CPE Laws and Professional Practices: Privacy, Security, and Cybercrime

Lesson Objectives and Introduction

  • Learning Objectives: At the end of this lesson, students will be able to;

    • Understand the importance of privacy.
    • Learned things about security.
    • Identify Cybercrimes and Sanction for those violations.
  • Usage Statistics and Context: According to recent statistics, Filipinos spend the most time online, averaging 1010 hours and 22 minutes every day.

    • For the fourth consecutive year, the Philippines is the most engaged on social media.
    • Personal information from the Philippines, including photographs of ordinary activities, is frequently published online.
    • The high level of engagement is cited as one of the reasons why cybercrime cases are increasing in the country.
    • The lesson focuses on the discussion of Privacy, Security, and Cybercrime.

Understanding Privacy

  • General Definition of Privacy: The ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.

  • Subjective Nature: Privacy is a personal, subjective condition. One person cannot decide for another what their sense of privacy should be.

  • Online Privacy:

    • Refers to controlling what information to reveal about themselves over the internet and controlling who can access that information.
    • The complex issue of computer privacy covers the way personal information is used, collected, shared, and stored on personal devices and while on the Internet.

Using the Internet Safely: Key Domains

  • The transcript identifies six major areas for safe internet usage:
    1. Online Tracking
    2. Mobile Apps
    3. Privacy Policies
    4. Accessing the Internet
    5. Passwords
    6. Wireless Networks and Wi-Fi

Online Tracking Mechanisms and Tools

  • Web Tracking: Almost every major website you visit tracks your online activity. Tracking technology can follow a user from site to site, track and compile activity, and store this in a database.

  • Identification logic: Tracking generally utilizes a numerical identifier rather than a user's real name. This information is used to personalize the content seen online.

  • Online Tracking Tools:

    • Cookies: Pieces of information sent by a web server to a user's browser.
    • Flash Cookies: A text file sent by a web server to a client when the browser requests content supported by Adobe Flash.
    • Fingerprinting: A device fingerprint is a summary of the software and hardware settings collected from a computer or other device.
    • Cross-Device Tracking: Occurs when companies try to connect a consumer's activity across their smartphones, tablets, desktop computers, and other connected devices.

Mobile Applications and Data Tracking

  • App Definition: An app is a program you can download and access directly using your mobile device.

  • Data Collection Risks: Apps can collect various types of data and transmit it to the app-maker and/or third-party advertisers. This data may then be shared or sold.

  • Types of Tracked Data:

    • Phone and E-Mail Contacts
    • Call Logs
    • Internet Data
    • Calendar Data
    • Device Location
    • Device Unique IDs
    • App Usage Information

Privacy Policies and Internet Access

  • Privacy Policies: A primary way to protect privacy online is to understand how a site or app will use and share personal information. Websites and apps generally provide this information in their privacy policy.

  • Accessing the Internet Services:

    • Internet Service Provider (ISP)
    • Mobile (Cellular) Phone Carrier
    • Wi-Fi Hotspot
  • IP Addresses and Privacy:

    • Connecting to the internet provides an IP (Internet Protocol) address.
    • Types: IP addresses can be static or dynamic.
    • Personally Identifiable Information (PII): The IP address by itself does not provide PII. However, because the ISP knows the IP address, it is a possible weak link in privacy protection.
    • Data Retention: ISPs have widely varying policies for how long they store IP addresses. Many ISPs do not disclose these data retention policies.

Password Management and Security

  • Role of Passwords: Passwords are the first line of defense against the compromise of digital information. High-quality passwords should be used whenever the opportunity exists to protect information.

  • Password Do's:

    • Do use longer passwords
    • Do use special characters
    • Do change your password frequently
    • Do enable two-factor authentication
  • Password Don'ts:

    • Don't recycle a password
    • Don't use popular passwords
    • Don't share your password with others
    • Don't write down your passwords

Wireless Networks and Wi-Fi Security

  • Advantage: Enables building a computer network without stringing wires.

  • Security Risk: Usually, these systems come out of the box with security features turned off, making them easy to set up but easy to break into.

  • Protecting Privacy over Wi-Fi:

    • Virtual Private Network (VPN)
    • Secure Surfing/Secure Socket Layer (SSL)
    • Change Wi-Fi settings
    • Disable file sharing
    • Firewall
    • Security Updates

Cybersecurity Defenses and Threats

  • Definition of Cybersecurity: The practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It is also known as information technology security or electronic information security.

  • Defined Cybersecurity Threats:

    • Botnets: Networks of multiple computers that can coordinate specific tasks.
    • Hacking: Activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.
    • Pharming: Redirecting anyone using the URL of a secure, legitimate website to a fake site.
    • Phishing: The use of fake emails, websites and text messages with the purpose of stealing personal information.
    • Malware: Malicious software that cyber criminals can place on your device.
    • Trojan Horses: A malicious file embedded or disguised within authentic software that runs automatically.
    • Spyware: Unwanted software that infiltrates your computing device, stealing internet usage data and sensitive information.
    • Ransomware: A form of malware which restricts access to the infected device(s) until the perpetrator releases the lock.

Cybercrime and its Impact

  • Cybercrime Definition: A criminal activity that either targets or uses a computer, a computer network, or a networked device. It is usually committed by cybercriminals or hackers or carried out by random individuals or organizations.

  • Impact on Individuals:

    • Exposure to data breaches.
    • Identity theft and problems with devices.
    • Suspicious charges on credit cards.
    • Ransomware attacks.
    • Cyberbullying and harassment.
  • Impact on Businesses and Governments:

    • Sensitive data loss.
    • Financial burdens.
    • Brand damage.
    • Data breaches.

Summary of Online Protections

  • Online Privacy: The level of protection while connected to the Internet, covering personal/financial data, communications, and preferences.

  • Online Security: Protecting data or information stored or shared over the internet, including image files, text files, passwords, credit card numbers, or data transferred via email.

  • Additional Computer Exploits: The transcript lists several exploits including Ransomware, viruses, worms, Trojan horses, logic bombs, blended threats, spam, DDoS attacks, rootkits, advanced persistent threats, phishing, spear phishing, smishing, vishing, cyberespionage, and cyberterrorism.

  • Organizational Security Strategy: Must include measures planned for, designed, implemented, tested, and maintained at four levels:

    1. Organization level
    2. Network level
    3. Application level
    4. End-user level