Lesson Objectives
Describe what is meant by: integrity of data, security of data
You have started to learn about the implications of using IT networks and online communities, and in this section you will learn more about the issues and implications of storing and transmitting information in digital form.
Threats to data, information and systems
In this section, you will explore the implications of accidental and malicious threats to the security and integrity of data held in, and used by, IT systems.
The characteristics of threats to data
There are a number of characteristic types of threats to data that you will look at in this section. First, consider these extremely common ways in which you, or any individual, may put business and personal data at risk. Anyone can put data at risk by: using obvious passwords such as your favourite pet, place or date of birth / disclosing passwords with other users / leaving devices open to other users, such as not locking a PC when going to the toilet or not locking a mobile phone / Using the same login details for multiple website accounts / posting information globally without thinking first as to whether it is sensible to do so / using personal devices for business operations
Task 1
We are all guilty of some of these ways of putting data at risk. Consider which ones apply to you. Think about ways in which you could avoid putting data at risk in these ways in the future.
Viruses and other malware
You may have experienced a virus on your PC or smartphone. When normal performance is interrupted, suspicions about a virus or other malware are raised. A virus is a form of malware. It is software designed to harm your IT system, not just access it for unlawful purposes. Viruses can be passed from one device to another, most commonly by devices such as USB sticks, through downloading software or via files from the internet. A virus can corrupt files and compromise the data.
Early signs that you may have malware in your IT system include annoying behaviour such as applications crashing frequently or the cursor behaving strangely. Ransomware is a form of virus that attempts to hold companies to ransom by encrypting their data and then demanding a large sum of money to release the data. Even law enforcement can fall for these attacks. For example, in 2015 a number of US police departments suffered attacks and, despite security experts working to assist, they ended up paying the ransom demand to regain access to their systems. In February 2016, Lincolnshire council suffered an attack in which they were unable to access 300 of their machines.
Hackers
Hacker is the term used for anyone who attempts to access an IT system without permission of the owner/user. Hackers are not just groups or individuals who infiltrate secret data or perform identity theft – there is a more ethical side of hacking. Ethical hackers are employed by businesses to test out their defences and try to gain unauthorised access to systems with a view to then repairing the vulnerability to prevent real hackers gaining access intending to do harm.
Phishing
To phish is to attempt to fraudulently gain information by unlawfully making claims via phone or email that the user should share personal data or financial details. Examples of frequent phishing attacks are those pretending to be from banks, including HSBC and Santander, and also from PayPal and MSN.
Accidental damage
It is very easy to accidentally lose data or at least think that you have. While applications such as Microsoft Office applications issue reminders to users to save files before closing, if the whole system crashes or there is a power cut before a file is saved, it could result in a loss of data (and waste of hard work and effort). Sometimes we think that we have lost a file when we have filed it incorrectly or saved it under an irrelevant name. Although software alerts us to think before deleting a file, if we are hurried or distracted, it is easy to overlook this. It is also easy to save over a file without thinking, which will permanently overwrite the previous file.
Task 2
Research types of malware
The impact of threats to data, information and systems on individuals
Users experience stress and time being wasted to varying degrees when threats to data occur. Some of these, such as phishing threats, can cause unnecessary anguish, especially to those users who are unaware of the source of these malicious emails and unwittingly share sensitive data.
If your personal device develops a virus, it will prevent or compromise the performance you expect from that device. The system might need to be taken to an expert to fix, leaving you without alternative means to work, potentially exposing your data to even greater risk. You may need to replace your device with a new one if it is deemed irreparable or too costly to repair.
Nowadays, photos are usually stored in digital image files rather than photo albums. The impact of this data becoming corrupted is often immeasurable to an individual: a lifetime of irreplaceable memories can be wiped out by a simple disk failure. Backup solutions are becoming just as important for individuals as they are to businesses as our lives transition to the digital world.
Task 3
Explore the options available for insuring your devices against security.
The impact of threats to data, information and systems on organisations
When threats occur in organisations, it can impact on all users and the productivity of the business. Just as in the example of Sony’s 2014 experience, businesses can face claims for damages from employees or customers and it also can also result in loss of business. Even the smallest breach of data, regardless of its sensitivity, can be incredibly damaging to a business. Public confidence in any system is on a fragile balance and, once this is upset, it can take a great deal of time and money to restore confidence.
If your site is ‘down’, even just for maintenance, the public perception is that you are unreliable as a business, irrespective of whether or not this is actually the case!
Task 4
Complete the revision questions