D1- Protecting Data and Information Flashcards
Malware
⚫ This is software designed to cause harm to
your IT system, such as deleting, altering or
stealing data.
⚫ Example - Viruses, Trojan, Ransomware , Worms, Spyware
Hackers
⚫ Hackers exploit weaknesses in IT systems to gain unauthorised access and steal or change data, while ethical hackers test defences and security.
Phishing
⚫ An (unauthorised) attempt to gain personal/sensitive information (1) by impersonating a trusted organisation (1)
such as sending a fake email with a link (to a fake website) (1)
Reducing the risk of Phishing
⚫ Never send sensitive data over in an email (1) legitimate companies will never request details in this way (1)
Do not follow links from unsolicited emails (1) as these may lead to sites/sources that could be harmful (1)
⚫ Check the source of the email carefully (1) to ensure it comes from where it says it does (1)
⚫ Use filtering settings in email (1) which will block/ screen the spam (1)
⚫ Read the contents of the email to make a judgement as to whether the contents are legitimate (1) and delete anything suspicious (1)
The Impact of threats on individuals
⚫ Identity fraud – Stolen personal information is used to open fake bank accounts, sign up for mobile phone contracts or credit cards;
⚫ Bank fraud – A criminal could use your details to log into your bank account to transfer funds or withdraw money or purchase items fraudulently…
The impact of threats on organisations
⚫ Loss of reputation: An organisation affected by any of the issues discussed previously may mean that customers will lose confidence and take there business elsewhere;
⚫ Loss of income: A decrease in reputation along with the threats mentioned previously could cause the services to go down, which means the business cannot carry out its day to day activities, this “down time” means the business is losing money.
Threats when connected to the Internet
⚫ Computer theft (1) because someone could break into the office and walk away with the PC (1)
⚫ Malicious damage (1) by someone deleting or editing malicious data on purpose (1)
⚫ Introducing viruses/malware (1) via an external device (1)
⚫ Accidental damage (1) employee could spill drink and ruin the hard disk drive / power surge leading to computer crashing / overwriting/ deleting files (1)
⚫ Hardware/ system failure/ damage (1) HDD could encounter problems and employees may not be able to access data (1)
⚫ Natural disaster caused by fire/ floods (1)
Threats to data using a portable device for online banking
(𝐇𝐚𝐜𝐤𝐞𝐫𝐬/𝐮𝐧𝐚𝐮𝐭𝐡𝐨𝐫𝐢𝐬𝐞𝐝 𝐚𝐜𝐜𝐞𝐬𝐬)
- Firewall (hardware or software)
- Firewall installed on the portable device
- Kept up to date
Threats to data using a portable device for online banking
(𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐨𝐟 𝐀𝐩𝐩𝐬 & 𝐎𝐒)
- Operating System security patches kept up to date
- App security patches kept up to date
Threats to data using a portable device for online banking
(𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐧𝐠 𝐝𝐚𝐭𝐚 𝐝𝐮𝐫𝐢𝐧𝐠 𝐭𝐫𝐚𝐧𝐬𝐦𝐢𝐬𝐬𝐢𝐨𝐧)
- Don’t use unsecured/public networks – may be accessible to other users
- Use secure network / cellular data / VPN – these will encrypt the data and prevent access
- Ensure that users are logging on to secure URL– HTTPS/SSL/TSL protocols. Identified by padlock/green in address bar etc
Threats to data using a portable device for online banking
Other
𝐏𝐡𝐲𝐬𝐢𝐜𝐚𝐥 𝐩𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐨𝐟 𝐩𝐨𝐫𝐭𝐚𝐛𝐥𝐞 𝐝𝐞𝐯𝐢𝐜𝐞
- Use strong password / biometric controls to access portable device
- Ensure follow procedures for keeping password secure e.g. don’t write it down/tell anyone / hide when entering etc
- Log off when finished using
- Don’t leave portable device accessible to anyone else
- Protection of files on portable device – passwords / access levels / encryption of data
- Theft of portable device
𝐏𝐫𝐞𝐜𝐚𝐮𝐭𝐢𝐨𝐧𝐬 𝐰𝐡𝐞𝐧 𝐮𝐬𝐢𝐧𝐠 𝐢𝐧 𝐩𝐮𝐛𝐥𝐢𝐜 𝐩𝐥𝐚𝐜𝐞𝐬
- Prevent shoulder surfing – ensure no one can see what data being entered/accessed
- Don’t use unsecured/public networks – portable device may be visible / accessible to other users
𝐏𝐡𝐢𝐬𝐡𝐢𝐧𝐠
- Don’t respond to links / attachments from unknown senders
𝐏𝐡𝐚𝐫𝐦𝐢𝐧𝐠
- Take care when accessing websites, particularly when redirected. – check URL, is it as expected
How to protect from harmful downloads
⚫ Install anti-virus / anti-spyware / anti-malware software (1) to scan downloaded video files for suspicious threats (1)
⚫ Regularly update anti-virus / anti-spyware / anti-malware software (1) to make sure the software recognises new threats (1)
⚫ Use trusted websites (1) that have digital certificates / https (1)
⚫ Safe browsing (1) set settings to stop visit untrusted website (1)
Keeping Anti-Virus Software up to date to reduce risk of Viruses
- To recognise and handle new virus strains (1)
- New viruses are constantly being created / virus threat is constantly evolving (1)
- Content is compared against (an existing) database of virus definitions (1)
- If new virus is not in existing list, it will not be detected (1)
- Antivirus software developers constantly monitor the threat landscape (1)
- Antivirus software developers will update the definitions database when any new virus is found (1)
Keeping data on a network secure, when accessing a network using personal laptops
𝐏𝐫𝐨𝐜𝐞𝐝𝐮𝐫𝐞𝐬 𝐭𝐨 𝐩𝐫𝐞𝐯𝐞𝐧𝐭 𝐭𝐡𝐫𝐞𝐚𝐭𝐬 𝐭𝐨 𝐬𝐭𝐨𝐫𝐚𝐠𝐞 𝐝𝐚𝐭𝐚
- Acceptable use of IT policies e.g. network Wi-Fi login
- Up to date antivirus/ antimalware on college network and laptops
- Ban/ encrypt USBs/ portable media - Firewall on the network
- Health check for laptops
- Regular backups
𝐏𝐫𝐨𝐜𝐞𝐝𝐮𝐫𝐞𝐬 𝐟𝐨𝐫 𝐩𝐫𝐞𝐯𝐞𝐧𝐭𝐢𝐧𝐠 𝐮𝐧𝐚𝐮𝐭𝐡𝐨𝐫𝐢𝐬𝐞𝐝 𝐚𝐜𝐜𝐞𝐬𝐬 𝐭𝐨 𝐭𝐡𝐞 𝐩𝐞𝐫𝐬𝐨𝐧𝐚𝐥 𝐥𝐚𝐩𝐭𝐨𝐩𝐬
- Firewall installed on the laptops in addition to the network to prevent unauthorised access
- Password protection / multi-factor authentication on the laptop, prevents unauthorised access
𝐏𝐫𝐨𝐜𝐞𝐝𝐮𝐫𝐞𝐬 𝐟𝐨𝐫 𝐩𝐫𝐞𝐯𝐞𝐧𝐭𝐢𝐧𝐠 𝐮𝐧𝐚𝐮𝐭𝐡𝐨𝐫𝐢𝐬𝐞𝐝 𝐚𝐜𝐜𝐞𝐬𝐬 𝐭𝐨 𝐭𝐡𝐞 𝐧𝐞𝐭𝐰𝐨𝐫𝐤 𝐯𝐢𝐚 𝐩𝐞𝐫𝐬𝐨𝐧𝐚𝐥 𝐥𝐚𝐩𝐭𝐨𝐩
- Set up appropriate access levels on network for staff
- File permissions on network for staff
- Techniques for preventing other threats to data stored on the laptops being transferred to the network e.g. Anti-virus / malware software installed on laptop
𝐏𝐡𝐲𝐬𝐢𝐜𝐚𝐥 𝐦𝐞𝐭𝐡𝐨𝐝𝐬 𝐭𝐨 𝐩𝐫𝐨𝐭𝐞𝐜𝐭 𝐝𝐚𝐭𝐚 𝐬𝐭𝐨𝐫𝐞𝐝 𝐨𝐧 𝐩𝐞𝐫𝐬𝐨𝐧𝐚𝐥 𝐥𝐚𝐩𝐭𝐨𝐩𝐬
- Physical access to laptops. Individuals must take responsibility for ‘looking after’ the laptops e.g. locked away overnight, never left anywhere others can access them
- Individuals should use external storage devices with caution, applying the same sort of physical access controls to storage devices e.g. USB drives / external hard drives.