Safety and Security of people and Data

Safety and Security of people and Data

This will be a two part series on Safety and Security.  In this first part, we will learn about physical security which covers health aspects and safety aspects, E-safety, security of data which covers hacking, phishing, smishing, vishing, pharming, spyware, viruses, spam, moderated and unmoderated forums and cookies.

What are the Health risks associated with the use of computers?

As per Health and safety regulations, all computer systems should atleast have tiltable and anti-glare screens, adjustable chairs and foot supports, suitable lighting and uncluttered work stations. They also recommend frequent breaks and frequent eye tests.

Given below are a number of health risks along with some idea as to how to remove or minimise these risks:

Health risk Ways to minimise or eliminate risk
Back and neck problems/strain 1. Use fully adjustable chairs to give the correct posture.
caused by sitting in front of a 2. Use foot rests to reduce posture problems.
computer screen for long periods 3. Use tiltable screens to ensure the neck is at the correct
in the same position. angle.
Repetitive strain injury (RSI) - 1. Ensure correct posture is maintained i.e., correct angle
damage to fingers and wrists of arms to the keyboard and mouse.
caused by continuous use of a 2. Make proper use of a wrist rest when using a mouse or
keyboard or repetitive clicking a keyboard.
of mouse buttons. 3. Take regular breaks and do simple exercises.
4. Make use of ergonomic keyboards.
5. Use voice-activated software if you are prone to
problems when using a mouse and keyboard.
Eyestrain caused by staring at a 1. Ensure that there is no screen flicker as this can lead to
computer screen too long or eye problems.
having incorrect lighting in the 2. Change to LCD screens as flicker is less of a problem
room. than with CRT screens.
3. Take regular breaks and try focusing on a point that
is some distance away.
4. Use anti-glare screens if lighting in the room is
incorrect; or use window blinds to reduce sunlight
reflecting from the screen.
5. Get your eyes tested on a regular basis - middle
vision glasses should be prescribed if the user has
persistent problems like eye strain, dry eyes,
headaches, etc.
Headaches caused by incorrect 1. Use an anti-glare screen or use window blinds to cut out
lighting, screen reflections, reflections as incorrect lighting can cause squinting and
flickering screens, etc. lead to headaches.
2. Take regular breaks and do simple exercises.
3. Have your eyes tested regularly and use middle vision
glasses, if necessary.
Ozone irritation caused by laser 1. Ensure proper ventilation to prevent accumulation of
printers in an office area - dry ozone gas.
skin, respiratory problems, etc. 2. Ensure laser printers are housed in a designated
printer room.
3. If possible, change to other types of printers.

What are the safety risks associated with the use of computers?

Safety deals with dangers that could lead to serious injury or even loss of life.

Given below are a number of safety risks along with possible solutions to mitigate them:

Safety risk Ways to minimise or eliminate risk
Electrocution 1. Use an RCB (residual current breaker).
2. Check insulation on wires regularly.
3. Do not allow drinks near computers.
4. Check equipment on a regular basis.
Trailing wires (trip hazard) 1. Use cable ducts to make the wires safe.
2. Cover wires and/or have them neatly tucked away under
desks, etc.
3. Use wireless connections wherever possible, thus
eliminating cables altogether.
Heavy equipment falling and 1. Use strong desks and tables to support heavy hardware.
causing Injury 2. Use large desks and tables so that hardware isn't
too close to the edge where it can fall off.
Fire risk 1. Have a fully tested C02/dry fire extinguisher nearby
not water extinguishers.
2. Don't cover equipment vents causing equipment to
overheat.
3. Make sure that the electrics used in the hardware is fully
maintained i.e., portable appliance testing.
4. Ensure good ventilation in the room again to stop
overheating of hardware.
5. Don't overload sockets with too many items.
6. Change to low-voltage hardware wherever possible.
E.g., Replace CRT monitors with LCD monitors.

Apart from the good health and safety strategy, what other checks should we do at home on a regular basis?

Over and above the good health and safety strategy, the following checks should also be done at home on regular basis:

  1. Check and replace all lose/damaged wires and cables in the plugs, while also checking the plugs for any kind of damage and replacing them, if so.
  2. Do not keep any liquids like tea, coffee, cold drinks, etc., near the computer to prevent spillage.
  3. Firmly fix wires along walls and behind desks, wherever possible, to prevent the risk of wires coming into contact with people.
  4. Do not cover computers with paper or fabric e.g., towels or sheets, since these can either block ventilation holes causing computers to overheat or these materials could catch fire.
  5. Avoid plugging in too many devices into an electric outlet socket as overloading a socket could cause a fire.
  6. Exercise every hour or so to prevent health risks.
  7. Do an 'ergonomic assessment' of your work station. Many online questionnaires will be able to guide you to check whether your work station is set up properly for your own health and safety. You may have to buy new chairs or computer hardware to minimise the impact of sitting in front of screens or typing for long periods at a time for your better health and safety.

What is meaning of E-safety?

E-safety means safety when using the internet, i.e. keeping personal data safe and applies to any of the following devices:

  1. Mobile phone
  2. Computer or tablet
  3. Games console
  4. Wireless technology.

Personal data refers to any data concerning a living person by which a person can be identified either from the data itself or from the data in conjunction with other information.

Examples of personal data includes the following:

  1. Name
  2. Gender
  3. Features (facial, body, etc.,)
  4. Address
  5. Date of birth
  6. Medical history
  7. Banking details

Some personal data is often referred to as sensitive personal data and includes:

  1. Ethnic origin
  2. Political views
  3. Religion
  4. Sexual orientation
  5. Criminal activity.

What are the e-safety issues that could be encountered when using ICT/computers?

E-safety also refers to the benefits, risks and responsibilities when using ICT.
The following list below gives some idea of the e-safety issues that can be encountered by users of ICT hardware:

  1. Never reveal any personal data to people who are unknown to you; this is especially so when online where it is not possible to physically meet people to access their motives. As it is very easy to cheat online, it is very difficult to determine whether they are genuine or not.
  2. Do not send people your photos to any unknown person either online or via a mobile phone. It is very easy for somebody to pass these photos on or even pretend to be you for a number of reasons; this is a particularly large risk on social networking sites.
  3. Always maintain your privacy settings on whatever device is being used online or during communications. This way you can control which cookies are stored on your computer or they enable you to decide who can view certain information about you, e.g., a social networking site.
  4. When accessing the internet make sure the websites being visited can be trusted. Look for https or the padlock. Always keep the device settings to 'safe search' when using search engines and the highest possible level of security is used.
  5. Only use websites recommended by teachers or adults and only use a learner-friendly search engine.
  6. Open only those emails which are from known sources. Check with your internet service provider (ISP) whether they have implemented any email filtering feature so that unknown emails are sent to the spam box.
  7. Only email people whom you know. Always think twice before opening any email and also ensure that you never include your school's name or photos of a student wearing a school uniform in any email.
  8. Always be extremely vigilant when using social networking sites, instant messaging or chat rooms:
    • immediately block or report anybody who acts suspiciously or who uses inappropriate language.
    • Always be very careful with the language used in chat rooms.
    • Never ever reveal your real name and always use a nickname.
    • Keep all your private and personal data secret.
    • Don't enter private chat rooms instead, stay public. The danger signs to be noted in a private chat are: somebody sounds too good to be true, they would ask you to go to instant messaging and then to emails, they could request your telephone number and then finally suggest that you meet.
    • Never plan to meet anyone for the first time on your own.
    • Always inform an adult first and meet the person in a public place.
    • Avoid the misuse of images.
    • Always use appropriate language
    • And last but not the least, always respect people's confidentiality.

The above list is by no means exhaustive but gives some idea of the risks associated with using computers, phones and tablets online. Basically, any device that allows communication either through the internet, via phone networks or even via wireless communications has a number of risks associated with it. As long as users take these simple precautions, these risks get considerably minimised and ICT can be used to its full potential.

What are the risks associated with online gaming?

Online gaming carries its own risks and the user needs to be very careful. In the real world as all players are not like-minded, there are real risks associated with this type of communication.

Some of the known risks reported over the years include:

  1. Violence in the game itself, which can lead to violent behaviour in real life.
  2. Predators or people who prey on others who they see as vulnerable.
  3. Voice-masking technology to disguise a voice to mask their gender, age or even their accent.
  4. Use of webcams - the risks here are obvious.
  5. Cyber bullying or the use of electronic communication to bully a person, typically by sending intimidating or threatening messages.
  6. It has been observed that online games are often sources of cyber attacks on a user's computer or mobile phone in the form of viruses, phishing or spyware.

The above list is by no means exhaustive but gives some idea of the risks associated with using computers, phones and tablets online. Basically, any device that allows communication either through the internet, via phone networks or even via wireless communications has a number of risks associated with it. As long as users take these simple precautions, these risks get considerably minimised and ICT can be used to its full potential.

What is Hacking?

Hacking is the act of gaining access to a computer system or network without legal authorisation; although hackers do this as a form of intellectual challenge, many do it with the sole intention of causing harm. E.g., editing, deleting files, installing harmful software, executing files in a user's directory or even creating a fraud.

How to prevent hacking?

There are various ways in which we can prevent hacking:

Firewall

Firewalls provide a shield between your computer and the internet. A firewall can block unwanted data from reaching your computer. They can also stop your computer from connecting to unwanted websites.

User ID and Robust Password

A User ID is usually a word or a number that identifies a particular user as they logon to the computer system.

User IDs give people access to certain area or files within the computer.
Password should be robust, i.e., hard to guess. It should be made up of a combination of letters, numbers and special characters and must be changed regularly.

More robust password is even harder to guess for the hackers.

Data Encryption

Encryption makes the files on your system unreadable. If the user does not know the password to un-encrypt the data, then, if someone tries to read an encrypted file, they will just see some random junk instead of the real data. However, though the hacker cannot read the data, data can still be deleted, altered or corrupted.

Use of intrusion detection software

Intrusion detection software immediately detects any kind of intrusion attempts and stops the hacker and also alerts the user of the intrusion.

What is cracking?

Cracking is different from hacking in that here, someone edits the source code of a program allowing it to be exploited or changed for a specific purpose. It is usually done for a malicious purpose. E.g., to perform a different task, such as send a user to a fake website. Cracking is always illegal and very damaging.

What is Phishing?

The creator sends out legitimate-looking emails to target users. These emails often appear to come from a trusted source like a bank or other well known service provider. As soon as the recipient clicks on a link in the email or attachment, they are sent to a fake website or they are fooled into giving personal data in replying to the email. This way the creator of the email can gain personal data, such as bank account data or credit card numbers, from the user, which in turn leads to fraud or identity theft.

Many ISPs or web browsers filter out phishing emails. However, users should always be cautious when opening emails or attachments. Never click on executable attachments that end in .exe, .bat, .com or .php, for example.

Malicious use means the data obtained through unauthorised or illegal means is either deleted, used for fraud or identity theft or even selling of personal data. A good example of a phishing attack could be where a user is sent an email saying they have ordered an item from an online store. They will ask the user to click on a link to see the order details. This link takes the user to a page that shows a product code from a well-known company. A message such as: 'if this order wasn't made by you, please fill out the following form to cancel your order in the next 24 hours' is given. The form may ask for details such as credit card number, user's address, age, gender, etc. Some of the key clues to look for in such scenarios are for links, such as how to 'contact us' that don't work.

What is Smishing?

Smishing, short for SMS phishing, uses SMS system of mobile phones to send out fake text messages. It is very similar to phishing. A URL or telephone number is given in the text message. The recipient will be asked to log on to the website or make a telephone call. If they do, they will be asked to supply personal details such as credit/debit card numbers or passwords. As with phishing attacks, the text message will appear to come from a legitimate source and will make a claim, for example, that they have won a prize or that they need to contact their bank urgently. Most people believe that only computers are liable to security threats; mobile phones aren't at risk. This makes smishing a particularly dangerous security threat to many people.

What is Vishing?

Vishing (voice mail phishing) is another variation of phishing. This uses a voice mail message to trick the user into calling the telephone number contained in the message. As with all phishing attacks, the user will be asked to supply personal data thinking they are talking to a legitimate company.

What is Pharming?

In this type of fraud, a malicious code is installed in a user's computer or on a web server. The code redirects the user to a fake website without their knowledge. The malicious code writer, can gain personal data such as credit/debit card details from the users when they visit the fake website, as many a times, the website appears to be that of a well-known and trusted company. Pharming can lead to fraud or identity theft.

Some ways to prevent or minimise this threat is by:

  1. Installing anti-spyware software which can identify and remove pharming code from a user's computer.
  2. The user being alert while accessing the internet and looking out for clues as to whether they are being redirected to another website automatically.

What is Spyware and key-logging software?

Spyware is a software that gathers data by monitoring key presses on the user's keyboard; the gathered data is then sent to the person who sent the software.

Spyware gives the originator access to all data entered using a keyboard on the user's computer.

The software is able to install other spyware, read cookie data and also change a user's default browser.

The following are some of the ways to reduce or minimise the risk of spyware attacks:

  1. Install an anti-spyware software in your computer so that it monitors for any such software and will de-activate/uninstall it.
  2. The user should always be alert and check for clues that their keyboard activity is being monitored.
  3. When entering a password, for example, using a pointing device (or touch screen) to select characters from a drop-down menu can reduce the risk.

What is a computer virus?

Virus is a program that replicates itself and is designed to cause harm to a computer system.

It often causes damage by attaching itself to files, leading to one or more of the following effects:

  1. Causing the computer to ‘crash’ (to stop functioning normally), lock-up or stops responding to other softwares.
  2. Loss of files: Sometimes system files are lost, which leads to computer malfunctioning.
  3. Corruption of data stored in files or delete files.

Viruses infect computers through e-mail attachments and through illegal software or downloading of files from the internet that are infected.

How to protect a system from viruses?

The following are the ways to protect a system from viruses:

  1. Use up-to-date antivirus software. This detects viruses and then removes all quarantined (infected) files.
  2. Do not allow illegal software to be loaded onto a computer and don’t use illegal compact disk (CD) or DVD coming from an unknown source.
  3. Download software and files from the internet only if they are from a reputable website.
  4. Use firewalls on network to protect against viruses.
  5. Don't open any emails or attachments from unknown senders.

What is spam?

Spam, which is often called as junk email, is usually sent out to a recipient who is on a mailing list or mailing group. Spammers obtain these email addresses from chat rooms, websites, newsgroups and even certain viruses that have been set up to harvest a user's contacts list. Though spam may not be a security risk, it can lead to denial of services by 'clogging up' the bandwidth on the internet. Denial of services is basically an attack on a network that is designed to slow the network down by flooding it with useless traffic. However, spam can be linked to phishing attacks or even the spread of computer viruses, so it should be treated with some caution.

Many ISPs filter out spam or junk mails. However, some of the more over zealous ISPs can filter out 'wanted' emails that come from new sources.

Enumerate some spam prevention techniques? or How spam can be prevented or minimised?

The following techniques may not be exhaustive but are some of the techniques that can help prevent or minimise spam attacks:

  1. Set the protection level to high or to safe lists only so as to to get the maximum protection possible when using the 'junk email filter'. Also, make sure to keep the junk mail filter up to date.
  2. Never sign up for commercial mailing lists.
  3. When buying items or booking any travel tickets online, always look out for any check boxes that are already selected. Companies sometimes add a check box, which is already selected, to indicate that you have given your consent to share your email address to third party users. Always make sure that this check box is 'unticked' so that your email address can't be shared.
  4. Never reply to any unknown emails or unsubscribe from a mailing list that you did not explicitly sign up to in the first place.
  5. Block images in HTML messages that spammers use as web beacons. A web beacon could be a graphic image, linked to an external web server, that is placed in an HTML-formatted message and can be used to verify that your email address is valid when the message is opened and images downloaded.

What are Moderated and unmoderated forums ?

A moderated forum is an online discussion forum in which all posts are checked by an administrator before they are allowed to be posted. Many users prefer this type of forum, compared to an unmoderated one, as the moderator can not only prevent spam, but can also filter out any posts that are inappropriate, rude or offensive, or even those that wander off the main topic.

The internet is essentially an unmoderated forum. As no one 'owns' the internet, it is essentially not policed. The only real safeguards are a voluntary cooperation between the users and the network operators. However, most social forums or networking groups on the internet have a set of rules or protocols that members are requested to follow or they be deleted.

What are Cookies?

Cookies are small files or code that are stored on a user's computer. They are sent by a web server to a user's computer. Each cookie is effectively a small look-up table containing pairs of (key, data) values; for example (surname, Abbot) and (music, Country Blues). Once the cookie has been read by the code on the web server or user's computer, the data can be retrieved and used to customise the web page for each individual. These are often referred to as user preferences. For example, when a user buys a particular type of dress online, the cookies remember this and the web page will then show a message such as: 'Customers who bought 'Posse' dress also bought 'Loveshackfancy' frocks.

The data gathered by cookies forms an anonymous user profile and doesn't contain personal data such as passwords or credit/debit card numbers. Cookies are a very efficient way of carrying data from one website session to another, or even between sessions on related websites. They remove the need to store massive amounts of data on the web server itself. Storing the data on the web server without using cookies would also make it very difficult to retrieve a user's data without requiring the user to login every time they visit the website.

This is the end of this guide. Hope you enjoyed it! Thanks for using www.igcsepro.org! We hope you will give us a chance to serve you again! Thank you!