Objectives: In this chapter we will learn about

• 8.1 Physical safety

• 8.2 eSafety (Slide 2 - 5)
• 8.3 Security of Data (Slide 6 – 12)
8.1 Physical safety

Safety risk Cause of safety risk Prevention measures

• Do not allow drinks to be taken into the computer room

 Spilling liquids/drinks on electric
equipment
 Exposed wires/damaged insulation
Electrocution
 Unsafe electrical equipment
 Unsafe electrics like wall sockets in
the office
• Overloaded wall sockets
• Overheating of computer
Fire hazard • Equipment
• Exposed wires causing a
• short circuit
Tripping • Trailing wires on the floor
hazard • Damaged carpets and other flooring
• Heavy equipment unstable or falling
Personal from desks
injury • Desks collapsing under weight/desks
not designed to take the weight
• Check all wires on a regular basis and renew wires if there is any
sign of damaged insulation
• Ensure all equipment is checked by a qualified electrician on a
regular basis
• Make use of an RCB (residual current breaker) to prevent
electrocution
• Increase the number of wall sockets and do not use too many
extension blocks
• Do not cover the cooling vents on computer equipment
• Clean out dust accumulation in computers to prevent
overheating
• Make sure all equipment is fully tested on a regular basis
• Have a number of fully tested carbon dioxide/dry powder fire
extinguishers
• Use cable ducts to make the wires safe
• Cover exposed wires and hide wires under desks
• Use wireless connectivity wherever to avoid trailing cables
• Use desks strong enough to take the weight of the computer
equipment
• Use large desks and tables so that hardware is not too close to
the edge where it could fall off
1
8.2 e-Safety :
Principles of Data Protection Act:
1. Data must be fairly and lawfully processed.
2. Data can only be processed for the stated purpose.
3. Data must be adequate, relevant and not excessive.
4. Data must be accurate.
5. Data must not be kept longer than necessary.
6. Data must be processed in accordance with the data subject’s rights.
7. Data must be kept secure.
8. Data must not be transferred to another country unless they also have adequate protection.

Failure to abide by these simple rules by anyone who holds data about individuals can lead to a heavy fine or even
imprisonment.

There are general guidelines about how to stop data being obtained unlawfully:
• Do not leave personal information lying around on a desk when not attended
• Lock filing cabinets at the end of the day or when the room is unoccupied
• Do not leave data on a computer monitor if it is unattended; log off from the computer if away from your desk for any
length of time
• Use passwords and user ids, which should be kept secure; passwords should be difficult to guess/break and should be
changed frequently (see earlier notes on passwords)
• Make sure that anything sent in an email or fax (including attachments) is not of a sensitive nature.

Personal data refers to any data concerning a living person who can be identified from the data itself or from the data in
conjunction with other information.
Examples of personal data include: name, address or email address, an ID card number/passport number, IP address, a
mobile phone, date of birth, banking details, photographs of the individual like in full school uniform.

Sensitive personal data  ethnicity or race, political views, membership of a political party, membership of a trade
union, religion/philosophical beliefs, sexual orientation/gender, criminal record, medical history, genetic data/DNA,
biometric data. 2
8.2 e-Safety :
E-Safety  It refers to the benefits, risks and responsibilities when using ICT. It is often defined to be the safe and
responsible use of technology. In particular being responsible when using the internet, sending and receiving emails,
taking part in social media & online gaming.

Using the internet

Precautions that can be taken to minimise the potential danger when using the internet:
• Make sure that the websites being used can be trusted (for example, look out for websites including https and/or the
green padlock symbol ).
• Only purchase items from websites that offer secure, encrypted connections
• When using search engines, always make sure the device settings are set to ‘safe search’ and the highest possible
level of security is used .
• Only use websites recommended by teachers, parents or from trusted sources
• Be careful what you download; is the material potentially harmful? Could it be malware? It is essential that anti-virus
or anti-malware software is always running in the background and is kept up to date.
• Always remember to log out of sites when you have finished using them; remember that cookies are used every time
you log into a website (take particular care with websites that store key data such as bank account or credit/debit card
details).

Online gaming : Risks are

• Predators - people who prey on others who they see as vulnerable
• Cyberbullying : the use of electronic communication to bully a person, typically by sending messages of an
intimidating or threatening nature)
• Use of webcams
• Voice-masking technology to disguise a voice so you cannot tell their sex, age, or even their accent
• It is often overlooked that online games are also a source of cyber attacks on a user’s computer or mobile phone –
viruses, phishing or spyware are wellreported examples of problems associated with certain online gaming
• Violence in the game itself, which can lead to violent behaviour in reality.
3
8.2 e-Safety :
Sending and receiving emails : Dangers and awareness:
Only open emails or attachments from known sources.
• Make sure your internet service provider (ISP) has an effective email filtering feature to ensure emails from unknown
sources are put into your spam folder.
• Only reply to an email if you know the person who sent it
• Check that email addresses or website addresses pertaining to come from a genuine company always contain the real
company’s website address
• Think carefully before replying to an email and never include the name of your school/college, or any personal data
that could identify you.
• Never send photos of yourself (particularly in school uniform, which could be used to identify your school).
• Beware of phishing and pharming scams.
• Protect your email account by using passwords which are difficult to guess, and change them on a regular basis .
• Take care when forwarding emails
• Manually type in email addresses (do not copy and paste an email address from a recipient) because you may not
spot typing errors or other clues that it is not genuine.
• Avoid clicking on hyperlinks within emails because it could be part of a phishing scam.
• Remember, the unsubscribe link at the bottom of an email could itself be fraudulent.
• Avoid using the Cc or To boxes when sending multiple emails; it is always a good idea to create emailing groups and
put the name of the group into the Bcc box; in the To box, send the email to yourself – this will give you and your
friends some protection because any unauthorised access will not get to see the email addresses of those in the
emailing group

4
8.2 e-Safety :
Social media : Dangers/awareness and protection
 Do not publicly post or give out personal information to people you do not know, including email addresses or house
addresses, because this could be used to find information about you or carry out identity theft.
 Do not send out photos of yourelf to people you do not know; again this could lead to identity theft or somebody
impersonating you
 Always make sure you use the privacy settings when posting photos of yourself on social media sites, so that only
people you trust can see them.
 It is important that none of the photos you post can link you to a place or an address (for example, it is not a good
idea to show the number plate on a car because it is possible to find your address from this information).
 Particular care should be taken not to post photos of yourself in some form of school uniform; again, this gives
somebody information about where they can find you.
 Always maintain privacy settings to stop ‘non-friends’ from contacting you and also make sure you control who has
access to your profile.
 Only make friends with people you know or are very well-known to other friends.
 Avoid using, or forwarding messages containing, inappropriate language.
 It is extremely important to be very vigilant when using social networking sites, instant messaging or chat rooms:
• Block or report anybody who acts suspiciously or uses inappropriate language.
• Be very careful with the language used in chat rooms:
– Always use a nickname and NEVER your real name
– Keep private and personal data secret.
• Do not enter private chat rooms – stay in public spaces (the danger signs are if someone wants to enter a private
chat room, asks you to instant message or email, requests your telephone number or even suggests that you
meet).
• Never arrange to meet anyone on your own, always tell an adult first and meet the person in a public place.
• Avoid the misuse of images, including forwarding on other images from other people.
• Always respect people’s confidentiality.
5
8.3 Security of data : Data threats
Risk Description
This is the act of gaining unauthorised/
Hacking
illegal access to a computer system
The creator sends out legitimate-looking
emails
to target users. As soon as the recipient
clicks on a link in the email or attachment,
they are
Phishing
sent to a fake website or they are fooled
into giving personal data in replying to the
email. The email often appears to come
from a trusted source, such as a bank or
well-known service provider
It uses the SMS system of mobile phones
to send out fake text messages looks like
Smishing
from a legitimate sender. They contain a
‘SMS
URL or telephone number embedded in
phishing’.
the text message. The rest same as
phishing
Vishing Voice message or voice call
This is malicious code installed on a user’s
computer or on a web server; the code
Pharming
will redirect the user to a fake website
without their knowledge
Effect of the security
• The misuse of personal
information
• Data can be deleted,
changed or corrupted
on a user’s computer
• The creator of the email
can gain personal data,
such as bank account
data or credit
• card numbers, from the
user
• This can lead to fraud or
identity theft
The creator of this code can
gain personal data such as
credit/debit card details
from users when they log in;
the website appears to be
that of a trusted company
Methods to remove the security risk
• Use of firewalls
• Use of strong (frequently changed)
passwords and user IDs
• Use of anti-hacking software
• Use of user IDs and passwords
• Many ISPs or web browsers filter
out phishing emails
• Users should always be cautious
when opening emails or
attachments
• Don’t click on executable
attachments that end in .exe, .bat,
.com or .php, for example
• Do not click any link shown on SMS.
• Do not give personal data.
Anti-spyware software identifies and
removes pharming code from a user’s
Computer but the user should always be
alert and look out for clues that they are
being redirected to another website
6
8.3 Security of data : Viruses and malware

Malware Description What damage? Prevention

• They cause the computer to stop • install anti-virus software and
functioning as normal or become
This is program code that can update it regularly
unresponsive
replicate itself with the intention of • Don’t use software from
• The software can delete files or data
Virus deleting or corrupting files on a unknown sources
on a computer
computer; they often cause the • Be careful when opening
• The software can corrupt operating
computer to malfunction system files, making the computer run
emails or attachments from
slowly or even ‘crash’ unknown Senders

Their intention is to spread to other

A type of stand-alone virus that can
computers and corrupt whole networks Always have an up-to-date
replicate itself with the intention of
by finding a weak point in the network. antivirus software and check for
Worm spreading to other computers
They arrive as message attachments and any file arriving from an outside
specially in a network. It looks like a
only one user opening a worm- infested source.
simple application or a message. email helps to infect the whole network.
A malicious program which is often
Once installed on the user’s computer,
disguised as some
the Trojan horse will give cyber
legitimate software, but contains
Trojan criminals access to personal information Do not run any application whose
malicious instructions embedded
horse on your computers, such as IP source is not known.
within it. They arrive as an email
addresses, passwords and other
attachment or are downloaded from
personal data
an infected website.
It is primarily designed to monitor and Key loggers can be detected and
It gathers information by monitoring a
capture web browsing and other activities removed by anti-spyware software.
user’s keyboard activities carried out
and capture personal data . Banks try and overcome this risk, by
on their computer. The software
only asking for a different part of
Key logger stores keystrokes in a small file which
There are even key loggers work by the password each time you log on.
is automatically emailed to the
capturing screen images at random Also an onscreen keyboard is used
cybercriminal responsible for the
intervals; these are known screen which involves on-screen selection
software.
recorders using a mouse 7
8.3 Security of data : Viruses and malware

Malware Description What damage? Prevention

It will attempt to flood
Adware an end-user with unwanted
advertising
programs that encrypt data on a
Ransomware user’s computer and ‘hold the
data hostage’
• It highlights weaknesses in a user’s
security defenses.
• They are hard to remove – they
defeat most anti-malware software
because it can be difficult to
determine whether or not they are
harmful
• They hijack a browser and create its
own default search requests.
• It can be prevented by the
• The cybercriminal just waits until usual methods like by
the ransom money is paid and, avoiding phishing Emails. But
sometimes, the decryption key is once it is executed, it is
then sent to the user. almost impossible to reverse
• When ransomware is executed, it the damage caused.
either encrypts files straightaway or • The best way to avoid a
it waits for a while to determine catastrophe is to ensure
how much of a ransom the victim regular backups of key files
can afford. are kept and therefore avoid
having to pay a ransom.

8
8.3 Security of data : Card Fraud
Methods:
shoulder surfing : Criminals steal personal information from a victim when they are using a cash dispensing machine, when
paying for goods/services using a handheld point-of-sale device or even when paying using a smartphone. Example:
somebody watching you key in data, such as your PIN at ATM or by using a digital camera secretly placed near ATM. This
can be avoided by covering the keyboard with your other hand so that no-one can see which keys you are pressing.

card cloning : Copying of a credit or debit card which uses a magnetic stripe. Here an electronic device known as a
skimmer is used. This is a data capture device that allows a criminal to record all of the data stored on the magnetic stripe
on a card. Skimmers can be placed in ATM slots where they can read all the data from a card. To overcome this problem,
the card with microchip was used.
Shimmer: This uses a paper-thin shim (that contains a chip and a flash drive) that can be put into a card reading slot.
It is so thin that it is almost impossible to detect. When a customer puts their card into the reader slot, the shim reads all
the data from the credit/debit card, allowing the criminal to create a fake replica credit/debit card. Although the chip
itself cannot be cloned, all the data gathered from the cloned card is now stored on a magnetic stripe and a fake card is
produced.
To prevent card fraud, best way to check on this type of fraud is to do regular checks of your spending and query any
unusual activity.

Protection of data
Authentication is used to verify that data comes from a secure and trusted source. Along with encryption it strengthens
internet security. Methods used are:
Biometrics: It relies on unique characteristics of human beings. Biometrics data is difficult to copy and requires the user to
be present so that this method of authentication can be used.
• Finger print Scans: Users will have press their finger against the scanner. Finger prints are compared against those
stored in the database.
• Retina/Iris Recognition: Scans use infrared light to scan unique patterns of blood vessels in the retina.
• Face Recognition: Physical facial features are scanned and compared to the information held in the database.
• Voice Recognition: User will use speak which will compare the voice to one held on the database.

9
8.3 Security of data : Biometric technique
Method Advantages Disadvantages

• very high accuracy

• one of the most developed biometric • for some people it is very intrusive, because it is
techniques still related to criminal identification
Fingerprint scans
• very easy to use • it can make mistakes if the skin is dirty or
• relatively small storage requirements for the damaged
biometric data created
• if individuals do not sign their names in a
• non-intrusive
Signature consistent manner there may be problems with
• requires very little time to verify
recognition signature verification
• relatively low-cost technology
• high error rate of 1 in 50
• it is very intrusive
• very high accuracy
• it can be relatively slow to verify retina scan
Retina scans • there is no known way to replicate a person’s
with stored scans
• retina pattern
• very expensive to install and set up
• very high accuracy • very intrusive
Iris recognition • verification time is generally less than five • uses a lot of memory for the data to be stored
seconds • very expensive to install and set up
• it is affected by changes in lighting, the person’s
• non-intrusive method
Face recognition hair, their age, and if the person is wearing
• relatively inexpensive technology
spectacles

• a person’s voice can be easily recorded and used

for unauthorised access
• non-intrusive method
• low accuracy
Voice recognition • verification takes less than five seconds
• an illness, such as a cold, can change a person’s
• relatively inexpensive technology
voice, making absolute identification difficult or
impossible
10
8.3 Security of data :
Digital certificates: It is a pair of files stored on a user’s computer – these are used to ensure the security of data sent over the
internet. Each pair of files is divided into:
• a public key (which can be accessed by anyone)
• a private key (known to the computer user only).
For example, when sending an email, the message is made more secure by attaching a digital certificate. When the message is
received, the recipient can verify that it comes from a known or trusted source by viewing the public key information. This is an
added level of security to protect the recipient from harmful emails.

The digital certificate is made up of six parts:

• the sender’s email address
• the name of the digital certificate owner
• a serial number
• expiry date (the date range during which the certificate is valid)
• public key (which is used for encrypting the messages and for digital signatures)
• digital signature of certificate authority (CAs)

Secure sockets layer (SSL) : It is a type of protocol that allows data to be sent and received securely over the internet.
When a user logs onto a website, SSL encrypts the data – only the user’s computer and the web server are able to make
sense of what is being transmitted. A user will know if SSL is being applied when they see https as part of the website
address or the small padlock in the status bar at the top of the screen.

The address window in the browser when https protocol is being applied, rather than just http protocol, is quite different:
Using https: secure https://www.xxxx.org/documents Using http: http://www.yyyy.co.uk/documents

SSL certificates are small data files that digitally bind an encryption key to an organisation’s details. When installed on a
web server, it shows as the green padlock and the https protocol ensures secure connections from a web server to a
web browser. How it works? The web server If the web browser can Once this message is
The user’s web browser The web browser responds by authenticate this received, the web server
sends a message so that requests that the sending a copy of certificate, it sends a acknowledges the web
it can connect with the web server its SSL certificate message back to the browser and the
required website, which identifies itself to the user’s web web server to allow SSL-encrypted two-way
is secured by SSL browser communication to begin data transfer begins 11
8.3 Security of data :
Encryption: It makes the data meaningless unless the recipient has the necessary decryption. It uses a secret key that has
the capability of altering the characters in a message. If this key is applied to a message, its content is changed, which
makes it unreadable unless the recipient also has the same secret key. When this secret key is applied to the encrypted
message, it decodes it, allowing it to be read. When a message undergoes encryption it is known as cypher script; the
original message is known as plain text.

Applications of encryption:
• Due to the risks of pharming, hacking or spyware, it is important that data stored on HDDs or SSDs is encrypted; if
data is then accessed illegally, it will be unreadable to the cybercriminal.
• Encryption of emails is also important
• Any data stored on the cloud should also be encrypted

Firewalls : A firewall can be software or hardware. It sits between the user’s computer and an external network. It can
also be called as a gateway. It will help to keep potentially destructive forces away from a user’s computer, by filtering
incoming and outgoing network traffic. The criteria for allowing or denying access to a computer can be set by the user.
Tasks carried out by a firewall:
 It examines the ‘traffic’ between user’s computer and a public network
 Checks whether incoming or outgoing data meets a given set of criteria, if the data fails the criteria, the firewall will
block the ‘traffic’ and give the user a warning that there may be a security issue
 The firewall can be used to log all incoming and outgoing ‘traffic’ to allow later interrogation by the user
 Criteria can be set so that the firewall prevents access to certain undesirable sites; the firewall can keep a list of all
undesirable IP addresses
 It is possible for firewalls to help prevent viruses or hackers entering the user’s computer
 The user is warned if some software on their system is trying to access an external data source, the user is given the
option of allowing it to go ahead or request that such access is denied.

Two-factor authentication – two methods to verify : When a user makes an online purchase, using a credit/debit card as
payment method. User may enter a username and password to log into an account. But before a credit/debit card
payment, an OTP (one time password) is sent to the registered telephone number or the email id stored in the bank
account. If the user enters this OTP, the transaction is authorized. Assignement : Pages 216 to 218
12