CPE Laws and Professional Practices: Privacy, Security, and Cybercrime
Lesson Objectives and Introduction
Learning Objectives: At the end of this lesson, students will be able to;
- Understand the importance of privacy.
- Learned things about security.
- Identify Cybercrimes and Sanction for those violations.
Usage Statistics and Context: According to recent statistics, Filipinos spend the most time online, averaging hours and minutes every day.
- For the fourth consecutive year, the Philippines is the most engaged on social media.
- Personal information from the Philippines, including photographs of ordinary activities, is frequently published online.
- The high level of engagement is cited as one of the reasons why cybercrime cases are increasing in the country.
- The lesson focuses on the discussion of Privacy, Security, and Cybercrime.
Understanding Privacy
General Definition of Privacy: The ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.
Subjective Nature: Privacy is a personal, subjective condition. One person cannot decide for another what their sense of privacy should be.
Online Privacy:
- Refers to controlling what information to reveal about themselves over the internet and controlling who can access that information.
- The complex issue of computer privacy covers the way personal information is used, collected, shared, and stored on personal devices and while on the Internet.
Using the Internet Safely: Key Domains
- The transcript identifies six major areas for safe internet usage:
- Online Tracking
- Mobile Apps
- Privacy Policies
- Accessing the Internet
- Passwords
- Wireless Networks and Wi-Fi
Online Tracking Mechanisms and Tools
Web Tracking: Almost every major website you visit tracks your online activity. Tracking technology can follow a user from site to site, track and compile activity, and store this in a database.
Identification logic: Tracking generally utilizes a numerical identifier rather than a user's real name. This information is used to personalize the content seen online.
Online Tracking Tools:
- Cookies: Pieces of information sent by a web server to a user's browser.
- Flash Cookies: A text file sent by a web server to a client when the browser requests content supported by Adobe Flash.
- Fingerprinting: A device fingerprint is a summary of the software and hardware settings collected from a computer or other device.
- Cross-Device Tracking: Occurs when companies try to connect a consumer's activity across their smartphones, tablets, desktop computers, and other connected devices.
Mobile Applications and Data Tracking
App Definition: An app is a program you can download and access directly using your mobile device.
Data Collection Risks: Apps can collect various types of data and transmit it to the app-maker and/or third-party advertisers. This data may then be shared or sold.
Types of Tracked Data:
- Phone and E-Mail Contacts
- Call Logs
- Internet Data
- Calendar Data
- Device Location
- Device Unique IDs
- App Usage Information
Privacy Policies and Internet Access
Privacy Policies: A primary way to protect privacy online is to understand how a site or app will use and share personal information. Websites and apps generally provide this information in their privacy policy.
Accessing the Internet Services:
- Internet Service Provider (ISP)
- Mobile (Cellular) Phone Carrier
- Wi-Fi Hotspot
IP Addresses and Privacy:
- Connecting to the internet provides an IP (Internet Protocol) address.
- Types: IP addresses can be static or dynamic.
- Personally Identifiable Information (PII): The IP address by itself does not provide PII. However, because the ISP knows the IP address, it is a possible weak link in privacy protection.
- Data Retention: ISPs have widely varying policies for how long they store IP addresses. Many ISPs do not disclose these data retention policies.
Password Management and Security
Role of Passwords: Passwords are the first line of defense against the compromise of digital information. High-quality passwords should be used whenever the opportunity exists to protect information.
Password Do's:
- Do use longer passwords
- Do use special characters
- Do change your password frequently
- Do enable two-factor authentication
Password Don'ts:
- Don't recycle a password
- Don't use popular passwords
- Don't share your password with others
- Don't write down your passwords
Wireless Networks and Wi-Fi Security
Advantage: Enables building a computer network without stringing wires.
Security Risk: Usually, these systems come out of the box with security features turned off, making them easy to set up but easy to break into.
Protecting Privacy over Wi-Fi:
- Virtual Private Network (VPN)
- Secure Surfing/Secure Socket Layer (SSL)
- Change Wi-Fi settings
- Disable file sharing
- Firewall
- Security Updates
Cybersecurity Defenses and Threats
Definition of Cybersecurity: The practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It is also known as information technology security or electronic information security.
Defined Cybersecurity Threats:
- Botnets: Networks of multiple computers that can coordinate specific tasks.
- Hacking: Activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.
- Pharming: Redirecting anyone using the URL of a secure, legitimate website to a fake site.
- Phishing: The use of fake emails, websites and text messages with the purpose of stealing personal information.
- Malware: Malicious software that cyber criminals can place on your device.
- Trojan Horses: A malicious file embedded or disguised within authentic software that runs automatically.
- Spyware: Unwanted software that infiltrates your computing device, stealing internet usage data and sensitive information.
- Ransomware: A form of malware which restricts access to the infected device(s) until the perpetrator releases the lock.
Cybercrime and its Impact
Cybercrime Definition: A criminal activity that either targets or uses a computer, a computer network, or a networked device. It is usually committed by cybercriminals or hackers or carried out by random individuals or organizations.
Impact on Individuals:
- Exposure to data breaches.
- Identity theft and problems with devices.
- Suspicious charges on credit cards.
- Ransomware attacks.
- Cyberbullying and harassment.
Impact on Businesses and Governments:
- Sensitive data loss.
- Financial burdens.
- Brand damage.
- Data breaches.
Summary of Online Protections
Online Privacy: The level of protection while connected to the Internet, covering personal/financial data, communications, and preferences.
Online Security: Protecting data or information stored or shared over the internet, including image files, text files, passwords, credit card numbers, or data transferred via email.
Additional Computer Exploits: The transcript lists several exploits including Ransomware, viruses, worms, Trojan horses, logic bombs, blended threats, spam, DDoS attacks, rootkits, advanced persistent threats, phishing, spear phishing, smishing, vishing, cyberespionage, and cyberterrorism.
Organizational Security Strategy: Must include measures planned for, designed, implemented, tested, and maintained at four levels:
- Organization level
- Network level
- Application level
- End-user level