CHAPTER 8 Computer security involves protecting computer systems from harm, theft, and unauthorized use. As computer usage increases, health and security risks increase, particularly with the internet. Physical safety concerns involve potential injuries or loss of life. Health safety focuses on preventing illness or daily contact with computers, while physical safety focuses on preventing serious injuries or loss. Safety Risk Electrocution Fire hazard Cause of Safety Risk Spilling liquids / drinks on electric equipment. Exposed wires / damaged insulation. Unsafe electrical equipment. Unsafe electrics (wall sockets) in the office. Overloaded wall sockets (several items plugged into one wall socket). Overheating of computer equipment (due to poor heat dissipation). Exposed wires causing a short circuit. Tripping hazard Trailing wires on the floor. Damaged carpets and other flooring. Personal injury Heavy equipment, unstable, or falling from desks. Desks collapsing under weight / desks not designed to take the weight. Prevention Measures Do not allow drinks to be taken into the computer room. Check all wires on regular basis and renew wires if there is any sign of damaged insulation. Ensure all equipment is checked by a qualified electrician on a regular basis. Make use of an RCB (Residual Current Breaker) to prevent electrocution. Increase the number of wall sockets and do not use too many extension blocks. Do not cover the cooling vents on computer equipment. Clean out dust accumulation in computers to prevent overheating. Make sure all equipment is fully tested on a regular basis. Ensure there is good room ventilation. Use low-voltage equipment wherever possible. Have a number of fully tested carbon dioxide / dry powder fire extinguishers. Use cable ducts to make the wires safe. Cover exposed wires and hide wires under desks away from general throughfare. Use wireless connectivity wherever possible, therefore eliminating the need for trailing cables. Use desks strong enough to take the weight of the computer equipment. Use large desks and cables so that hardware is not too close to the edge where it could fall of. Computer systems are crucial for protecting data and information from harm, theft, and unauthorized use. As computer usage increases, so do the risks associated with data storage. Legislation is in place to prevent incorrect or inaccurate data storage, including Data Protection Acts (DPAs) for both computerized and paper records. These acts protect the rights of individuals involved in data collection, use, disclosure, destruction, and holding. Failure to comply can result in fines or imprisonment in many countries. To prevent data theft, avoid leaving personal information on desks, locking cabinets at the end of the day, and not leaving data on unattended computer monitors. Log off from the computer when away from your desk for extended periods. Use secure passwords and user IDs, keeping them difficult to guess and change frequently. Ensure sensitive emails or faxes are not sent. Data protection involves fair and lawful processing for the started purpose, ensuring adequate, relevant, accurate, and not excessive data. Data should not be kept longer than necessary, and processed in accordance with the data subject's rights. Data must be kept secure and not transferred to another country without adequate protection. Personal data includes information about a living person, such as name, address, ID card number, IP address, and cookie ID. This data can be identified through the individual's information or in combination with other data. Personal data, including sensitive information like ethnicity, political views, membership in a political party, religion, and sexual orientation, is crucial for maintaining confidentiality and preventing inappropriate disclosure. Encrypting data can help protect it from hackers and accidental disclosure, ensuring that sensitive information remains secure and protected from misuse. Therefore, it is essential to take necessary precautions to protect personal and sensitive data. E-safety is the balance between the benefits, risks, and responsibilities of using ICT, including the internet. It involves user behavior and electronic security, particularly when using the internet. To minimize potential danger, ensure trusted websites, purchase items from secure, encrypted connections, set device settings to ‘safe search', use recommended websites from trusted sources, and keep anti-malware software running in the background. It's also important to log out of sites when finished using them. This approach ensures the safe and responsible use of technology, while also promoting user behavior and electronic security. EMAILS Emails can be dangerous if they come from unknown sources. To avoid these risks, only open emails from known sources, use an effective email filter, reply only to known senders, verify email addresses with the real company's website, avoid personal data, and send photos of yourself. Be cautious of phishing and pharming scams, use strong passwords, and be cautious when forwarding emails. Avoid clicking on hyperlinks, using unsubscribe links, and using Cc or To boxes when sending multiple emails. ONLINE GAMING Online gaming, a popular form of entertainment, often attracts games players who may not be aware of the potential risks associated with such activities. These risks include predators, cyberbullying, webcam use, and voice-masking technology. Additionally, online gaming can lead to cyber attacks on users' devices and even actual violence in the game itself, which can potentially escalate into violent behavior in real life. SOCIAL MEDIA When using social media, it is crucial to be cautious and know how to block undesirable people. Avoid sharing personal information, including email addresses or house addresses, with unknown individuals, and use privacy settings to ensure only trusted individuals can see your photos. Avoid posting photos in school uniforms, maintain privacy settings, and only make friends with known or well-known individuals. Be vigilant when using social networking sites, instant messaging, or chat rooms, reporting suspicious behavior and using appropriate language. Always use a nickname instead of your real name in chat rooms. Keep private and personal data secret, and only enter public spaces for private chat rooms. Never arrange to meet someone on your own, always tell an adult first and meet in a public place. Avoid misuse of images, including forwarding on others' images, and respect people's confidentiality. In summary, it is essential to be cautious when using social media and to be vigilant about the dangers of sharing personal information, sending photos, and respecting confidentiality. SECURITY OF DATA Data security is crucial in protecting digital information from unauthorized access throughout its entire lifecycle. Utilizing technologies like encryption, data masking, and redaction can streamline audits and regulatory compliance. These tools enhance visibility into critical data locations and usage, ensuring data security throughout the entire lifecycle. SUMMARY TYPES OF MALWARES 1. Viruses are programs that replicate to delete or corrupt files, requiring an active host program on the infected computer or operating system before they can run. 2. Worms are standalone viruses that replicate to spread to other computers, often exploiting weak security vulnerabilities in networks to exploit their potential. 3. Trojan horses are malicious programs disguised as legitimate software, replacing all parts of it with the intention of causing harm to the user's computer system. 4. Spyware is software that monitors and collects information, often monitoring key presses, and sends it back to the sender. 5. Adware is software that displays unwanted advertising, often in the form of pop-ups, and redirects the user to a fake website with promotional adverbs, often in the browser address window. 6. Ransomware is a type of software that encrypts user data, requiring payment for a decryption key, often transmitted through a trojan horse or social engineering. CARD FRAUD Card fraud is the illegal use of credit or debit cards, often resulting from theft or cloning. Shoulder surfing is a form of data theft where criminals steal personal information from victims while using cash dispensing machines, handheld point-of-sale devices, or smartphones. To avoid this, shield the keyboard when using ATMs, never key in data in a public place, and avoid speaking card details into your smartphone. In public places, avoid near security cameras and use biometrics on your device. Card cloning involves copying a credit or debit card using a magnetic stripe, which can be recorded by a skimmer. Skimmers can be placed in ATM slots to read all data from a card. Smart cards, which contain a microchip, have been introduced to combat card cloning and provide more security. A different device, known as a shimmer, is now used to read these smart cards. PROTECTION OF DATA Data protection is crucial in safeguarding sensitive information from damage, loss, or corruption, especially as the volume of data generated and stored has surged. Authentication and encryption are essential tools for verifying data source security and enhancing internet data security. BIOMETRICS 1.Fingerprints Very high accuracy. One of the most developed biometric techniques. Very easy to use. Relatively small storage requirements for the biometric data created. For some people it is very intrusive, because it is related to criminal identification. 2.Signature Recognition Non-intrusive. Requires very little time to verify. Relatively low-cost technology. If individuals do not sign their names in a consistent manner there may be problems with signature verification. High error rate of 1 in 50. It can make mistakes if the skin is dirty or damaged. 3. Retina Scans Very high accuracy. There is no known way to replicate a person's retina pattern. It is very intrusive. It can be relatively slow to verify retina scan with stored scans. Very expensive to install and set up. 4.Iris recognition Very high accuracy. Verification time is generally less than five seconds. Very intrusive. Uses a lot of memory for the data to be stored. Very expensive to install and set up. 4.Face recognition Non-intrusive method. Relatively inexpensive technology. It is affected by changes in lighting, the person's hair, their age, and if the person is wearing spectacles. 5.Voice Recognition Non-intrusive method. Verification takes less than five seconds. A person's voice can be easily recorded and used for unauthorized access. Low accuracy. An illness, can changes a person's voice, making absolute identification difficult or impossible. DIGITAL CERTIFICATES Digital certificate is a pair of files stored on user’s computer – these are used to ensure the security of data sent over the internet. Each pair of files is divided into two: Public key (which can be accessed by anyone). Private key (known to the computer user only). SECURE SOCKET LAYER (SSL) SSL is a protocol that ensures secure data transmission over the internet. It encrypts data when a user logs onto a website, allowing only the user's computer and web server to understand it. SSL certificates, small data files, digitally bind an encryption key to an organization's details. When installed on a web server, they display the green padlock and the https protocol. ENCYRPTION Encryption protects data from hacking or illegal access, but it is useless unless the recipient has the necessary decryption tools. Example of Encryption and Decryption: Encrypt the connection with your email provider Encrypt the actual email messages Encrypt stored or archives email messages Encryption of emails themselves prevents a hacker making sense of any intercepted messages. Encrypting your email supplier connection safeguards against unauthorized users from intercepting and capturing login details and any sent or received emails. Encryption provides additional protection for emails as they leave your email supplier's server and travel to their destination server. Any backed-up messages stored on your email supplier’s server also need to be encrypted. It a hacker acquires access to this server, they could then gain access to your stored or archived messages. FIREWALL A firewall, either software or hardware, protects a user's computer from external threats by filtering incoming and outgoing network traffic, allowing or denying access based on user preferences. Two-factor Authentication Two-factor authentication utilizes common factors such as a PIN code, a mobile device, and unique biometrics for verification, primarily used in online purchases with credit/debit cards, to ensure user identity. USER ID AND PASSWORD Passwords are essential for securing data and systems, and should be hard to break and frequently changed. They are also used for internet access. To protect passwords, run antispyware software and change them regularly. Strong passwords should contain at least one capital letter, one numerical value, and one other keyboard character, while being easy to remember.