Keeping personal data secure (6)
- Firewall
- Penetration testing
- Levels of access
- Authentication techniques
- Network Policies
- Software Updates
Misuse of personal data (4)
Smishing, vishing, phishing, pharming
Types of malware (6)
- Spyware
- Adware
- Worm
- Trojan Horse
- Virus
- Rootkit
How malware is used (3)
Fraud
Industrial Espionage
Sabotage
Malicious bots (3)
Ransomware
Scareware
Fileless Malware
Software prevention of malware (3)
Firewall
Anti virus
Anti Malware
Physical prevention of malware (6)
- Develop anti-malware policies
- All employees should be educated on malware
- OS and software kept up-to-date
- Using strong passwords
- Logging off after using a computer
- Careful inspection of emails and messages
Firewalls
FIrewalls prevent data coming into the network, preventing hackers.
It filters traffic to only let in acceptable data.
It can also prevent leakage of data coming out of the network.
However, hackers can still physically steal the computer
^ or access the network after bypassing security (eg password)
^ or use software to change the IP to an acceptable one
Penetration testing
This is when companies employ a person to deliberately attack their network to identify any weaknesses in the security.
It is a simulation of a real cyberattack
It can help a company evaluate their network security // implement more secure methods.
However, it’s time-consuming and can disrupt the business. it also has to be done while system isnt used which can cause downtime
Authentication techniques
Users in the network should use an ID and password to log in.
They can also use smart cards or biometric data (eg fingerprint)
^ This is more expensive but is more effective as it’s unique to the user & cant really be changed
Levels of access
Users in the network can be given different levels of access in the network depending on what tjey need to know.
Users with higher access can see more than others
However, its complicated to set up and can delay work
Network policies
Network Policies are rules implemented to allow a company to see who is allowed to access their networks. when a worker joins, they must sign an agreement.
^ it doesn’t stop hackers, but it limits the access employees have to personal data // what they do with it
(e.g.: security policy, acceptable use policy, etc.)
Software updates
Software updates eliminate bugs and make software easier to use.
It eliminates security weaknesses, boosts performance, brings new features
It is important to update asap as hackers exploit weaknesses quickly
(Small patches/Major updates)
Pharming
Making the user download malicious data // installing it without their knowledge
Can redirect users to fake websites to download malware (if they hack the DNS server or infect the computer)
How to prevent pharming (5)
## Footnote
hint:
FPLANS
DEOULC
- Keeping software updated
- be wary for fake websites
- Only enter personal data into websites with SSL (HTTPS)
- Enabling two-factor authentication
- using anti-malware softwarre
Smishing
Smishing (SMS phishing) tricks users into clicking on harmful links through text messages.
The scammers pose as banks, delivery services, etc. to send urgent messages.
Preventing smishing (4)
- check for weird URLs
- spelling and grammatical errors
- do not click on links from unknown numbers
- ask the company about the SMS
Vishing
Vishing (voice phishing) are phone calls made to trick someone into telling them personal / sensitive data.
scammers pose as banks or prize-givers, asking for personal info over the phone such as their credit card number
Preventing vishing (5)
- dont answer unknown numbers
- dont call numbers in voicemails
- block suspicious numbers
- dont share personal details over the phone
- confirm with the og (banks)
Phishing
Phishing is a way for scammers to trick users into giving personal information through email.
1: banks - the scammer pretends to be a bank or official company, containing a link to a fake website so that the user enters their information.
2: prizes - the scammer pretends that the user has won a prize (eg free car) and sends them a link for them to enter their personal information .
Preventing phishing (5)
- anti-malware // anti-phishing software
- Look for errors in the email
- Look for generic subjects (dear user)
- Delete suspicious emails / move them to spam
- dont accept too-good-to-be-true deals.. obviously..
Use of malware in fraud
It involves the use of the computer to benefit financially (illegally).
Once fraudsters get personal info, they can sell it to other criminals or commit identity theft
Uses of malware in industrial espionage
Malware is used to spy on competitors. It gains access to an employer’s computer and uses / steals a large amount of info on it.
It can also be bidded to other criminals for the highest sum of money
(eg spyware can be used to record video recordings of the computers activities, stealing relevant personal information)
uses of malware in sabotage
Malware can be used to intentionally attack specific computers and networks so that they stop working. It involves stopping users from accessing the network or allowing hackers to access it
(eg worms are used to slow down processes significantly)
