3.1 Operating online

OPERATING ONLINE

In this unit, you will learn about the impact of the use of digital devices on individuals, organisations and society, as well as the risks of operating online to individuals and organisations.

The digital world offers great opportunities to those who can access it. However, it is important to appreciate that not everyone has access to it and that those people who do have access must manage the risks of using powerful and developing technologies

RISKS TO DATA AND PERSONAL INFORMATION

Huge amounts of data are transmitted and stored digitally, and a lot of this data contains personal or financial information. Because of this, digital systems are targeted by criminals who try to access data so that they can use it to commit fraud or identity theft.

You need to be aware of the risks to your data when operating online. You also need to know about the methods that are used to secure data in order to prevent unauthorised access and use.

Learning Objectives of this section

Be aware of risks to data and information:

• unauthorised access

• deliberate damage by malware

• accidental deletion

• theft of personal data: phishing, pharming

Know about methods available to secure data and personal information online:

• firewalls

• encryption

• passwords, PIN, biometrics, CAPTCHA tests, security questions

• anti-malware, anti-virus, anti-adware, anti-spyware

• access rights, file permissions

• secure websites

• not opening email attachments or following web links

• backup procedures

Know about online payment systems: third party payment systems such as PayPal, bank cards, contactless cards using NFC — and how payments are protected: VeriSign, HTTPS

Unauthorized access

Unauthorized access is when a person gains entry to a computer network, system, application software, data, or other resources without permission.

The most common reasons for unauthorized entry are to:

Steal sensitive data
Cause damage
Hold data hostage as part of a ransomware attack
Play a prank

Sometimes, devices on a network can be targeted by unauthorised users in order to be used as botnets. Botnets are groups of computers that have their resources used for harmful purposes, such as running and spreading malware.

2. Deliberate damage by malware

Malware can show messages, play sounds, delete files or reprogram systems to perform tasks that will harm the system and the connected hardware.

Some malware (known as ransomware) threatens to delete a user's files or places restrictions on a user's access to software or resources until money is paid, usually to an anonymous account. These messages are usually very threatening and distressing for users. They are often written in a way that makes the user believe that they must pay quickly. This puts pressure on the user to act before they have time to think clearly about the threat and how to manage it.

3. Accidental deletion

Users can sometimes delete files or even the entire contents of a drive by mistake. This can happen if:

they press a key on a keyboard by accident
they format media on the wrong storage device
their device loses power unexpectedly.

4. Theft of personal data: phishing, pharming

Criminals use a number of methods to steal personal data.

4.1 Phishing

Phishing is a technique used by criminals to get personal information and payment details from users. It involves sending large numbers of messages that appear to be from real organisations, such as shops, banks or charities.

Phishing messages are often sent as emails. These emails ask the user to provide their information by replying to the message or following a hyperlink that opens a webpage into which the user is asked to type their personal details.

Sometimes, phishing messages are highly customised or personalised and are targeted at a smaller number of particular users. This technique has become known as spear phishing.

Phishing messages can also be sent via SMS or instant message apps so that users open the fake webpage in a mobile browser. Users may not realise that the webpage is fake, particularly if they have never seen the company's real webpage in a mobile browser. As a result, they might type in their username and password details and reveal this personal data to the criminals

4.2 Pharming

Like phishing, pharming is a technique used by criminals to gain personal information and payment details from users. Criminals create fake versions of trusted websites to trick users into entering their login details, which are then used by the criminals to access users' accounts.

There are two main methods by which users are directed to a pharming site.

■ Internet traffic going to the real website is redirected to the fake website, so that users think they are visiting the real thing. Criminals do this by altering the domain name servers to make internet traffic go to their fake site. They can also use malware to redirect web requests.

■ Often, the URL of a pharming website is designed to be very similar to the URL of the real website. This means that if a user misspells the URL when typing it into the address bar of their web browser, they could go to the pharming site by mistake. For example, if the URL of a real bank is:

http://moneybank.lk and the criminals create a website with the URL

http://moneybamk.lk, it could be easy for the user to make a mistake and arrive at the fake website.

Methods available to secure data and personal information online

Unauthorized access is when a person gains entry to a computer network, system, application software, data, or other resources without permission.

Firewalls

Firewalls control the data travelling into and out of a network. They examine the network addresses and ports of the data. They then compare those details to a list of rules that can be changed by network administrators. The list of rules determines what traffic should be allowed to travel into and out of the network.

In this way, firewalls can prevent unauthorised access to a network and protect the network from malware. See Unit 2 Connectivity (page 90) for more information about firewalls

2. Encryption

Encryption is a means of securing digital data using one or more mathematical techniques, along with a password or "key" used to decrypt the information. The encryption process translatesor scrambles information using an algorithm that makes the original information unreadable.

3. Passwords, PIN, biometrics, CAPTCHA tests, security questions

Passwords, PINs and biometrics are used online to authenticate a user so that they can access an online system, such as webmail or an online bank account. See Unit 1 Digital devices (pages 20-21 and 27-28) for more information about passwords, PINs and biometrics.

Users should make sure that their password is:

more than eight characters long
a mix of letters, numbers and symbols
a mix of uppercase and lowercase letters
made up of random characters (that is, not common words, names or dates)
changed frequently
something that they have not used before.

When entering a password or a PIN, the characters are often masked so that anyone watching the screen cannot see what is typed.

Some services allow the password to be remembered. This is not recommended for multiple users of computers with stand-alone operating systems, as it may mean that another user can access someone else's accounts. Network operating systems are more secure and will not allow different users to see each other's stored passwords.

When users create an online account, they may be given a test called a CAPTCHA test. CAPTCHA tests are challenges used to make sure that data is entered by a human and not by an automatic software program known as a bot or web robot.

Some CAPTCHA tests work by asking users to enter a randomly generated series of letters and numbers that are displayed on the screen. Automatic software cannot read the letters displayed, or enter them into the required field, so this is used to distinguish human users from bots

reCAPTCHA tests work in the same way as CAPTCHA tests, but they use extracts of text from scanned books or a selection of images that share common features. When a user solves a reCAPTCHA test, their solution is used to help digitise books and annotate images. This helps to make more books available online and improves the information provided in online maps and other services.

4. Anti-malware, anti-virus, anti-adware, anti-spyware

Anti-malware prevents malware from accessing or operating on computers. It scans computer files in real time and allows users to scan files, folders, disks or whole systems

4.1 ANTI-VIRUS

A virus is malware that uses networks to spread to connected devices. Viruses are spread via communication software such as email or web browsers or by being loaded into a computer's memory from external storage such as USB flash drives.

Viruses often look like normal files. However, they have unique virus definitions that can be identified by anti-virus software.

Anti-virus software constantly checks files that are downloaded and loaded by a computer for signs of virus definitions. If the anti-virus software finds a match, it quarantines the file so that it cannot be run.

Anti-virus software has to be updated regularly because virus code can be changed, either automatically or by the developers of the virus. There is a constant battle between people who create the threats to data and people who create software to protect data.

Anti-virus utilities are often combined with software that protects against adware and spyware (see the next sections on anti-adware and anti-spyware). For this reason, anti-virus software is often known more generally as anti-malware.

4.2 Adware

Adware displays unwanted adverts to users.

Anti-adware software detects, quarantines and removes adware.

4.3 ANTI-SPYWARE

Spyware secretly monitors and records computer data and user input. For example, a keylogger is a type of spyware that monitors and records actions such as key presses or mouse movements.

Criminals can then analyse this information to identify a user's passwords for websites, or financial data such as credit card numbers and security codes.

Anti-spyware software detects, quarantines and removes spyware.

5. Access rights, file permissions

Permissions can be set for access to files, folders or drives, allowing users to read only or read and write to the file.

6. Secure websites

Hypertext Transfer Protocol (HTTP) is used to exchange data between a web server and a client (that is, a computer that is accessing the web server).

However, data transferred using HTTP is not secure, so Hypertext Transfer Protocol Secure (HTTPS) was developed. HTTPS authenticates payment servers and provides encryption using Secure Socket Layer (SSL) and, more recently, Transport Layer Security (TLS).

HTTPS keeps communications private and provides security for users' online accounts. Web browsers often show that a website is secure by displaying a green padlock in the address bar.

7. Not opening email attachments or following web links

Users should always be careful when opening email attachments or hyperlinks in emails and other messages. This is because some are fake and designed to steal users' personal information.

Users should ensure that their anti-malware software is up to date and be especially careful if:

they do not recognise the sender
the text is general, impersonal or irrelevant to the user
the text contains spelling or grammatical errors
the attached file is an executable file such as an .exe or .zip file
the text contains a message telling the user to do something immediately
the user does not recognise the URL.

8. Backup procedures

Backups create one or more copies of data. A backup is usually stored to an external storage device. This makes the data more secure, because the backup files will be safe even if the original storage device fails or is damaged, lost or stolen.

Backups can also be saved to online storage. This means that a copy of the data is held in two different geographical locations. Backing up to online storage can be slower because the process uses an internet connection.

Users need to decide how many files to back up and how often they should back them up. More regular backups will require more storage space. However, less frequent backups may result in a loss of data (for example, if that data has not been backed up recently).

Loss of files or damage to files can be caused by:

■ theft ■ malware ■ flooding or fire ■ power cuts.

See Unit 1 Digital devices for information on backup utilities. Good ideas for backup procedures are as follows.

Set automatic backups.
Do not use optical media because they deteriorate over time and are fragile.
Schedule backups for late in the evening when users will not be using the data that is being backed up in order to avoid conflicts.
Create more than one copy.
Keep one copy of a folder containing important files backed up using online storage.
Store copies at multiple locations.
Store important data in a fireproof safe.

Online payment systems

People can pay for goods and services online using various payment systems. These systems send payment details across networks to computers that process the payments.

Online third-party payment processors

Online third-party payment processors like PayPal or Skrill allow users to create an account so that they can send and receive money using email

accounts for identification. Users can also use systems that link with online shopping applications, which can make shopping easier and faster.

Bank Cards

Bank cards allow customers to pay for goods and services online and in shops. When paying online, you usually need to enter the:

card number
expiry date (and sometimes the start date) of the card
name on the card
three- or four-digit card security code (CSC).

When a user chooses to use a card online, they are sometimes asked to authenticate the payment by entering a password using a secure system. These systems are used by financial organisations such as Mastercard®, which operates the Mastercard SecureCode® system.

CONTACTLESS CARDS USING NFC

Near field communication (NFC) is used in payment cards to allow the transfer of payment data.

The payment does not require a PIN or any form of user-authentication. If a card reader is in range and requesting payment, then the contactless card will take payment up to a maximum amount. This amount is limited, so that any people using card readers or apps to commit fraud can only steal a small amount.

NFC cards can be wrapped in foil to prevent the very weak signal from being intercepted by criminals. See Unit 1 Digital devices (page 30) for more information about the uses of NFC.

Protecting online payments using HTTPS

Page updated

Report abuse