5.3.2 Protecting Data

Preventing unauthorised access:

The information covered in 5.1.1 Security describes a range of methods for preventing unauthorised access to computer systems.

Data Encryption:

Encryption is a way of protecting data by scrambling it up so that it unreadable without a special decryption code. Only an authorised users would be given this code and the software to use it.

E-commerce web sites use encryption to protect the personal and financial details of their customers when such information is transferred over the Internet. If someone did manage to intercept the information it would be unreadable.

You can tell a website that is secure because it will use the protocol https://  instead of http:// at the beginning of the website address (URL) and a closed padlock symbol should appear in the bottom-right of the browser window (IE Explorer).  You should never enter financial details over the Internet unless you have made these checks and are sure that the website requesting them is trustworthy.

Computer fraud:

This is a criminal activity where someone uses a computer to defraud an individual or organisation of money or goods. Computer fraud can be difficult to detect because:

• it is very hard to track down and the people committing the crime are often very skilled
• offenders are often young, with no previous criminal records
• it is often not publicised as news of the fraud may damage the image of the company

Identity theft is often linked to computer fraud as criminals can shop online or access bank accounts if they capture the personal details of a genuine user.

Spyware is software downloaded by a user, often hidden inside a program they download for another purpose.  The Spyware can record the websites they access and some versions record keystrokes such as passwords when a user accesses secure online websites such as online banking.  The log on details are then passed by the computer over the internet to the criminals for fraudulent use.

Trojans are programs that can allow other users to access your computer remotely over the Internet.

Key loggers are programs installed on a computer that log every key-stroke a user makes.  On a public computer a fraudster can log on, install the key logger, then log off.  The key logger will continue running, even if the computer is restarted, so all the key strokes of the next user are captured.  When that user logs off the fraudster logs on again and simply reads the log file to access passwords etc.

The term phishing applies to a situation where an email is used to find out confidential information, such as a username and password, so they can be used for fraud.  These emails often direct the user to a fake website which they try to log onto, thinking it is the genuine secure site they normally use. The details they enter are then passed to the criminals and the user is directed to the genuine site without being aware of what has happened.

To reduce the risk of becoming a victim of computer fraud:

• Only enter personal or financial details into a website that is secure (uses encryption).
• Never enter secure information on a public computer which could have a key-logger installed.
• Install anti-Spyware software, keep it up-to-date and scan your computer regularly.
• Install anti-virus software, keep it up-to-date and use it to scan your computer / email  for Trojans that allow others to access your computer.
• Never respond to emails asking you to go to websites and enter your security details.  Genuine emails from genuine companies will never ask you to do this.
• If you are going to enter personal or financial details on a website then avoid accessing it by using hyperlinks from another sites or hyperlinks in emails because these could be links to phishing websites.   Typing in the website address (URL) yourself is always the most secure method of accessing a website.
• Keep your operating system and Internet browser up-to-date with the latest software patches and security fixes.