sensitive information consider accessing them
via your mobile phone network, instead of the public Wi-Fi connection. *VPN
or Virtual Private Network helps you connect to the internet in a safer and
more secure way.
d) Verify if the website is legitimate/authentic. Avoid logging into websites
where there's a chance that your identity, pass- words or personal information
may be compromised from public facilities such as social networking sites,
online banking services or any websites that store your credit card information.
e) Download apps from trusted sources like Google play, AppStore
f) Keep webcams private. These devices can sometimes be hacked and used to
take pictures or videos of you without your consent. Put a sticker over your
webcam, laptop camera, or phone camera when they are not in use.
g) USB Storage Device Use
• Always delete the device clearly to clear the content
• Always scan the USB device with latest antivirus before accessing
• Protect your USB device with a password

• Encrypt the files/folders stored on the device

Security
Passwords
Strong, unique but easy to remember, and private passwords are essential for
dealing with unauthorised access to online accounts. The passwords, when
shared with other person(s), can be misused. They may be stolen by
unauthorized users to collect and misuse your personal information. Learn how
to create strong passwords and passphrases. A password must be difficult to
guess. But you should be able to remember it. Writing passwords somewhere is
not advisable. Memorise it. Your password is given to you to maintain your
privacy.

Two-factor authentication
This security process requires the user to provide two different authentication
factors to verify themselves to better protect both the user's credentials and
the
resources the user can access. Log out of your account when you plan to be
inactive even for a short while. Always keep your system locked whenever it is
not in use.
Emails and messages

Personal security
Protect personal information
Do not share your personal information like date of birth, address, and phone
number on social media or other online platforms. Create usernames that
never reveal true identity
Learn to block
Do not accept friend requests from unknown people on social media platforms.
As a rule-of-thumb, only add people online who you know offline. A cyber bully
can even create a fake account to befriend victims.
Seek help
Know where to find help: Understand how to report to service providers and
use blocking and deleting tools. If something happens that upsets you online, it
is never too late to tell someone. Talk to your elders or parents, if your chat
partner suggests to keep your conversation with them a secret. You can also
report these to Childline at 1098.