operating online

Chapter 6: Risks to Data and Personal Information

Overview

  • Discusses various risks threatening data and personal information.

  • Explores methods for securing data and online payment systems.

Risks to Data & Personal Information

Types of Risks

  1. Unauthorized Access

    • Occurs when unauthorized users gain access to protected networks.

    • Methods include direct access and programs that attempt multiple logins due to poor security.

  2. Deliberate Damage by Malware

    • Malware, or malicious software, is designed to harm data or systems.

    • Can lead to data destruction or misuse by malicious users.

  3. Accidental Deletion

    • Data can be accidentally deleted by users.

    • Common causes include pressing wrong keys, formatting the wrong device, or unexpected power loss.

  4. Theft of Personal Data

    • Malicious methods are used to access personal information for fraudulent purposes.

    • Common methods include phishing, pharming, spyware, and smishing.

Detailed Risks

Unauthorized Access

  • Unauthorized users gain network access without permission.

  • They exploit poor security protocols through various tactics, including brute force attacks.

Deliberate Damage by Malware

  • Malware includes viruses, worms, and Trojans, crafted to disrupt or damage systems.

  • Users may be infected unknowingly through downloads or email attachments.

Accidental Deletion

  • Accidental data loss can occur due to user error.

  • Situations leading to loss:

    • Key presses on keyboards without intention.

    • Formatting the wrong drive.

    • Sudden power outages or system crashes.

Theft of Personal Data

  • Methods employed by criminals include:

    • Phishing: Emails that mimic legitimate sources to extract personal details.

    • Pharming: Redirecting users from legitimate sites to fake ones to steal credentials.

    • Spyware: Tracking users' activities and capturing sensitive data without consent.

    • Smishing: SMS-based phishing attacks.

Methods of Securing Data & Information Online

Techniques for Security

  • Firewalls: Hardware or software that blocks unauthorized access while allowing outgoing traffic.

  • Encryption: Encodes data to prevent unauthorized access. Two types include:

    • Symmetric Key Encryption

    • Public Key Encryption

  • Passwords, PINs, and Biometrics: Essential for authentication. Strong passwords combine letters, numbers, and symbols.

  • CAPTCHA: Differentiates human users from bots by presenting challenges.

  • Anti-Malware: Protects against malicious software by scanning and removing threats.

  • Access Rights: Define what each user can do (read/write permissions) within a system.

  • Secure Websites (HTTPS): Ensures encrypted communication between users and servers, indicated by a green padlock in the browser.

Specific Security Methods

Firewalls

  • All data transfers (incoming/outgoing) are monitored by the firewall to block malicious traffic.

Encryption

  • WEP: Wireless protocol, less secure.

  • WPA/WPA2: Modern security protocols providing stronger encryption and dynamic keys for each session.

Passwords, PINs, and Biometrics

  • Best practices for passwords include length, randomness, and regular updates.

CAPTCHA & reCAPTCHA

  • Use visual or textual challenges to confirm user authenticity.

  • reCAPTCHA contributes to digitization projects and enhances data services.

Anti-Malware Programs

  • Include anti-virus, anti-adware, and anti-spyware capabilities to protect against threats.