Risks to Data and

Personal Information
Maung Maung Kyaw
Chapter 6
Introduction
• Huge amounts of data are transmitted and stored digitally, and a lot
of this data contains personal for financial information
• Because of this, digital systems are targeted by criminals who try to
access data so that they can use it to commit fraud or identity theft
• You need to be aware of the risks to your data when operation online
• You also need to know about the methods that are used to secure
data in order to prevent unauthorized access and use
Risks to Data and Information

50 million 700 billion

tweet every minutes spent
day of Facebook
every month
2.9 million
emails sent
24 petabytes of
every second
data processed
by google every
day
Unauthorized Access
• Access to networks by users who are not permitted to access the data is called
unauthorized access
• Unauthorized users can attempt to gain access to networks directly by themselves
• They may create software that runs thousands of times per second on devices,
inputting multiple login details in order to attempt to gain access to networks
with poor security
• In 2012, a survey showed that 31% of people store financial data on their PC
• Devices on a network can be targeted by unauthorized users in order to be used
as botnets
• Botnets are groups of computers that have their resources used for harmful
purposed, such as running and spreading malware
Malware
• Malware (malicious ware) is software that is created with the intention to do harm
• Malware can show messages, play sounds, delete files or reprogram systems to
perform tasks that will harm the system and the connected hardware
• Some malware (known as ransomware) threatens to delete a user’s files or places
restrictions on a user’s access to software or resources until money is paid, usually
to an anonymous account
• These messages are usually very threatening and distressing for users
• They are often written in a way that makes the user believe that they must pay
quickly
• This puts pressure on the user to act before they have time to think clearly about
the threat and how to manage it
Ransomware
Activity
• Research Stuxnet malware and the damage that it caused to nuclear
facilities in Iran.
• Discuss your findings with your class
Accidental deletion
Users can sometimes delete files or even the entire contents of a drive
by mistake. This can happen if:
• They press a key on a keyboard by accident
• They format media on the wrong storage device
• Their device loses power unexpectedly
Theft of personal data
• Criminals use a number of methods to steal personal data
Phishing
• Phishing is a technique used by criminals to get personal information
and payment details from users
• It involves sending large numbers of messages that appear to be from
real organizations, such as shops, banks or charities
• Phishing messages are often sent as emails. These emails ask the user
to provide their information by replying to the message or following a
hyperlinks that opens a webpage into which the user is asked to you
their personal details
Phishing email
Phishing
• Sometime, phishing messages are highly customized or personalized
and are targeted at a smaller number of particular users
• This technique as been known as spear phishing
• Phishing messages can also be sent via SMS or instant message apps
so that users open the fake webpage in a mobile browser
• Users may not realize that the webpage is fake, particularly if they
have never seen the company’s real webpage in a mobile browser
• As a result, they might type in their username and password details
and reveal this personal data to the criminals
Pharming
• Link phishing, pharming is a technique used by criminals to gain personal
information and payment details from users
• Criminals create fake versions of trusted websites to trick users into entering their
login details, which are then used by the criminals to access users’ accounts
• There are two main methods by which users are directed to a pharming site
• Internet traffic going to the real website is redirected to the fake website, so that users think
they are visiting the real thing. Criminals do this by altering the domain name servers to make
internet traffic go to their fake site. They can also use malware to redirect web requests
• Often, the URL of a pharming website is designed to be very similar to the URL of the real
website. This means that if a user misspells the URL when typing it into the address bar of
their web browser, they could go to the pharming site by mistake. For Example, if the URL of
a real bank is http://moneybank.lk and the criminals create a website with the URL
http://moneybamk.lk, it could easy for the user to make a mistake and arrive at the fake
website
Fake form
Method of Secure Data and Personal
Information Online
• Data transmitted online is sensitive and valuable
• Protect that data from unauthorized access
• There are several different methods used to secure data and personal
information
• Firewalls
• Encryption
• Password, PINS and Biometrics
• Captcha tests and security questions
• Anti-malware
• Access rights and file permission
• Secure websites
• Email attachments and web links
Firewalls
• Firewalls control the data travelling into and out of a network
• They examine the network addresses and ports of the data
• They compare those details to a list of rules that can be changed by
network administrator
• The list of rules determines what traffic should be allowed to travel
into and out of the network
• Firewall can prevent unauthorized access to a network and protect
the network form malware
Encryption
• Encryption uses a key to scramble data into an unreadable form
• If encrypted data is intercepted on the network, it is useless unless
the interceptor has or can identify the key
Passwords, PINs and Biometrics
• Password, PINs and biometrics are used online to authenticate a user
so that they can access an online system, such as webmail or an
online bank account
• User should make sure that their password is:
• More than eight characters long
• A mix of letters, numbers and symbols
• A mix of uppercase and lowercase letters
• Made up of random characters
• Changed frequently
• Something that they have not used before
Passwords, PINs and Biometrics
continue
• When entering a password or a PIN, the characters are often masked
so that anyone watching the screen cannot see what is typed
• Some services allow the password to be remembered. This is not
recommended for multiple users of computers with stand-alone
operating system, as it may mean that another user can access
someone else’s accounts
• Network operating systems are more secure and will not allow
different users to see each other’s passwords
Activity (your online security)
Make a list of the websites that you use that require a password. List up
to 10 websites, then answer the following questions.
• Do you use the same password for each website?

• Do any of those sites contain sensitive data?

• Have you changed your password recently? If not, do it as soon as

possible
CAPTCHA tests and security
questions
• CAPTCHA is a computer program or system that can identify whether a user is a
human or a computer bot
• Bot is a computer program that can interact with systems or users
• When users create an online account, they may be given a test called CAPTCHA
test.
• CAPTCHA tests are used to make sure that data is entered by a human and not
by an automatic software program know as a bot or web robot
• Some CAPTCHA tests work by asking users to enter a randomly generated series
of letters and numbers that are displayed on the screen
• Automatic software cannot read the letters displayed, or enter them into the
required filed, so this is used to distinguish human users from bots
reCAPTCHA
• reCAPTCHA tests work in the same way as CAPTCHA tests, but they
use extracts of text from scanned books or a selection of images that
share common features
• When a user solves a reCAPTCHA test, their solution is used to help
digitize books and annotate image
• This helps to make more books available online and improves the
information provided in online maps and other services
Activity (Human versus computer)
Can you read the text better than the computer in the Figure

Scanned type This aged portion of society were

distinguish from

“niis” aged pntkm of society were

Computers read as
distinguish frow
Figure : Computers find it difficult to interpret scanned text from books
but human can read the text much more easily, which means that using
humans to interpret scanned text produces more accurate outcomes
Anti-virus
• A virus is malware that uses networks to spread to connected devices.
• Viruses are spread via communication software such as email or web
browser or by being loaded into a computer’s memory from external storage
such as USB flash drives
• Viruses often look like normal files
• They have unique virus definitions that can be identified by anti-virus
software
• Anti-virus software constantly checks files that are downloaded and loaded
by a computer for signs of virus definitions
• If the anti-virus software finds a match, it quarantines the file so that it
cannot be run
• Anti-virus software has to be updated regularly because virus code
can be changed, either automatically or by the developers of the virus
• This is a constant battle between people who create the threats to
data and people who create software to protect data
• Anti-virus utilities are often combined with software that protects
against adware and spyware
• Anti-virus software is often know more generally as anti-malware
Anti-Adware
• Adware displays unwanted adverts to users
• Anti-adware software detects, quarantines and removes adware
Anti-Spyware
• Spyware secretly monitors and records computer data and user input
• Keylogger is a type of spyware that monitors and records actions such
as key presses or mouse movements
• Criminals can then analyze this information to identify a user’s
passwords for websites, or financial data such as credit card numbers
and security codes
• Anti-spyware software detects, quarantines and removes spyware
Access Rights and Permissions
• Permissions can be set for access to files, folders or drives, allowing
users to read only or read and write to the file
Secure Websites
• Hypertext Transfer Protocol (HTTP) is used to exchange data between a web
server and a client
• Data transfer using HTTP is not secure, so Hypertext Transfer Protocol
Secure (HTTPS) was developed
• HTTPS authenticated payment servers and provides encryption using
Secure Socket Layer (SSL) and more recently, Transport Layer Security (TLS)
• HTTPS keeps communications private and provides security for users'
online accounts
• Web browsers often show that a website is secure by displaying a green
padlock in the address bar
Email Attachments and Web Links
• User should always be careful when opening email attachments or
hyperlinks in emails and other messages
• Some are fake and design to steal user’s personal information. Users
should ensure that anti-malware software is up to date and be
especially careful if:
• They do no recognize the sender
• The text is general, impersonal or irrelevant to the user
• The text contains spelling or grammatical errors
• The attached file is an executable file such as an .exe or .zip file
• The text contains a message telling the user to do something immediately
• The user does not recognize the URL
Loss of file or damage
• Loss of files or damage to files can be caused by:
• Theft
• Malware
• Flooding or fire
• Power cuts
• Good ideas for backup procedures are as follows:
• Set automatic backups
• Do not use optical media because they deteriorate over time and are fragile
• Schedule backups for late in the evening when users will not be using the data that is being backed
up in order to avoid conflicts
• Create more than one copy
• Keep one copy of a folder containing important files backed up using online storage
• Store copies at multiple locations
• Store important data in a fireproof safe
Backup Procedures
• Backups create one or more copies of data
• A backup is usually stored to an external storage device
• The data is more secure, because the backup files will be safe even if the original storage
device fails or is damaged, lost or stolen
• Backups can also be saved to online storage
• A copy of data is held in two different geographical locations
• Backing up to online storage can be slower because the process use the internet
connections
• Users should decide how many files to back up and how often they should back them up
• More regular backups will require more storage space
• Less frequent backups may result in a loss of data
Activity (Data Security)
• Read through the list of ideas for creating a thorough backup
procedure. Discuss how each idea will help to keep data secure.
Online Payment Systems
• People can pay for goods and services online using various payment
systems.
• These systems send payment details across networks to computers
that process the payments.

Many countries are moving quickly

towards a cashless society
Non cash payments differs in
different countries around the world
Online Third-Party Payment
Processors
• Online third-party payment processors like PayPal or Skrill allow users
to create an account so that they can send and receive money using
email accounts for identification
• Users can also use systems that link with online shopping applications,
which can make shopping easier and faster
Bank Cards
• Bank cards allow customers to pay for goods and services online and in
shops
• When paying online, you usually need to enter the:
• Card number
• Expiry date (and sometimes the start date) of the card
• Name on the card
• Three- or four-digit card security code (CSC)
• When a user chooses to use a card online, they are sometimes asked to
authenticate the payment by entering a password using a secure system
• These systems are used by financial organizations such as Master Card,
which operates the Mastercard Secure Code system
A bank card contains a number of security and identifying features
Contactless Cards Using NFC
• Near field communication (NFC) is used in payment cards to allow the
transfer of payment data
• The payment does not require a PIN or any form of user-
authentication
• If a card reader is in range and requesting payment, then the
contactless card will take payment up to a maximum amount
• This amount is limited, so that any people using card readers or apps
to commit fraud can only steal a small amount
• NFC cards can be wrapped in foil to prevent the very weak signal from
being intercepted by criminals
Questions
1. Which one of these is used to control internet traffic entering a networks
A. Server
B. Backup
C. Firewall
D. Encryption
2. Explain why CAPTCHA tests work
3. State the purpose of pharming and phishing
4. List three pieces of data from a bank card that a user is asked to enter when making an online
payment
5. Describe one way in which incremental backup differs from differential backup
6. Describe how encryption secures data on a network
7. State two methods used by an online system to authenticate a user
8. State two methods used by criminals to get users to visit fake sites
9. Explain one disadvantage of using online storage for backups rather than local storage