Supp. Chapter 2, Lesson 3 Text
Lesson Three: Digital Security
Computers are great tools that make our everyday life easier. However, in our digital world, it is very easy for criminals to take advantage of your computer system, steal your personal data, and cause other harm. In this lesson, we are going to discuss some of the security risks that surround computers and describe strategies for minimizing those risks.
On a personal level, you have private information that should not be shared with anyone else. For example, your social security number, your bank records, your health records, and your social media usernames and passwords are likely available on your computer or through websites that hold your accounts.
A criminal that gains access or control of your computer can steal all of this personal information. With the right data, usernames, and passwords, a criminal can pretend to be you - this is identity theft. Someone with your identification can make purchases with your money, take out loans in your name, empty your bank accounts, and cause many other problems.
Businesses also have security concerns at the office. Employees often need to work with sensitive data that belong to customers such as credit card numbers. Businesses need a way to keep this information safe and secure. Nobody outside the company should be able to view sensitive records, and only authorized employees within the company should be able to access those records.
Similarly, a business might create confidential information internally. New product plans, marketing strategies, customer lists, competitive analysis, and other important business information should be kept securely within the company and not leaked outside.
Each of the security risks described below can result in private information being lost or used incorrectly.
|Stolen Data||Private information can be stolen from your home computer or business office. Hackers that gain control of your computer, network, or applications can access data they find stored in those locations.|
|Intercepted Data||Private information that is sent between locations can be intercepted by someone that is monitoring the communications. For example, if you enter a username and a password in a website, those things must go from your computer across the Internet to the web server.|
|Infected Applications||Applications running on your computer might become infected with viruses or other malware. The applications can then become unstable, quit working completely, corrupt your data, or send private data out to others.|
|Lost Data||Even a completely secure computer and network is at risk from accidents or natural disasters. What happens if your house or office burns down, and all computers inside are lost? Is your sensitive data backed up somewhere safe?|
Personal Security Strategies
As an Internet user, you are mostly responsible for your own security! Ethical online sites will usually do a good job protecting your personal and private information. However, it's hard to tell the difference between a safe website and one that will not protect your data. So any time you are using the Internet, protect yourself by following some basic safety rules:
- Avoid giving out personal information such as your name, address, phone number, age, credit card numbers, or other financial accounts unless you are working directly with a well-known bank, retailer, or other legitimate website.
- Never share your private login to a service with someone else. Once your login name and password is shared, many other people can access that service just as you would. Do you really want a stranger acting on your behalf through your personal login?
- Use a strong password that is hard for others to guess, but easy for you to remember. Use a combination of letters, numbers, and other special characters and avoid easily guessed passwords involving your name or other common words.
- Avoid clicking on unknown links. If you receive an email claiming that you have won a free prize, carefully examine the URL underlying any link before clicking! Hyperlinks can be made to take you somewhere completely different than the descriptive text.
- Criminals can set up fake websites that look exactly like the login page to your banking website or other sensitive areas. Ensure that the URL you are visiting truly belongs to the institution and not a similarly-named knock-off site.
- As in real life, if something online seems too good to be true, then it probably is! Avoid obviously fake deals or scams.
Business Security Strategies
In order to better provide data security, companies have come up with a business model called "Confidentiality, Integrity, and Availability" or CIA. This model is designed to keep information safe and secure within an organization.
Confidentiality is also often referred to as data privacy. In order to preserve your data privacy, companies will take measures such as:
- Encrypt data as it moves between locations
- Encrypt data that is stored in databases
- Set up and enforce access policies, ensuring that only authorized users have access to sensitive data
Integrity involves maintaining the consistency, accuracy, and trustworthiness of your data. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people.
Availability means that you can get to the information you need at all times. Data centers should be maintained with power backups and other physical safety features to prevent interruptions. Your communication networks should have backup channels and servers. All of your application data should be backed up and sent off-site on a regular basis.
Computer operating systems and individual programs like databases may identify users with a login. A login is a combination of a username and password. The username uniquely identifies the user, and the password is used to confirm the person typing in the name is actually who they claim to be. When a login is created, the username and password are given only to the authorized user, who should keep the password secret. When the user needs to access a computer or program they can type in their username and password to gain entry.
Another useful security tool is something called a firewall. A firewall can either be software-based or hardware-based and is used to help keep a network secure. The primary purpose of this tool is to control the incoming and outgoing network traffic by analyzing the data as it moves through the network. Software firewalls can be part of your operating system and will work to keep one computer safe from unwanted connection attempts from the outside world. A hardware firewall will protect an entire network from unwanted or suspect network traffic.
As part of your security strategy, you should plan how to recover from a computer disaster or emergency. What happens if your computer is infected with a virus? How do you recover lost data if your hard drive crashes? If you ask these questions after losing data on your computer, it might be too late! You should plan ahead and ensure you have a good backup and recovery plan before any emergencies happen.
It is usually possible to replace computer hardware if something breaks; just buy new components or an entirely new computer. But the data on your old computer can be hard to replace! You may lose years of email, pictures, documents, and other files that can't be re-created. You also may have saved bookmarks, usernames and passwords in your web browser, plus other cookies that help you navigate through your favorite websites.
You should consider a backup plan that saves all of your important emails, files, and other documents somewhere outside your computer. That way, if your computer gets wiped out, you can restore those files to your new system.
There are many good options for backup storage. You can use special sets of hard drives that will mirror (copy) data in case one drive crashes. Or you can use an online service to automatically copy your important files to a secure online location. You can even manually copy files to local external storage such as a CD, flash drive, or USB storage device. No matter what backup option you choose, be sure to preserve any files that you don't want to risk losing!
The United states has a number of laws that protect you from computer crime, fraud, and abuse. There are also laws to protect businesses from consumers who try to take advantage of their work.
The U.S. Copyright Act gives computer programs the same copyright status as literary works. This means that software is protected from illegal copying. However, this also gives software owners the right to copy their software for backup purposes and the right to sell their software when they are finished using it.
To avoid these elements of copyright law, many companies have begun to offer software licenses instead of selling the full rights to the software. These software licenses allow a person to purchase software without receiving the full rights allowed to them by the copyright laws. This, in turn, protects software companies from unauthorized copies or sales of their property.
The Computer Fraud and Abuse Act (CFAA) was enacted in 1986 to address rising problems with computer hacking. At the time, computers were still fairly new and existing criminal laws did not completely address new computer crimes. This federal law prohibits unauthorized access to computers and networks in the United States.
The Health Insurance Portability and Accountability Act (HIPPA) is a law that protects patients in hospitals and doctor's offices. If you have ever used a doctor, you know that you are often asked to provide a great deal of personal information at your doctor's appointment. Since this information is usually entered into a computer system, we need to ensure that this information was well protected. The HIPPA law ensures patient confidentiality for all healthcare-related data.
The Children's Online Privacy Protection Act (COPPA) was created to protect children on the Internet. Online gaming sites, social media and even educational websites will often ask for personal information. The COPPA law gives parents control over the type of information that website operators can collect from children under 13 years old.
Recently, privacy issues have come under attack from yet another source: your government! The Electronic Communications Privacy Act (ECPA) was enacted to include electronic data in the list of things that the government is forbidden to intercept through wire taps or other eavesdropping.
Banks and credit unions hold the keys to our personal finances. In order to force these companies to take stronger precautions with their client data, the Gramm-Leach-Bliley Act (GLBA) was passed. This act details the protections that must be in place when dealing with your private financial information.
In addition to federal laws, most states also have their own laws dealing with computer crime and fraud. Each state also has its own prosecutorial system and way of dealing with computer criminals. Some states are much more proactive than others, but typically the states will cooperate with federal authorities. Some state laws are even more restrictive than federal! You can find out more about the laws in your state using the National Conference of State Legislatures website.
Computer viruses are programs that are designed to damage your computer or allow a remote user to control your system. Other kinds of malware programs might change the behavior of your computer to show you unwanted advertising, track your online activity, or steal your personal information. These kinds of programs are called "viruses" because one infected computer is often able to infect another computer when the virus software makes a copy of itself.
The best way to deal with viruses and malware is to avoid infecting your computer in the first place!
- Avoid visiting websites that are obviously aimed at illegal activities such as stolen movie downloads, pirated software downloads, etc. These websites frequently add viruses to the downloaded programs.
- Never download or run unknown programs. Make sure to scan any downloaded file with your computer's anti-virus software before opening and running it.
- Keep anti-virus software installed on your computer. Anti-virus software will monitor your computer and try to block infections from known viruses or suspicious programs.
If your computer is infected with a virus or malware, then you will need to use anti-virus software to remove it. An anti-virus program will run constantly on your computer, scanning files for virus infections. Since new viruses are discovered all the time, you need to make sure that you keep your anti-virus software up-to-date.
If your anti-virus software finds a virus, a message will appear on the screen. Most anti-virus software will quarantine suspicious files automatically. This means that the file is not deleted, but has been moved to a sort of "file jail" where it cannot do any harm. Why not just delete the file? Because occasionally a file that your anti-virus software sees as suspicious may be harmless. Quarantining the file will allow you to look at the file and decide for yourself if the file is truly harmful. If so, you can easily delete the file from your computer.
Your anti-virus software may not catch all of the viruses that exist before they infect your machine. If you do get a virus on your machine, you can still often use the same anti-virus software to remove the virus. To do this, you will often need to perform a system scan, where every file on your computer is checked by the anti-virus software. If a suspicious file is found, the software will attempt to remove the virus.
Your anti-virus software might not be able to completely remove a virus. In that case, you may need to get professional help to remove the threat from your computer. If a virus cannot be removed at all, then you may have to completely reformat your hard drive and re-install all of your programs! In this case you will have lost all of your data such as local emails, pictures, and documents stored on your hard drive.
Work with Me: Back it Up!
Think about at least one file that is very important to you. Perhaps you have a special picture that you can't replace, or a class report that you've been working on for two weeks. In this exercise, you are going to make a backup copy of that file. You'll then practice restoring it to a new location in case the original is lost.
- Identify the file you want to protect.
- Make a copy of that file in a secure location. Here are some suggestions:
- Copy the file to another computer's hard drive, or
- Email that file to a trusted person for safekeeping, or
- Upload that file to a secure online backup service
Now, try to restore that file by copying it back onto your computer. You can put it in a new location so you don't overwrite the original.
Confirm that your restored file still works just like the original. Was this backup and restore process difficult? Would your strategy work well if you lost your entire computer, and you had to restore many files at once?