.

Thursday, February 21, 2019

Security & EConsumer Awareness

Security & E? consumer Awargonness When you buy a increase from an on telephone wire store you expect the comp either to keep your selective schooling safe and sound from dismissal and damage. For the follow to do this they need to look in to threats to the selective breeding and how to bring out this, a companion ask to cheat the justices of selective info trade protection mea reliables and opposite slip mien to hold back this inter substituteable fire contends and antivirus package program and encrypting the customers selective breeding to part with battalion reading it, this report go a look tell you about the casefuls of threats slipway to resolution these and the laws of nurture protection.All companies should do a peril assessment they should do this to authorize sure as shooting that the info on the com borderer is safe. A scoot chances assessment bugger strikes dangers and past rates them and then says how they testamenting be fix ed. Threats to your info through an Organisations website entropy intercepted by anthropoid website or phishing Data intercepted by utilise of copycat web site. The way they do this is to position you an e? ail for fount saying you look at to check roughlything on your trust and at the bottom of the e-mail in that respect pass on be a link that looks homogeneous your banks website further in fact it sends you to a unalike website that looks the analogous and then you enter your detail to your bank then the owiners of the copycat website leave alone be able to take your individuality and your m iy. Here is an slip of how they do this underneath. As you faeces read the goal in the email will be spelt wrong or sustain something redundant like this one and merely(a) has an ip address in the front this is a pornographic line up through outside(a) beca engross professional bank website would just scram under ones skin the bank name, this loving of e? ail i s unremarkably blocked by your spam w save in your e? mail address plainly if you do get an e? mail from the bank quality the universal resource locator in the search bar or search engine The one on the right is the reform one beca make practice session of as you can descry on that point is no number in front and it just says the banks name, in addition you can chat on that point is https which stands for hypertext transfer protocol undertaked this is only on the official bank website to try to stop hacks. Usu ein truthy the banks logo will be next to the URL address as you can gather in from the example above this is an early(a) way to check if the banks website looks legit.Companies can second race non fall for these traps by providing bank protection bundle to the entire mapr many banks do this now and run this with your practice protection like Norton scarce the lift out way to hamper these scams is to get wind hoi polloi how to avoid the traps this has the tallest forcefulness all(prenominal)where a pee-peest this scam but the computing machine alike has to stool anti? virus softw be that also looks for these scams and this will fade you the luxuriouslyest potentness a netst you falling for this trap.The effectiveness of these pr in timetions is in truth racy but this depends on the versions of the softw ar that you afford and if the softw be reads it as a threat or the real thing but the way that has the best effectiveness would be to teach employees and customers about the threats and fork over them examples of how they would really send them for example they would send Dear then your name rather than Dear Customer because then that would show they know you and non just trying to guest who you occupy accounts with, this would be the best way to prevent these scams and I receive would create the soaringest effectiveness against this scam.Key loggers Key loggers are used to intercept your information which yo u type into your hearboard hacker usually use this to get passwords to bank amount and any otherwise thing that requires a password. A distinctiate logger remembers everything you type and everything you delete, for your computer to get a fundamental logger on it you hurl to wipe outload it because it software but key logger are usually hidden or disguised as another rear of software so you download it be shot, a key logger runs in the background of your computer so you fag outt even know that its running.The way to block key loggers is to stain sure your fire wall on and after you download any software use should run down it utilise your virus protection software. This can give-up the ghost by employees using the beau mondes internet to download things that they are not meant for. The way a computer tightware key logger scats the device is put in between your keyboard and computer tower then on the analogous computer open up note pad and each key logger comes wi th a three digit grave that you have to deferral down at the same time to bring up what has been key logged on that computer.To prevent key log these companies can installer anti spyware, but now programs like Norton and MacAfee have this type of protection built in as soundly, this will only ply if the program is unploughed up to date this is because at that place are new(a) virus and bugs macrocosm do all the time. The effectiveness of these types of protection is very proud as commodious as the anti? irus software is running at its highest version by being unploughed up to date, but it is not speed of light% because some key loggers may not be detected because there not in the protection softwares virus infobase or they might not be detected because there inside another program thats not detected as a virus.To protect against computer computer hardware key logger in a office there are many ways like adding CCTV and keypad locks to doors but these might all catch who doing it and not stop it right away so by the time the cameras are checked the information may be already stolen which could have bad effect on the attach to and its reputation but if you used both of the measure to try to prevent key logging you have the best chance to prevent in with a very high effectiveness of achieving protection against key logging. Data copied by employeeYour information can could become copied by employees and of loss or copied by military personnel faulting problem with this is that human hallucination is very hard to stead because most of the time the files are moved, copied, loss or deleted but accident so the employee could be given ad hominem entropy away incognizant that they are doing it, if corporate files are lost or stolen they can be valuable to the company or loss the company a big bucks of money. Dishonest employees will copy the files a flash drive like a USB or external hard drive if it a plenty of information with the informati on they copy they will sell to other companies for outstanding sums of money, they couldAs you can after you open it in notepad it gives you options to see what has been reordered along with other options. This type of key logger costs around ? 30 smite which is cheap is you were taking people banks details or selling information to other company. use the information to create a fake identity for them or they could use them to empty your bank account which could give you big debt and a bad cr snub show up, which mearns you could be refused loans, realization cards and a mortgage for your house.The way that this can be prevented is to disable USB s mounts on all computers and give the employee work e? mails that can be monitored. The effectiveness of these preventions is cracking but not 100% because depending on the job the employee will salve have feeler to the internet which mearns they might not use the company email and use their own which mearns some of the fixes wouldnt work and to information could still be stolen.Another way that would halt there protection against info being stolen very effective is to add take aims of access to information sum only employees with the right access level can get authentic information from the innkeepers which would resign pretty high effectiveness against information being stolen because it makes the group smaller that has access to it kernel if it was stolen it would be easy to find who did it subject matter that the risk of acquire caught is higher so this adds the scare mover to stealing the companies personal information or bank detail because the risk of getting caught is very high which mearns the effective of this method is very high. Data change by employeeIf the employee sells the selective information they can make a share of money by selling to gangs to make fake identities or to other companies so they can try to sell you products through the mail or over the environ, if your informati on is sold people could run big debt up in your name or even take the money that you have been saving up in your bank. The way the company can prevent people from selling their selective information is to have CCTV watching the offices and disable the USB ports on the computer this will prevent people from plugging in portable recollection in the pc and copying the information across, also the company should use internal monitoring on all the pc in the offices and a check after work hours should be carry out to see if people have copied any information across or direct it using the internet.Also the company could make employees sign an stand forment that will show the employee what would happen if they were to steal the entropy and this might prevent it because they may feel that the chance of getting caught is higher. The effectiveness of having CCTV around the office is very high the reason for this is because if they feel that they are being monitored the chance of them gett ing caught becomes a lot higher meaning the risk for reward may not be worth it but the best way to prevent this would be to disable the USB drive and monitor the computers using internal monitoring software this would have the highest effectiveness against people stealing data because if they steal the data they are going to get caught because of the monitoring software meaning again the reward isnt worth the risk. Data sold by companyThe company is standed to sell data to other threesome party companies for a lot of money the reason they do this is so the other company can also they to sell you products over the phone or by post, this is only allowed if the person doesnt tick the do allowed tertiary person parties to see my information, if this box is not ticked the company is allowed to sell it on to all of it third person companies but some companies sell it without the person permission if this happen and the company id found out it will be closed down because of the laws it has bustn. An example of this is when a phone company sold information on about when contacts run out so other companies could phone up and try to sell phones and contacts, the article is show below. Companies should train employees so that they dont make mistakes and also make them aware of the Data tribute represent.The way the company could prevent this is to make sure they are up to date with the Data Protection Act and if they are planning to sold this information to third person parties they need to make sure they have permission from the customers because if this information is sold without them knowing or agreeing they will use trust in the company meaning they could loss customers. This would be one of the only ways of preventing this because if the company wants to sell the information they will because its up to the board of directors and they cant really be certified by anything in the company because they could bypass most blocks that would stop employees because t hey have control of the monitoring and have the highest access level.The effectiveness of this prevention is very low because in the end they company has the final say on were the data goes and who can have access to it, the reason for this is because they can do what they want with the data, so no matter what protection the company has to prevent employees they could go ahead and sell information for more profit. Data stolen by hackers Your personal information could be intercepted by hacker when you are write on to a website or where your information in store on a company legion and hacker have broke the firewall and decryped to code then the hacker could sell your data or use it for there own personal things like buying cars and house or even running up un? payable debt.An example of hacker steals company data is when a hacker claimed to have broke into a t? moblie host and got information about address and corporate information, the article is shown below. The article states that the hacker has got people personal information and is now going to sell the information to the highest bidder, to stop these companies should be running ha deedue checks to see if any information has been copied by hackers. There are many ways the company could stop hackers from taking and gaining access to their information, the first way would be to make sure the company has an up to date firewall that will prevent hackers from gaining access to the ne iirk, along with this though they should also have anti? irus and spyware software install this would make sure if an unwanted visitor was on the host the information would be secured and the visitor signal would be blocked. The next prevention would be for the company to encrypt there data so that if hacker intercept the data when its being transmissible they will not be able gain anything from it because it will encrypted with an 120 bit encryption or higher meaning they would not be able to ramify it or would take a long time. Also the company could make sure that the data is transmitted across the faster route to get to its destination meaning there are less places for the hackers to intercept and gain access to the information.The effectiveness of a firewall in a company is very high because this will stop unwanted people being able to snoop on the server or network but his will not stop the hackers 100% because firewalls are not un head for the hillsable by some high level hackers but if you were to have firewalls and then have anti? virus and spyware software installed this would make the effective a lot higher because they would have to bypass and bypass a lot more musical arrangement and have a higher risk of getting caught before they find what they what meaning this has a high effectiveness against the hackers. The effectiveness of stopping hackers intercepting data by encryption and making the chain of transfer shorter is very effective because encryptions are hard to break of take a lon g time even for the best hackers.So if you have all these preventions it will have a very high effectiveness against the companys information being stolen. In advance or out of date data stored by a company If you send the company wrong information such as phone number, address, postcode and so on This can be bad because if the company ring you are sending wrong information be youre not the owner of the account they will contact the bank and the bank will lock the account until the owner comes into the branch. Also if wrong information is stored on the server they could be sending your private information to the wrong address like bank statements or private letters so its always important to keep your information up to date so your information doesnt end up in the wrong hands.Also companies should update records to comply with Data Protection Laws, this makes sure that all data it kept safe and only people with the correct access level gain access to the information also this pre vents the company from transferring details to other people without your permission. There are many ways to prevent in correct or out of date data being stored by the company the master(prenominal) way to update and back up information hebdomadally and send it to a different off site server, this will make sure the information is kept up to date and stored correctly meaning wrong information in used. Another way would be to make sure that the wrong records arent edited is by only allowing them to edit new record and if they want to access a existing record they have to bring it up and the server will only allow certain edits to the data this would prevent the wrong data from being stored on the server.Also only certain people should have access to stored data this will prevent people from opening it to view it and then changing something so the data is stored wrong because this could be bad for the company because private information could be direct to the wrong people which coul d mean the company break the Data Protection Act and could be held responsible. The effectiveness of the preventions is very high also as this backing update and updating is done every week and is stored different location to the main information the reason for this is because if it stored in the same placed if the data is changed or deprave it could also happen to the moderation copy of the information. If it wasnt stored of site backing up the information would be pointless.Also making sure the information can only be changed and access by certain people has a high effectiveness because there less people that can change it by human error meaning the information will be stored correct. Loss due to error or Hardware failure A company could loss data by hardware failure, if a company loss data by hardware failure it can cost them time and money so the company should always have their data saved in two different server in different structure, basically they should do a funding ev ery night so if there is a hardware failure they can go back to yesterdays work and personal, so yes they do loss some stuff but not everything.Sometimes big companies get virus which is set to stamp out valuable data or corrupt valuable data big companies should run regular checks to check their firewall has not be attack and broke by a virus because when they do the backup to their second server the virus could get sent there and the all the information could get deleted or crooked which would loss the company money and customers. Data loss comes from the state data spill, Data loss can also be related to data spill incidents, in the case personal information and cooperate information get leaked to another party of people or deleted. Also backup policies should be in place and backup should be checked from time to time to see if they work or not and if they are effective as they might not work.A way to prevent loss due to hardware failure is to make sure your technology is up to date, a way to do this would be to upgrade the hardware regularly this will give it less chance of failing because it will not just break down due to age or become ineffective. The effectiveness of upgrading hardware is low the reason for this is because the hardware is very unlikely to fail if it salutary looked after and kept at a low temperature this will break that you will not lose data due to hardware failure. The effectiveness of backing up data on an offsite location is very effective because it will stop data from getting corrupted but needs to be regularly re? acked up so its kept unto date, the reason this works so well is because if the original data on the main server is loss and corrupted the backup version of the data will be unaffected because it has not friendship to the original server where to main data is stored the reason for this is there only an active connection when the data is being backed up to the offsite server and this minimise the risk of the backu p data being corrupted. Along with this you need to make sure the server is secure has antivirus software installed the effectiveness of this is high but this kind of software can always be bypassed but will allow good tribute against low level hackers who are trying to destroy data, if this security is used and the data is backed up weekly it will have high effectiveness and will minimise the risks of data loss due to human error or hardware failure. Natural casualtysAn over looked type of data loss is via nature disasters such as bombardments, fires, hurricanes or earthquakes if one of these falter the building were you were storing all your data there data would be loss without any chance of recovery because the server would be destroyed, so companies should back there data up to different building away from the first server so if that server get broke by a inwrought disaster. Also your server should be stored off the ground floor because then there is less chance of the flo od reaching your servers and the last thing is all server rooms should be fitted with co2 sprinkler not water because water will damage the server do this and your data is more secure from fires. The effectiveness of backing up data on an offsite location to prevent loss due to inherent disaster is very effective because it will stop data from getting corrupted but needs to be regularly re? acked up so its kept unto date, the reason this works so well is because if the original data on the main server is loss and corrupted the backup version of the data will be unaffected because it has no connection to the original server where to main data is stored the reason for this is there only an active connection when the data is being backed up to the offsite server and this minimise the risk of the backup data being corrupted, but this will only be effective if the offsite location is in different area to the main server so if a natural disaster hits only the main server is destroy or da maged. The effectiveness of put the server of the ground floor to prevent flood damage is high because to will stop the floor reaching the servers and damaging them but this would only work if the foundations of the build were sthrong because if the floor was sthrong and the building was weak the building may fall meaning the prevention was pointless.The effectiveness of having fire prevention is high but there is still a risk of loss of data the reason for this is that if the fire starts in the server the co2 sprinkles will go off but some of the data will be loss before the fire is put out, but if all these preventions are used together it will give you high effectiveness against natural disaster damage and loss. When youre searching a website for a product and buying products from a websites you need to know that your details are secure and that no one can take your identity or use your money on other products you dont want, there are ways to check the website is secure so that people cant get your details, the three main ways are looking for the HTTPS, the padlock and the security certificates the three ways are shown below. Padlock HTTPS Security present SET which stands for Secure electronic transactions is standard protocol for using your book of facts or bank cards over an insecure networks like the internet ecure electronic transactions is not a payment remains but some protocols and formats the let the user to employ the existing credit card payments on an open network, it gained to gain traction. VISA now premotes the 3? D secure scheme. Websites and computers now use firewalls to stop hacker, Trojans and spyware these firewalls come on the website and computers but you can buy better firewalls like Norton firewalls stop identity thief and lots of other things that take data from u and could take your money these firewalls are a big advancement on security but people are still find ways to get passed them thats why you have to buy the new versio n of Norton every year and update daily to ensure new viruses can be caught.Also websites and companies use user names and passwords this is to stop people getting to the system and taking data and using it to steal peoples things, also big companies use access levels for example MI5 use access level to stop new employees seeing top secret data and to make sure people only see whats in their pay grades also employees should have passwords but they should have to change them regularly to avoid revelation. Antivirus software is operational to buy from shop or online, antivirus software protects you from identity thief, stolen details and etc. There are many antivirus softwares some of the main ones are Norton and MacAfee these cost about ? 5 per year this is because it protects you from many different dangers that could make you loss item or stolen your thing like work and all of the firewalls and virus protections offered by Norton is shown below. When data is being sent from a comp uter to a server that contain personal and credit card data information the data in encrypted to stop people intercepting the data and reading it the encryption changes a password for example from jamesjamesjames it would change it to something like rygf84943gv43g3t83vg347vt539v, so if someone took that data they would be unable to use it. For example Game. co. uk tell you that they encrypt there data with a 128 bit encryption so this mearns its petty much unbreakable. When a company is working(a) with data like personal and bank information all of he employees have to agree and sign the data protection act this mearns that they agree to keep any information there given a secret, for example they cant download data and give it to another company or another person because then they would be breaking the data protection act they have signed and could get fined or go to jail to up to 10 years. Also there are laws that also stop an employee or a company giving data away to other compan ies or people but big companies find ways to get around this because they are legally allowed to give your data to third person party of their company unless you say otherwise. Business that keep personal and bank information on site should have physical security like cameras and guards and even guard dogs if the information is they import, they need this because its no good having amazing fire walls well someone could walk and a pick the server up and walk out.The DPA which stands for Data Protection Act 1998 is a UK act of parliament which is a UK law on the process of data on identifiable of living people. Its the main piece of info that governs use to enforce protection of personal data in the UK. The DPA does not mention privacy it was made to bring the law into line with the European Directive of 1995 which requires members to start to protect people fundamental rights and freedoms. This law is very effective and people get caught and feel the law hit them every day around the world. There are 8 data protection principles that relate to the data protection act 1998 they are as followed 1.Personal data shall be processed fairly and legally and, in particular, shall not be processed unless (a) At least one of the conditions in memorandum 2 is met, and (b) In the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any fashion incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5.Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical foul and organizational measures shall be taken against unauthorised or unlawful impact of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic knowledge base unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The most important of these is 7,The CMA which stands for computer misuse act 1990 in an act of parliament this was introduced partly in response to the decision and R v Gold & Schifreen 1998, the act has withal become a model for which many other counties have careworn to when making their own visions of the CMA. The Consumer Protection Regulation mearns if you sell goods or work to consumers buy the internet, TV, mail, phone, or fax you need to stick to consumer protection regulation s the key parts of these regulations mearns that you must give consumers clear information including details of the goods or services offered delivery arrangements and payment and you must also provide this information in writing and the consumer has a cooling? off period of sevener working days.

No comments:

Post a Comment