Security & EConsumer Awareness
Security & E? consumer Awareness When you buy a product from an online store you expect the company to keep your data safe from loss and damage. For the company to do this they need to look in to threats to the data and how to stop this, a company needs to know the laws of data protection and different ways to prevent this like firewalls and antivirus software and encrypting the customers data to stop people reading it, this report will tell you about the types of threats ways to stop these and the laws of data protection.
All companies should do a risk assessment; they should do this to make sure that the data on the computer is safe.
A risk assessment finds risks and then rates them and then says how they will be fixed. Threats to your data through an Organisations website Data intercepted by copycat website or phishing Data intercepted by use of copycat web site. The way they do this is to send you an e? ail for example saying you have to check something on your bank and at the bottom of the email there will be a link that looks like your banks website but in fact it sends you to a different website that looks the same and then you enter your detail to your bank then the owiners of the copycat website will be able to take your identity and your money. Here is an example of how they do this underneath. As you can see the address in the email will be spelt wrong or have something extra like this one has an ip address in the front this is a big give away because professional bank website would just have the bank name, this kind of e? ail is usually blocked by your spam wall in your e? mail address but if you do get an e? mail from the bank type the URL in the search bar or search engine The one on the right is the correct one because as you can see there is no number in front and it just says the banks name, also you can see there is https which stands for hypertext transfer protocol secured this is only on the official bank website to try to stop hackers. Usually the banks logo will be next to the URL address as you can see from the example above this is another way to check if the banks website looks legit.
Companies can help people not fall for these traps by providing bank protection software to the entire user; many banks do this now and run this with your normal protection like Norton but the best way to prevent these scams is to teach people how to avoid the traps this has the highest effectiveness against this scam but the computer also has to have anti? virus software that also looks for these scams and this will give you the highest effectiveness against you falling for this trap.
The effectiveness of these preventions is very high but this depends on the versions of the software that you have and if the software reads it as a threat or the real thing but the way that has the best effectiveness would be to teach employees and customers about the threats and show them examples of how they would really send them for example they would send “Dear” then your name rather than “Dear Customer” because then that would show they know you and not just trying to guest who you have accounts with, this would be the best way to prevent these scams and I feel would have the highest effectiveness against this scam.
Key loggers Key loggers are used to intercept your data which you type into your keyboard hacker usually use this to get passwords to bank amount and any other thing that requires a password. A key logger remembers everything you type and everything you delete, for your computer to get a key logger on it you have to download it because it software but key logger are usually hidden or disguised as another piece of software so you download it be accident, a key logger runs in the background of your computer so you don’t even know that its running.
The way to block key loggers is to make sure your fire wall on and after you download any software use should scan it using your virus protection software. This can happen by employees using the company’s internet to download things that they are not meant for. The way a hardware key logger works the device is put in between your keyboard and computer tower then on the same computer open up note pad and each key logger comes with a three digit code that you have to hold down at the same time to bring up what has been key logged on that computer.
To prevent key logging these companies can installer anti spyware, but now programs like Norton and MacAfee have this type of protection built in as well, this will only work if the program is kept up to date this is because there are new virus and bugs being made all the time. The effectiveness of these types of protection is very high as long as the anti? irus software is running at its highest version by being kept up to date, but it is not 100% because some key loggers may not be detected because there not in the protection software’s virus database or they might not be detected because there inside another program that’s not detected as a virus.
To protect against hardware key logger in a office there are many ways like adding CCTV and keypad locks to doors but these might all catch who doing it and not stop it right away so by the time the cameras are checked the information may be already stolen which could have bad effect on the company and its reputation but if you used both of the measure to try to prevent key logging you have the best chance to prevent in with a very high effectiveness of achieving protection against key logging. Data copied by employee
Your data can could become copied by employees and of loss or copied by human error problem with this is that human error is very hard to spot because most of the time the files are moved, copied, loss or deleted but accident so the employee could be given personal data away unaware that they are doing it, if corporate files are lost or stolen they can be valuable to the company or loss the company a lot of money. Dishonest employees will copy the files a flash drive like a USB or external hard drive if it a lot of information with the information they copy they will sell to other companies for large sums of money, they could
As you can after you open it in notepad it gives you options to see what has been reordered along with other options. This type of key logger costs around ? 30 pound which is cheap is you were taking people banks details or selling information to other company. use the information to create a fake identity for them or they could use them to empty your bank account which could give you big debt and a bad credit record, which mearns you could be refused loans, credit cards and a mortgage for your house.
The way that this can be prevented is to disable USB slots on all computers and give the employee work e? mails that can be monitored. The effectiveness of these preventions is good but not 100% because depending on the job the employee will still have access to the internet which mearns they might not use the company email and use their own which mearns some of the fixes wouldn’t work and to data could still be stolen.
Another way that would make there protection against data being stolen very effective is to add levels of access to information meaning only employees with the right access level can get certain information from the servers which would allow pretty high effectiveness against information being stolen because it makes the group smaller that has access to it meaning if it was stolen it would be easy to find who did it meaning that the risk of getting caught is higher so this adds the scare factor to stealing the companies personal information or bank detail because the risk of getting caught is very high which mearns the effective of this method is very high. Data sold by employee
If the employee sells the data they can make a lot of money by selling to gangs to make fake identities or to other companies so they can try to sell you products through the mail or over the phone, if your information is sold people could run big debt up in your name or even take the money that you have been saving up in your bank. The way the company can prevent people from selling their data is to have CCTV watching the offices and disable the USB ports on the computer this will prevent people from plugging in portable memory in the pc and copying the data across, also the company should use internal monitoring on all the pc in the offices and a check after work hours should be carry out to see if people have copied any information across or sent it using the internet.
Also the company could make employees sign an agreement that will show the employee what would happen if they were to steal the data and this might prevent it because they may feel that the chance of getting caught is higher. The effectiveness of having CCTV around the office is very high the reason for this is because if they feel that they are being monitored the chance of them getting caught becomes a lot higher meaning the risk for reward may not be worth it but the best way to prevent this would be to disable the USB drive and monitor the computers using internal monitoring software this would have the highest effectiveness against people stealing data because if they steal the data they are going to get caught because of the monitoring software meaning again the reward isn’t worth the risk. Data sold by company
The company is allowed to sell data to other third party companies for a lot of money the reason they do this is so the other company can also they to sell you products over the phone or by post, this is only allowed if the person doesn’t tick the do allowed third person parties to see my information, if this box is not ticked the company is allowed to sell it on to all of it third person companies but some companies sell it without the person permission if this happen and the company id found out it will be closed down because of the laws it has broken. An example of this is when a phone company sold information on about when contacts run out so other companies could phone up and try to sell phones and contacts, the article is show below. Companies should train employees so that they don’t make mistakes and also make them aware of the Data Protection Act.
The way the company could prevent this is to make sure they are up to date with the Data Protection Act and if they are planning to sold this information to third person parties they need to make sure they have permission from the customers because if this information is sold without them knowing or agreeing they will use trust in the company meaning they could loss customers. This would be one of the only ways of preventing this because if the company wants to sell the information they will because it’s up to the board of directors and they can’t really be restricted by anything in the company because they could bypass most blocks that would stop employees because they have control of the monitoring and have the highest access level.
The effectiveness of this prevention is very low because in the end they company has the final say on were the data goes and who can have access to it, the reason for this is because they can do what they want with the data, so no matter what protection the company has to prevent employees they could go ahead and sell information for more profit. Data stolen by hackers Your personal information could be intercepted by hacker when you are signing on to a website or where your information in store on a company server and hacker have broke the firewall and decryped to code then the hacker could sell your data or use it for there own personal things like buying cars and house or even running up un? payable debt.
An example of hacker steals company data is when a hacker claimed to have broke into a t? moblie server and got information about address and corporate information, the article is shown below. The article states that the hacker has got people personal information and is now going to sell the information to the highest bidder, to stop these companies should be running regular checks to see if any information has been copied by hackers. There are many ways the company could stop hackers from taking and gaining access to their information, the first way would be to make sure the company has an up to date firewall that will prevent hackers from gaining access to the network, along with this though they should also have anti? irus and spyware software install this would make sure if an unwanted visitor was on the server the information would be secured and the visitor signal would be blocked. The next prevention would be for the company to encrypt there data so that if hacker intercept the data when its being transmitted they will not be able gain anything from it because it will encrypted with an 120 bit encryption or higher meaning they would not be able to break it or would take a long time. Also the company could make sure that the data is transmitted across the faster route to get to its destination meaning there are less places for the hackers to intercept and gain access to the information.
The effectiveness of a firewall in a company is very high because this will stop unwanted people being able to snoop on the server or network but his will not stop the hackers 100% because firewalls are not unbreakable by some high level hackers but if you were to have firewalls and then have anti? virus and spyware software installed this would make the effective a lot higher because they would have to break and bypass a lot more system and have a higher risk of getting caught before they find what they what meaning this has a high effectiveness against the hackers. The effectiveness of stopping hackers intercepting data by encryption and making the chain of transfer shorter is very effective because encryptions are hard to break of take a long time even for the best hackers.
So if you have all these preventions it will have a very high effectiveness against the company’s information being stolen. In correct or out of date data stored by a company If you send the company wrong information such as phone number, address, postcode etc. This can be bad because if the company think you are sending wrong information be you’re not the owner of the account they will contact the bank and the bank will lock the account until the owner comes into the branch. Also if wrong information is stored on the server they could be sending your private information to the wrong address like bank statements or private letters so it’s always important to keep your information up to date so your information doesn’t end up in the wrong hands.
Also companies should update records to comply with Data Protection Laws, this makes sure that all data it kept safe and only people with the correct access level gain access to the information also this prevents the company from transferring details to other people without your permission. There are many ways to prevent in correct or out of date data being stored by the company the main way to update and back up information weekly and send it to a different off site server, this will make sure the information is kept up to date and stored correctly meaning wrong information in used. Another way would be to make sure that the wrong records aren’t edited is by only allowing them to edit new record and if they want to access a existing record they have to bring it up and the server will only allow certain edits to the data this would prevent the wrong data from being stored on the server.
Also only certain people should have access to stored data this will prevent people from opening it to view it and then changing something so the data is stored wrong because this could be bad for the company because private information could be sent to the wrong people which could mean the company break the Data Protection Act and could be held responsible. The effectiveness of the preventions is very high also as this backing update and updating is done weekly and is stored different location to the main information the reason for this is because if it stored in the same placed if the data is changed or corrupted it could also happen to the backup copy of the information. If it wasn’t stored of site backing up the information would be pointless.
Also making sure the information can only be changed and access by certain people has a high effectiveness because there less people that can change it by human error meaning the information will be stored correct. Loss due to error or Hardware failure A company could loss data by hardware failure, if a company loss data by hardware failure it can cost them time and money so the company should always have their data saved in two different server in different building, basically they should do a backup every night so if there is a hardware failure they can go back to yesterday’s work and personal, so yes they do loss some stuff but not everything.
Sometimes big companies get virus which is set to destroy valuable data or corrupt valuable data big companies should run regular checks to check their firewall has not be attack and broke by a virus because when they do the backup to their second server the virus could get sent there and the all the information could get deleted or corrupted which would loss the company money and customers. Data loss comes from the state data spill, Data loss can also be related to data spill incidents, in the case personal information and cooperate information get leaked to another party of people or deleted. Also backup policies should be in place and backup should be checked occasionally to see if they work or not and if they are effective as they might not work.
A way to prevent loss due to hardware failure is to make sure your technology is up to date, a way to do this would be to upgrade the hardware regularly this will give it less chance of failing because it will not just break down due to age or become ineffective. The effectiveness of upgrading hardware is low the reason for this is because the hardware is very unlikely to fail if it well looked after and kept at a low temperature this will ensure that you will not lose data due to hardware failure. The effectiveness of backing up data on an offsite location is very effective because it will stop data from getting corrupted but needs to be regularly re? acked up so it’s kept unto date, the reason this works so well is because if the original data on the main server is loss and corrupted the backup version of the data will be unaffected because it has not connection to the original server where to main data is stored the reason for this is there only an active connection when the data is being backed up to the offsite server and this minimise the risk of the backup data being corrupted. Along with this you need to make sure the server is secure has antivirus software installed the effectiveness of this is high but this kind of software can always be bypassed but will allow good security against low level hackers who are trying to destroy data, if this security is used and the data is backed up weekly it will have high effectiveness and will minimise the risks of data loss due to human error or hardware failure. Natural disasters
An over looked type of data loss is via nature disasters such as floods, fires, hurricanes or earthquakes if one of these hit the building were you were storing all your data there data would be loss without any chance of recovery because the server would be destroyed, so companies should back there data up to different building away from the first server so if that server get broke by a natural disaster. Also your server should be stored off the ground floor because then there is less chance of the flood reaching your servers and the last thing is all server rooms should be fitted with co2 sprinkler not water because water will damage the server do this and your data is more secure from fires. The effectiveness of backing up data on an offsite location to prevent loss due to natural disaster is very effective because it will stop data from getting corrupted but needs to be regularly re? acked up so it’s kept unto date, the reason this works so well is because if the original data on the main server is loss and corrupted the backup version of the data will be unaffected because it has no connection to the original server where to main data is stored the reason for this is there only an active connection when the data is being backed up to the offsite server and this minimise the risk of the backup data being corrupted, but this will only be effective if the offsite location is in different area to the main server so if a natural disaster hits only the main server is destroy or damaged. The effectiveness of putting the server of the ground floor to prevent flood damage is high because to will stop the floor reaching the servers and damaging them but this would only work if the foundations of the build were sthrong because if the floor was sthrong and the building was weak the building may fall meaning the prevention was pointless.
The effectiveness of having fire prevention is high but there is still a risk of loss of data the reason for this is that if the fire starts in the server the co2 sprinkles will go off but some of the data will be loss before the fire is put out, but if all these preventions are used together it will give you high effectiveness against natural disaster damage and loss. When you’re searching a website for a product and buying products from a websites you need to know that your details are secure and that no one can take your identity or use your money on other products you don’t want, there are ways to check the website is secure so that people can’t get your details, the three main ways are looking for the HTTPS, the padlock and the security certificates the three ways are shown below. Padlock HTTPS Security Certificate SET which stands for Secure electronic transactions is standard protocol for using your credit or bank cards over an insecure networks like the internet ecure electronic transactions is not a payment system but some protocols and formats the let the user to employ the existing credit card payments on an open network, it gained to gain traction. VISA now premotes the 3? D secure scheme. Websites and computers now use firewalls to stop hacker, Trojans and spyware these firewalls come on the website and computers but you can buy better firewalls like Norton firewalls stop identity thief and lots of other things that take data from u and could take your money these firewalls are a big advancement on security but people are still find ways to get passed them that’s why you have to buy the new version of Norton every year and update daily to ensure new viruses can be caught.
Also websites and companies use user names and passwords this is to stop people getting to the system and taking data and using it to steal peoples things, also big companies use access levels for example MI5 use access level to stop new employees seeing top secret data and to make sure people only see what’s in their pay grades also employees should have passwords but they should have to change them regularly to avoid revelation. Antivirus software is available to buy from shop or online, antivirus software protects you from identity thief, stolen details and etc. There are many antivirus software’s some of the main ones are Norton and MacAfee these cost about ? 5 per year this is because it protects you from many different dangers that could make you loss item or stolen your thing like work and all of the firewall’s and virus protections offered by Norton is shown below. When data is being sent from a computer to a server that contain personal and credit card data information the data in encrypted to stop people intercepting the data and reading it the encryption changes a password for example from jamesjamesjames it would change it to something like rygf84943gv43g3t83vg347vt539v, so if someone took that data they would be unable to use it. For example Game. co. uk tell you that they encrypt there data with a 128 bit encryption so this mearns its petty much unbreakable. When a company is working with data like personal and bank information all of he employees have to agree and sign the data protection act this mearns that they agree to keep any information there given a secret, for example they can’t download data and give it to another company or another person because then they would be breaking the data protection act they have signed and could get fined or go to jail to up to 10 years. Also there are laws that also stop an employee or a company giving data away to other companies or people but big companies find ways to get around this because they are legally allowed to give your data to third person party of their company unless you say otherwise. Business that keep personal and bank information on site should have physical security like cameras and guards and even guard dogs if the information is they import, they need this because it’s no good having amazing fire walls well someone could walk and a pick the server up and walk out.
The DPA which stands for Data Protection Act 1998 is a UK act of parliament which is a UK law on the processing of data on identifiable of living people. It’s the main piece of info that governs use to enforce protection of personal data in the UK. The DPA does not mention privacy it was made to bring the law into line with the European Directive of 1995 which requires members to start to protect people fundamental rights and freedoms. This law is very effective and people get caught and feel the law hit them every day around the world. There are 8 data protection principles that relate to the data protection act 1998 they are as followed: 1.
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless – (a) At least one of the conditions in Schedule 2 is met, and (b) In the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organizational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The most important of these is 7,
The CMA which stands for computer misuse act 1990 in an act of parliament this was introduced partly in response to the decision and R v Gold & Schifreen 1998, the act has nonetheless become a model for which many other counties have drawn to when making their own visions of the CMA. The Consumer Protection Regulation mearns if you sell goods or services to consumers buy the internet, TV, mail, phone, or fax you need to stick to consumer protection regulations the key parts of these regulations mearns that you must give consumers clear information including details of the goods or services offered delivery arrangements and payment and you must also provide this information in writing and the consumer has a cooling? off period of seven working days.