Security Risks to Data

Learning Objectives

  • to understand the security risks to data and the ways to overcome them.

Learning Outcomes

Must – recognise all the security threats to data.

Should – advise ways to avoid becoming a victim of data loss.

Could – create a strategy to avoid total data loss.

Security Risks to Data

Hacking

Hacking is any unauthorised access to data on a computer or network without permission.  Hacking is a criminal offence under the Computer Misuse Act.  Most people that hack into a computer network do so out of the sheer pleasure of doing it, they do this without any malice.  It is still a criminal offence, however.  Criminals that attempt to access data from computers or networks generally do so to commit fraud, such as credit card cloning or identity theft.

Any computer connected to a network is vulnerable to hacking.  Hacking occurs when password security is poor so passwords can be easily guessed.  A way to prevent hacking is the use of a firewall and a comprehensive password policy, which prevents weak passwords being stored and requires strong alphanumeric passwords.

Phishing

With the growth of the Internet and Online shopping and banking, criminals have moved away from traditional crimes such as pickpocketing and burglary, to crimes that involved stealing personal data and passwords from users online.  Phishing works by sending fake fraudulent emails to users from common organisations such as Banks and Online e-Commerce sites.  These emails look authentic at first sight and usually contain some sort of urgent message for the user to update or change their login details.  Phishing prays on users insecurities.  The user then puts in their login details, which are then sent to a fake holding site which the criminals can access.  Once the fraudsters have the login details they then go to the proper financial institute and log in with these details that they have collected.  The fraudsters then remove a small amount to another account.  They usually do small amounts over a period of time, this removes suspicions as small amounts are less likely to be recognised.

Click on this link on how to spot the common signs of a Phishing email

Use this link to identify key parts of the Phishing Email

Theft

Data is a valuable commodity.  In the wrong hands, data can be worth a lot of money.  With this in mind, data is a target of thieves and criminals.  Any device containing data becomes vulnerable so thieves are on the lookout to steal.  Removable storage devices should be locked away and password protected as should all laptops and desktops.

Viruses

With the popularity of email, Viruses are all too common.  Viruses spread easily through email as they are hidden within attachments.  Unsuspecting users open email attachments without any real thought about the content that can be in them.  Once a virus infects a computer it will spread real quickly targeting a users email address book.

In order to avoid viruses, Anti Virus software should be installed and kept up to date.  This software acts as a barrier to prevent viruses infecting a computer system.

Use this link to see the other measures of avoiding viruses.

Ransomware

Ransomware is a relatively new threat to data.  Ransomware works by users clicking on attachments on emails that are usually disguised in another form.  The Ransomware software installs a .exe file onto the user’s computer which when installed, blocks the users access to the device.  The software then demands some sort of payment to unlock the software, with threats given to the user that the device will be wiped and data destroyed.

Watch this video which explains the key dangers from Ransomware.

Security Measures to Prevent Data Loss

Firewalls

A firewall is a network security device which prevents unauthorised to a network.

Encryption

Encryption is a data security method which involves putting data into a cypher (code) which can only be read by the person who has the cypher to decode the data.  A hacker who tries to intercept the data will find it unreadable without knowing the original cypher code pattern to decode it.    Alan Turing was a famous mathematician and code breaker who helped to crack the Nazi’s enigma code during the Second World War.

Authentication

Authentication is a computer security method of checking that a person accessing a computer or network is the person who they say they are.  There are 2 main methods of authentication:

  1. User Name and Password
  2. Biometrics

Use this link to see how Authentication is used with examples.  Thanks to the ictlounge.com

Digital Certificates

A link to the BBC Bitesize on Digital Certificates

Physical Controls

Physical Controls are methods of security that individuals and organisations can use to prevent unauthorised access to data.  Physical Controls include forms of locks on doors and locks on cabinets to keep devices safe and secure.  CCTV and Locking devices to secure rooms and buildings are also key physical controls.  These can include bio metric locks to prevent unauthorised access to rooms.

Task 

You have been asked to write a short article to appear in an upcoming issue of the Woman’s Weekly magazine on data security threats to computer users.

Choose 2 areas from the list above and write at least a 150-word article on the security concerns highlighted and some practical advice to avoid becoming a victim.

Homework

To ensure that you have completed all the activities from the previous 13 lessons.  If you have done this work through your notes for revision purposes.