Computer security
These days people use computers for a variety of purposes - work, email, social networking, shopping, banking etc. - so it's worth considering how you can carry out these tasks safely. You often hear of criminals getting access to personal information: what steps can you take to prevent this?
Passwords and Usernames
The use of passwords and usernames is increasingly common so you should be aware of the importance of keeping these details secure. Other people could know your username - at work or on Facebook etc but nobody else should know your password.
Identity Theft
If someone does get access to your details, they could access your account and act without your permission or knowledge. This could be relatively harmless, eg posting a funny message on an online forum, or it could involve criminal activity on your employer or bank's computer. Using stolen credentials to carry out criminal acts is often called identity theft.
Even if you keep your password secure, it is still possible to break into your account by trying out lots of different passwords till the correct one is found. You can help prevent this by choosing a strong password that is difficult to predict.
Guidelines for creating strong passwords:
- Use a minimum password length of 8 characters
- Generate passwords randomly where feasible
- Avoid passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past), or biographical information (e.g., ID numbers, ancestors' names or dates).
- Include numbers, and symbols in passwords if allowed by the system
- If the system recognizes case as significant, using capital and lower-case letters
- Avoid using the same password for multiple sites or purposes. Criminals steal data from websites with very little security, then try the stolen passwords and usernames on shopping and banking websites.
Why do I need a strong password?
Organisations that store your personal data frequently come under attack from computer hackers. Click on this link to see a list of successful hacks (from Wikipedia):
https://en.wikipedia.org/wiki/List_of_data_breachesThese organisations shouldn't store passwords as plain text, so there's an extra step the criminals need to take to get the password - they try every combination of letters, numbers and symbols till they find a match. This is where having a strong password is very important because these passwords could take the criminals years to find.
You can check how strong your password is here:
https://www.grc.com/haystack.htmIt's also worth noting that some people use the same password for every website they have to log on to. This makes it easy to remember, as there's only one password. The problem is that if any of these sites gets hacked, the criminals would have your password for everything. It's therefore important to avoid using the same password for every site. Password Managers help to simplify this by storing all your passwords in one place so you don't have to memorise them all - just the password for the Password Manager.
top of page
Email security
Phishing
Phishing emails claim to be from you bank or another organisation and ask you to visit a website to confirm your account detail, password etc. In reality, criminals are attempting to steal your data. Typically the email is addressed to Dear Customer rather than your name because the same email is sent to millions of accounts. It may also have spelling or grammar errors.
Scams are emails sent out by con men for example they suggest you've won the lottery. If you respond, you'll be told to send money first for an administration fee before your millions can be paid.
Attachments
Attachments are computer files sent along with emails: usually photos, movies, Word documents etc. You should be careful before opening any attachment as it could contain a computer virus. If someone you know has been infected by a virus, you could receive an email from them with the virus attached so be cautious even if the sender is known.
Potentially dangerous email
- Sender is unknown
- Sender is known, but you aren't expecting the email
- Email contains an unexpected attachment
- Phishing: could have spelling mistakes etc
- Scams: is it too good to be true?
top of page
Secure websites
Secure servers
Sometimes you want to enter personal information on a webpage - perhaps you're buying a book and need to enter your credit card number. The information you enter could be intercepted between your computer and the shop's computer as it is routed via many other computers. To ensure it is safe to give your details you need to make sure you're on a secure connection to the website: this means all information is put into code (encrypted) before it's sent and decoded when it's received. Nobody else will have access to it.
How can you confirm you're on a secure connection?
- https appears at the start of the address instead of http
- A padlock appears elsewhere in the address box
top of page
Viruses
Computer viruses are named because they can spread from one computer to another, just like the cold virus can spread from one person to another. There are many ways your computer could come into contact with a virus, such as:
- Email attachments
- Removable storage like USB drives, DVDs and CDs
- Files downloaded from the Internet
You obviously need to be very careful before opening attachments and downloading files, but even if an infected file gets on your computer you should be protected if you have up-to-date anti-virus software installed.
Anti-virus Software
There are many different companies that supply anti-virus (AV) software, some make free versions available while others charge a subscription.
Some free anti-virus providers:
And some paid for:
The paid for versions may include other services that you need, such as password managers and backups
Scanning files
You should scan any new file for viruses when you move it on to your computer. Your AV software may do this automatically, or you can do it yourself - often by right-clicking the suspicious file and choosing the scan option from the context menu.
During the scanning process, your AV software will look at the file's contents and compare it with a list of known viruses to see if it finds a match. If no match is found, the file should be safe - provided the AV software has an up-to-date list of viruses. If the list is old, you will be vulnerable to new viruses.
Keeping AV software up to date
Your AV software needs to update itself regularly to get a list of the latest viruses, note that paid-for AV software will no longer update itself when your suscription runs out. The updates could also cover changes/improvements to the program.
Malware
Viruses are malware or malicious software. There are other types of malware including:
top of page
Backups
Data loss
Many firms hold important records on computers, these could be:
- Staff/payroll
- Customer details
- Orders
- Financial data
- And more...
There is therefore a need to protect this data in case of accidental or deliberate loss. Data loss can be caused by:
- Hardware failure
- Human error
- Software issues
- Malware attacks
- Natural disasters
- And more...
Backup Policy
To reduce the impact of data loss, organisations can implement a backup policy. A backup is a copy of computer data that can be recovered if the original is lost. This could cover:
- Who is responsible for backups
- How often the backups should be made
- What data needs to be backed up
- Where the copies are stored
- What type of storage is needed for the backup
- And more...
The details of the policy will vary depending on the needs of an individual organisation. Some might back up data at the end of every day, others might do it weekly or when important data is changed. The policy should set out the reason for backing up in a specific way.
top of page