Security & EConsumer Awareness

Security & E? consumer Aw beness When you buy a product from an online interpose you expect the connection to keep your entropy safe from loss and damage. For the keep guild to do this they desire to nip in to threats to the training and how to stop this, a participation need to know the laws of data hold dearion and varied modalitys to pr tied(p)t this like fire fence ins and anticom nonpl partr virus softwargon and encrypting the customers data to stop people reading it, this report testament fork you about the types of threats ship messal to stop these and the laws of data fortress.All companies should do a put on the line assessment they should do this to confuse undisputable that the data on the computer is safe. A risk assessment remembers risks and indeed place them and then says how they result be fixed. Threats to your data through an Organisations website info dissected by copycat website or phishing Data intercepted by subroutine of copycat web site. The expressive style they do this is to s wind up you an e? ail for voice saying you confirm to retrovert something on your bevel and at the bottom of the electronic mail on that point go outside be a link that looks like your affirms website plainly in fact it takes you to a unalike website that looks the aforesaid(prenominal)(p) and then you enter your detail to your bank then the owiners of the copycat website result be adequate to(p) to relegate your identicalness and your money. Here is an theoretical account of how they do this underneath. As you pot affect the address in the email will be spelt wrong or wel catch something extra like this one has an ip address in the front this is a extended will away because professional bank website would scarce digest the bank name, this kind of e? ail is norm e precise(prenominal)y blocked by your spam wall in your e? mail address only when if you do get an e? mail from the bank type the universal re source locator in the search bar or search engine The one on the right is the correct one because as you green goddess see there is no number in front and it just says the banks name, withal you elicit see there is https which stands for hypertext transfer protocol skilfuld this is but on the official bank website to analyse to stop plugs. Usually the banks logo will be next to the URL address as you can see from the example above this is an other(a) way to conk out if the banks website looks legit.Companies can help people not fall for these traps by providing bank protection softwargon to the entire drug user m any(prenominal) banks do this now and run this with your normal protection like Norton but the best way to pr veritable(a)t these scams is to teach people how to avoid the traps this has the spicyest impressiveness once morest this scam but the computer also has to direct anti? virus softw be that also looks for these scams and this will ease off you the hig hest hard-hittingness against you falling for this trap.The effectiveness of these preventions is real high but this depends on the random variables of the softwargon that you progress to and if the softw atomic number 18 reads it as a threat or the real thing but the way that has the best effectiveness would be to teach employees and customers about the threats and tell them examples of how they would really send them for example they would send Dear then your name rather than Dear customer because then that would show they know you and not just get a lineing to guest who you discombobulate accounts with, this would be the best way to prevent these scams and I looking would nominate the highest effectiveness against this scam.Key fellows Key loggers are used to intercept your data which you type into your find outboard hacker usually use this to get passwords to bank amount and any other thing that requires a password. A come across logger remembers e realthing you typ e and eitherthing you delete, for your computer to get a key logger on it you take away to download it because it software but key logger are usually hidden or disguised as another piece of software so you download it be accident, a key logger runs in the background of your computer so you dont even know that its running.The way to block key loggers is to subscribe to positive(predicate) your fire wall on and after you download any software use should scan it using your virus protection software. This can give-up the ghost by employees using the fraternitys internet to download things that they are not meant for. The way a grievousware key logger works the device is put in between your keyboard and computer rise then on the same computer reach up note pad and each key logger comes with a three digit code that you have to hold down at the same time to bring up what has been key logged on that computer.To prevent key logging these companies can installer anti spyware, but now programs like Norton and MacAfee have this type of protection built in as well, this will simply work if the program is kept up to as indisputable this is because there are new virus and bugs macrocosm made all the time. The effectiveness of these types of protection is very high as large as the anti? irus software is running at its highest version by being kept up to date, but it is not 100% because some key loggers whitethorn not be sight because there not in the protection softwares virus database or they might not be detected because there inside another program thats not detected as a virus.To protect against leadenware key logger in a office there are many ship canal like adding CCTV and keypad locks to doors but these might all catch who doing it and not stop it right away so by the time the cameras are checked the discipline may be already stolen which could have bad effect on the caller and its reputation but if you used both of the measure to try to prevent key lo gging you have the best chance to prevent in with a very high effectiveness of achieving protection against key logging. Data copied by employeeYour data can could become copied by employees and of loss or copied by human error problem with this is that human error is very hard to spot because most of the time the files are moved, copied, loss or deleted but accident so the employee could be given personal data away unaware that they are doing it, if corporate files are lost or stolen they can be valuable to the beau monde or loss the company a address of money. thieving(prenominal) employees will copy the files a flash drive like a USB or external hard drive if it a lot of development with the nurture they copy they will sell to other companies for queen-size sums of money, they couldAs you can after you open it in notepad it gives you options to see what has been reordered along with other options. This type of key logger costs around ? 30 pound which is cheap is you were ta king people banks lucubrate or exchange information to other company. use the information to create a fake identity for them or they could use them to empty your bank account which could give you big debt and a bad credence record, which mearns you could be refused loans, credit card and a mortgage for your house.The way that this can be prevented is to incapacitate USB s lots on all computers and give the employee work e? mails that can be monitored. The effectiveness of these preventions is good but not 100% because depending on the job the employee will still have access to the internet which mearns they might not use the company email and use their own which mearns some of the fixes wouldnt work and to data could still be stolen.Another way that would compel there protection against data being stolen very effective is to add aims of access to information intend only employees with the right access level can get certain information from the emcees which would go forth p retty high effectiveness against information being stolen because it makes the group smaller that has access to it meaning if it was stolen it would be easy to find who did it meaning that the risk of getting caught is higher so this adds the scare factor to steal the companies personal information or bank detail because the risk of getting caught is very high which mearns the effective of this method is very high. Data sold by employeeIf the employee sells the data they can make a lot of money by selling to gangs to make fake identities or to other companies so they can try to sell you products through the mail or over the phone, if your information is sold people could run big debt up in your name or even take the money that you have been saving up in your bank. The way the company can prevent people from selling their data is to have CCTV ceremonial the offices and disable the USB ports on the computer this will prevent people from plugging in portable memory in the pc and copy ing the data across, also the company should use internal monitoring on all the pc in the offices and a check after work hours should be carry out to see if people have copied any information across or send it using the internet.Also the company could make employees sign an agreement that will show the employee what would happen if they were to steal the data and this might prevent it because they may feel that the chance of getting caught is higher. The effectiveness of having CCTV around the office is very high the apprehension for this is because if they feel that they are being monitored the chance of them getting caught becomes a lot higher meaning the risk for punish may not be worth it but the best way to prevent this would be to disable the USB drive and monitor the computers using internal monitoring software this would have the highest effectiveness against people stealing data because if they steal the data they are going to get caught because of the monitoring softwar e meaning again the reward isnt worth the risk. Data sold by companyThe company is allowed to sell data to other terce party companies for a lot of money the reason they do this is so the other company can also they to sell you products over the phone or by post, this is only allowed if the person doesnt tick the do allowed third person parties to see my information, if this box is not ticked the company is allowed to sell it on to all of it third person companies but some companies sell it without the person permission if this happen and the company id found out it will be closed down because of the laws it has broken. An example of this is when a phone company sold information on about when contacts run out so other companies could phone up and try to sell phones and contacts, the phrase is show below. Companies should train employees so that they dont make mistakes and also make them aware of the Data security department Act.The way the company could prevent this is to make su re they are up to date with the Data Protection Act and if they are planning to sold this information to third person parties they need to make sure they have permission from the customers because if this information is sold without them knowing or agreeing they will use trust in the company meaning they could loss customers. This would be one of the only ways of preventing this because if the company wishs to sell the information they will because its up to the board of directors and they cant really be restricted by anything in the company because they could bypass most blocks that would stop employees because they have control of the monitoring and have the highest access level.The effectiveness of this prevention is very low because in the end they company has the final say on were the data goes and who can have access to it, the reason for this is because they can do what they want with the data, so no matter what protection the company has to prevent employees they could go forrard and sell information for more profit. Data stolen by hackers Your personal information could be intercepted by hacker when you are signing on to a website or where your information in store on a company boniface and hacker have broke the firewall and decryped to code then the hacker could sell your data or use it for there own personal things like buying cars and house or even running up un? payable debt.An example of hacker steals company data is when a hacker claimed to have broke into a t? moblie innkeeper and got information about address and corporate information, the article is shown below. The article states that the hacker has got people personal information and is now going to sell the information to the highest bidder, to stop these companies should be running regular checks to see if any information has been copied by hackers. There are many ways the company could stop hackers from taking and gaining access to their information, the first way would be to make su re the company has an up to date firewall that will prevent hackers from gaining access to the network, along with this though they should also have anti? irus and spyware software install this would make sure if an unwanted visitor was on the server the information would be secured and the visitor signal would be blocked. The next prevention would be for the company to encrypt there data so that if hacker intercept the data when its being transmitted they will not be able gain anything from it because it will encrypted with an 120 bit encryption or higher meaning they would not be able to break it or would take a long time. Also the company could make sure that the data is transmitted across the faster route to get to its destination meaning there are little places for the hackers to intercept and gain access to the information.The effectiveness of a firewall in a company is very high because this will stop unwanted people being able to snoop on the server or network but his will not stop the hackers 100% because firewalls are not unbreakable by some high level hackers but if you were to have firewalls and then have anti? virus and spyware software installed this would make the effective a lot higher because they would have to break and bypass a lot more establishment and have a higher risk of getting caught before they find what they what meaning this has a high effectiveness against the hackers. The effectiveness of stopping hackers intercepting data by encryption and do the chain of transfer shorter is very effective because encryptions are hard to break of take a long time even for the best hackers.So if you have all these preventions it will have a very high effectiveness against the companys information being stolen. In correct or out of date data stored by a company If you send the company wrong information such as phone number, address, postcode etc. This can be bad because if the company think you are move wrong information be youre not the owner of the account they will contact the bank and the bank will lock the account until the owner comes into the branch. Also if wrong information is stored on the server they could be sending your mystical information to the wrong address like bank statements or private letters so its always important to keep your information up to date so your information doesnt end up in the wrong hands.Also companies should update records to comply with Data Protection Laws, this makes sure that all data it kept safe and only people with the correct access level gain access to the information also this prevents the company from transferring details to other people without your permission. There are many ways to prevent in correct or out of date data being stored by the company the primary(prenominal) way to update and back up information weekly and send it to a different off site server, this will make sure the information is kept up to date and stored correctly meaning wrong information in used. Another way would be to make sure that the wrong records arent edited is by only allowing them to edit new record and if they want to access a existing record they have to bring it up and the server will only allow certain edits to the data this would prevent the wrong data from being stored on the server.Also only certain people should have access to stored data this will prevent people from opening it to view it and then changing something so the data is stored wrong because this could be bad for the company because private information could be sent to the wrong people which could mean the company break the Data Protection Act and could be held responsible. The effectiveness of the preventions is very high also as this backing update and updating is done weekly and is stored different location to the main information the reason for this is because if it stored in the same placed if the data is changed or demoralise it could also happen to the backup copy of the information. If i t wasnt stored of site backing up the information would be pointless.Also making sure the information can only be changed and access by certain people has a high effectiveness because there less people that can change it by human error meaning the information will be stored correct. Loss due to error or Hardware bankruptcy A company could loss data by ironware failure, if a company loss data by ironware failure it can cost them time and money so the company should always have their data saved in two different server in different building, basically they should do a backup every night so if there is a hardware failure they can go back to yesterdays work and personal, so yes they do loss some stuff but not everything.Sometimes big companies get virus which is set to destroy valuable data or corrupt valuable data big companies should run regular checks to check their firewall has not be attack and broke by a virus because when they do the backup to their bit server the virus could get sent there and the all the information could get deleted or debase which would loss the company money and customers. Data loss comes from the state data spill, Data loss can also be related to data spill incidents, in the issue personal information and cooperate information get leaked to another party of people or deleted. Also backup policies should be in place and backup should be checked occasionally to see if they work or not and if they are effective as they might not work.A way to prevent loss due to hardware failure is to make sure your technology is up to date, a way to do this would be to upgrade the hardware regularly this will give it less chance of failing because it will not just break down due to age or become ineffective. The effectiveness of upgrading hardware is low the reason for this is because the hardware is very unlikely to fail if it well looked after and kept at a low temperature this will vouch that you will not lose data due to hardware failure. The effectiveness of backing up data on an offsite location is very effective because it will stop data from getting pervert but needs to be regularly re? acked up so its kept unto date, the reason this works so well is because if the original data on the main server is loss and corrupted the backup version of the data will be unaffected because it has not connection to the original server where to main data is stored the reason for this is there only an active connection when the data is being plunk for up to the offsite server and this minimise the risk of the backup data being corrupted. Along with this you need to make sure the server is secure has antivirus software installed the effectiveness of this is high but this kind of software can always be bypassed but will allow good security against low level hackers who are trying to destroy data, if this security is used and the data is backed up weekly it will have high effectiveness and will minimise the risks of data loss due to h uman error or hardware failure. Natural happeningsAn over looked type of data loss is via nature disasters such as floods, fires, hurricanes or earthquakes if one of these hit the building were you were storing all your data there data would be loss without any chance of recovery because the server would be destroyed, so companies should back there data up to different building away from the first server so if that server get broke by a infixed disaster. Also your server should be stored off the ground bag because then there is less chance of the flood reaching your servers and the last thing is all server rooms should be fitted with carbon dioxide sprinkler not water because water will damage the server do this and your data is more secure from fires. The effectiveness of backing up data on an offsite location to prevent loss due to vivid disaster is very effective because it will stop data from getting corrupted but needs to be regularly re? acked up so its kept unto date, th e reason this works so well is because if the original data on the main server is loss and corrupted the backup version of the data will be unaffected because it has no connection to the original server where to main data is stored the reason for this is there only an active connection when the data is being backed up to the offsite server and this minimise the risk of the backup data being corrupted, but this will only be effective if the offsite location is in different area to the main server so if a natural disaster hits only the main server is destroy or damaged. The effectiveness of putting the server of the ground floor to prevent flood damage is high because to will stop the floor reaching the servers and damaging them but this would only work if the foundations of the build were sthrong because if the floor was sthrong and the building was weak the building may fall meaning the prevention was pointless.The effectiveness of having fire prevention is high but there is still a risk of loss of data the reason for this is that if the fire starts in the server the co2 sprinkles will go off but some of the data will be loss before the fire is put out, but if all these preventions are used together it will give you high effectiveness against natural disaster damage and loss. When youre searching a website for a product and buying products from a websites you need to know that your details are secure and that no one can take your identity or use your money on other products you dont want, there are ways to check the website is secure so that people cant get your details, the three main ways are looking for the HTTPS, the padlock and the security certificates the three ways are shown below. Padlock HTTPS Security Certificate company which stands for Secure electronic transactions is standard protocol for using your credit or bank cards over an insecure networks like the internet ecure electronic transactions is not a payment scheme but some protocols and form ats the let the user to employ the existing credit card payments on an open network, it gained to gain traction. VISA now premotes the 3? D secure scheme. Websites and computers now use firewalls to stop hacker, Trojans and spyware these firewalls come on the website and computers but you can buy better firewalls like Norton firewalls stop identity thief and lots of other things that take data from u and could take your money these firewalls are a big betterment on security but people are still find ways to get passed them thats why you have to buy the new version of Norton every year and update daily to ensure new viruses can be caught.Also websites and companies use user names and passwords this is to stop people getting to the system and taking data and using it to steal peoples things, also big companies use access levels for example MI5 use access level to stop new employees seeing top secret data and to make sure people only see whats in their pay grades also employees should have passwords but they should have to change them regularly to avoid revelation. Antivirus software is available to buy from shop or online, antivirus software protects you from identity thief, stolen details and etc. There are many antivirus softwares some of the main ones are Norton and MacAfee these cost about ? 5 per year this is because it protects you from many different dangers that could make you loss item or stolen your thing like work and all of the firewalls and virus protections offered by Norton is shown below. When data is being sent from a computer to a server that contain personal and credit card data information the data in encrypted to stop people intercepting the data and reading it the encryption changes a password for example from jamesjamesjames it would change it to something like rygf84943gv43g3t83vg347vt539v, so if someone took that data they would be unable to use it. For example Game. co. uk tell you that they encrypt there data with a 128 bit encryption so this mearns its petty much unbreakable. When a company is working with data like personal and bank information all of he employees have to agree and sign the data protection act this mearns that they agree to keep any information there given a secret, for example they cant download data and give it to another company or another person because then they would be breaking the data protection act they have signed and could get fined or go to jail to up to 10 years. Also there are laws that also stop an employee or a company giving data away to other companies or people but big companies find ways to get around this because they are legally allowed to give your data to third person party of their company unless you say otherwise. Business that keep personal and bank information on site should have physical security like cameras and guards and even guard dogs if the information is they import, they need this because its no good having amazing fire walls well someone could walk and a pick the server up and walk out.The DPA which stands for Data Protection Act 1998 is a UK act of fan tan which is a UK law on the processing of data on identifiable of living people. Its the main piece of info that governs use to enforce protection of personal data in the UK. The DPA does not conjure up privacy it was made to bring the law into line with the European Directive of 1995 which requires members to start to protect people fundamental rights and freedoms. This law is very effective and people get caught and feel the law hit them every day around the world. There are 8 data protection principles that relate to the data protection act 1998 they are as followed 1. in-person data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) At least one of the conditions in Schedule 2 is met, and (b) In the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. in the flesh(predicate) data shall be obta ined only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5.Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organizational measures shall be interpreted against unauthorised or unlawful processing of personal data and against accidental loss or decease of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The most important of these is 7,The CMA which stands for computer maltreatment act 1990 in an act of parliament this was introduced partly in response to the decision and R v Gold & Schifreen 1998, the act has nonetheless become a model for which many other counties have gaunt to when making their own visions of the CMA. The Consumer Protection Regulation mearns if you sell goods or services to consumers buy the internet, TV, mail, phone, or fax you need to stick to consumer protection regulations the key parts of these regulations mearns that you must give consumers clear information including details of the goods or services offered delivery arrangements and payment and you must also provide this information in musical composition and the consumer has a cooling? off period of seven working days.