Security Measures / Information Misuse and Preventing Misuse

Learning Objectives

  • to understand that information can be misused and the methods and security methods available to prevent misuse.

Learning Outcomes

Must – be able to explain the difference between overt and covert data.  To be able to discuss how information can be misused.

Should – be able to give methods to prevent information misuse.

Could – to evaluate the impact that information misuse has on individuals and society.

Security Measures

Computers and Websites often need ways to determine whether the person who is using it should be.  This is a method called Authentication.  You will need to know the following methods of authentication for the exam.

User Names and Passwords

User Names and Passwords are the most common and easiest method of security to set up to authenticate users.  Individual users, companies and websites set up user names and passwords for various reasons including:

  • to prevent access to parts of websites or programs that have paid for content or some sort of subscription.
  • to ensure that user details and addresses are kept secure on company websites.
  • to prevent unauthorised access and misuse by strangers and criminals.

Security Questions – Challenge Response Test

Sometimes user names and passwords are guessable, so an extra level of security is built in to distinguish between legitimate users and fakes.  To add the extra level of security, websites and programs add in Security Questions.  These are called Challenge Response Tests.  Security Questions are set up at the beginning of a registration process and they normally ask secret questions about the person’s individual lifestyle.  Common Security Questions include:

  • What town/city were you born?
  • What was the name of your first pet?
  • What was the name of your first school?
  • What is your favourite sports team?

An example above of typical Security Questions from a website.

These questions when setting up ask a user to register a response.  This is held securely within the database.  Some organisations ask as an extra level of security a user to recall either a full answer to the security question OR certain characters from the security question, e.g., 1st, 3rd and 6th letter.

Captcha – Challenge Response Test

Another method of Challenge Response is Captcha.  Captcha is designed to distinguish between human users and Robots or Bots.  Bots are a piece of software that is used on the Internet which mimics human behaviour.  Most Bots are perfectly legitimate for use and can be helpful, but some are set up to “spam” sites, meaning literally hundreds and thousands of hits from non-human activity.  Captcha helps to stop Bots by putting in a level of security which Bots can understand.  Reading.  Captcha normally has some sort of code to retype or a basic mathematical problem.  Because Bots cannot read they cannot fill or solve the Captcha problem, so cannot access or submit the information.  Common examples of Captcha are shown below:

Personal Spaces

Personal Spaces are sites on the Internet which are used by users to have some sort of personal presence.  In terms of the exam, you need to know the following…

Personalised Areas

  1. Personal Websites
  2. Online Photo Albums
  3. Forums
  4. Blogs
  5. Social Networking Sites
  6. VLE/Work Social Media Platform

Control and Privacy

The Internet is a vast array of information.  Think before you post.  Once an image is posted online its virtually impossible to get removed.  In terms of employment, potential employers search online for people they are about to interview for jobs.  An embarrassing post or inappropriate photograph could put an employer off.  Privacy settings on social media are important.   Profiles should be set to private and only add people who you know.  Other documents such as photographs should be set to private or friends only.

Think before you post….

Information Misuse

Information is everywhere online and sometimes is easy to forget out where this information ends up or what it’s for.

Overt Vs Covert

Overt data collection is information that is collected which the user knows where it is going.  Online payments, forms etc which the user fills in to pay bills etc is a common example of overt data.

Covert data is information which is the collection without the user’s permission.  Spyware is used to covertly collected data about a user and pass it onto fraudsters.

Spyware

Spyware is software that is installed on a users computer or device without their permission or knowledge.  Spyware allows fraudsters and criminals the opportunity to access or view a computer users activities without them knowing.  Spyware is hidden within a user’s downloads.  For example, Free MP3 downloads or Music Video downloads are key areas to hide Spyware.  Once these downloads reach a computer they are hidden within the download and they install a separate .exe (executable file) within the programs on the computer/device.  Unless the user has Anti Spyware Software or is aware that the Spyware has been installed, the Spyware runs in the background without any interference.  The Spyware software records what the user is doing, for example, web sites visited, user names and passwords for example.  Key Logging software records keystrokes on keyboards for passwords.  Criminals then access this data to commit online fraud.

Identity Theft

Identify Theft can occur when personal details are stolen online.  This can be done by Overt and Covert means.  Most people wrongly think Identity Theft happens just through Hacking and Spyware, this is not the case.  A Facebook account which is set to public with access to personal information such as Name, Address, Date of Birth and any other distinguishing data is just as useful to a criminal without the need to hack or install illegal software.

When Identity Theft occurs, most people do not find out about it until it is too late.  Identity Theft can affect future Credit Scores and access to Loans and Credit in the future.

Preventing Misuse

Stopping information misuse is easy if you follow the key rules below.

Cookie Control – if you are concerned about the levels of information collected about you when you visit a website you can change your settings so that the Cookie Control levels are adjusted.

Preventing Phishing – don’t open up emails or respond to them if they don’t look genuine.  Follow the key rules regarding spotting Phishing Emails.  Delete them or report them.

Preventing Spyware – install and run Anti Spyware software.  Be careful of downloading MP3s/Videos etc from so called “Free” sources as these often contain nasties.

Task

This is quite a large and important topic in the exam.  Using your class notes that you have taken, if not do so now, answer the following exam style question.

High Street Banks are closing branches in small towns and villages.  This has been put down to the popularity of online banking.  Discuss the security concerns of the growth of online banking compared to traditional High Street bank use.  (6 marks)