1 of 58

Module 5: Digital Security, Ethics, and Privacy: Avoiding and Recognizing Threats

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Discovering Computers: Digital Technology, Data, and Devices, 17e

1

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

1

2 of 58

Icebreaker: Interview Simulation

You may have heard of Facebook hackers who use people’s personal data to make fake IDs, log into people’s social networks, and more.

What precautions can you take to help avoid getting into this type of situation?

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

2

3 of 58

Module Objectives (1 of 1)

By the end of this module, you should be able to:

  • Identify risks associated with technology use
  • Identify cybercrimes and criminals
  • Recognize issues related to information accuracy, intellectual property rights, and green computing
  • Describe ways to safeguard against various types of Internet and network attacks
  • Discuss techniques to prevent unauthorized computer access and use
  • Identify risks and safeguards associated with wireless communications
  • Discuss issues surrounding information privacy
  • Describe how schools and businesses protect themselves
  • Explain the importance of inclusivity and digital access

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

3

4 of 58

Risks Associated with Technology Use�(1 of 5)

  • A risk is any possibility that something might occur resulting in an injury or a loss.
  • A digital security risk is any event or action that could cause a loss of or damage to computer or mobile device hardware, software, data, information, or processing capability.
  • Types of digital security risks include threats to our information, physical health, mental health, and the environment.

Figure 5-1 You can protect yourself from digital security risks.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

4

5 of 58

Cybercrimes and Criminals (2 of 5)

  • State-sponsored attackers are employed by the government to launch computer attacks against their enemies through nation-state actors.
  • The term, cyberwarfare, describes an attack whose goal ranges from disabling a government’s computer network to crippling a country.
  • These attackers try to steal and then use your credit card numbers, online financial account information, or Social Security numbers using data mining.
  • Data mining is the process of sifting through Big Data to find the important questions that will yield fruitful results.
  • A cyber extortionist is an individual who threatens to expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization’s network.
  • Social engineering is a category of attack that attempts to trick the victim into giving valuable information to the attacker.
    • Examples include hoaxes and phishing

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

5

6 of 58

Risks Associated with Technology Use�(3 of 5)

  • Any illegal act involving the use of a computer or related devices is generally referred to as a computer crime and the term cybercrime refers to online or Internet-based illegal acts, such as distributing malicious software or committing identity theft.
  • Software used by cybercriminals is called crimeware. Cybersecurity is the practice of protection against digital threats, including unauthorized or illegal access to data.
  • Digital forensics, or cyber forensics is the discovery, collection, and analysis of evidence found on computers and networks.
  • A digital forensics examiner must have knowledge of the law, technical experience with many types of hardware and software products, superior communication skills, familiarity with corporate structures and policies, a willingness to learn and update skills, and a knack for problem-solving.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

6

7 of 58

Risks Associated with Technology Use�(4 of 5)

  • A digital detox is a period of time during which an individual refrains from using technology.
  • Threat actor is a more general and common term used to describe individuals who launch attacks against other users and their computers.
  • The dark web is a part of the web that is accessed using specialized software, where users and website operators can remain anonymous while performing illegal actions.
  • Script kiddies are individuals who want to attack computers.
  • A hacker is a person who intends to access a computer system without permission.
  • A cracker is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action.
  • Hacktivists are attackers who are strongly motivated by principles or beliefs.
  • Cyberterrorists attack a nation’s computer networks, like the electrical power grid, to cause disruption and panic among citizens.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

7

8 of 58

Cybercrimes and Criminals (5 of 5)

Table 5-1 Social engineering principles.

Principle

Description

Example

Authority

Directed by someone impersonating authority figure or falsely citing their authority

“I’m the CEO calling.”

Intimidation

To frighten and coerce by threat

“If you don’t reset my password, I will call your supervisor.”

Consensus

Influenced by what others do

“I called last week and your colleague reset my password.”

Scarcity

Something is in short supply

“I can’t waste time here.”

Urgency

Immediate action is needed

“My meeting with the board starts in five minutes.”

Familiarity

Victim well-known and well-received

“I remember reading a good evaluation on you.”

Trust

Help a person known to you

“You know who I am.”

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

8

9 of 58

Ethics and Society (1 of 4)

  • The standards that determine whether an action is good or bad are known as ethics.
  • Technology ethics are the moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies.
  • Frequently discussed areas of computer ethics include information accuracy, intellectual property rights, and green computing.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

9

10 of 58

Ethics and Society (2 of 4)

Information Accuracy

  • Information accuracy is a concern today because many users access information maintained by other people or companies, such as on the Internet.
  • With graphics equipment and software, users can easily digitize photos and then add, change, or remove images.

Figure 5-3 A digitally edited photo that shows a fruit that looks like an apple on the outside and an orange on the inside.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

10

11 of 58

Ethics and Society (3 of 4)

Intellectual Property Rights

  • Intellectual property rights are the rights to which creators are entitled to their work.
  • Creative Commons is another source for finding content that may or may not be used, along with any restrictions or payment needed to use it.
  • A common infringement of copyright is piracy, where people illegally copy software, movies, and music.
  • These issues with copyright law led to the development of the digital rights management strategy.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

11

12 of 58

Ethics and Society (4 of 4)

Green Computing

  • Green computing involves reducing electricity and environmental waste while using computers, mobile devices, and related technologies.
  • Organizations can implement a variety of measures to reduce electrical waste.

Figure 5-5 A list of suggestions to make computing healthy for the environment.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

12

13 of 58

Internet and Network Attacks (1 of 6)

  • Information transmitted over networks has higher degree of a security risk than information kept on an organization’s premises.
  • These types of attacks can affect your privacy, personal information, finances, and more.
  • Malware is short for malicious software which consists of programs that act without a user’s knowledge and deliberately alter the operations of computers and mobile devices.
  • Malware can deliver its payload, or destructive event or prank, on a computer or mobile device in a variety of ways.
  • A common way that computers and mobile devices become infected with viruses and other malware is through users opening infected email attachments.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

13

14 of 58

Internet and Network Attacks (2 of 6)

Table 5-2 Common types of malware.

Type

Description

Adware

A program that displays an online advertisement in a banner, pop-up window, or pop-under window on web pages, email messages, or other Internet services

Ransomware

A program that blocks or limits access to a computer, phone, or file until the user pays a specified amount of money

Rootkit

A program that hides in a computer or mobile device and allows someone from a remote location to take full control of the computer or device

Spyware

A program placed on a computer or mobile device without the user’s knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online

Trojan horse

A program that hides within or looks like a legitimate program. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers or devices

Virus

A potentially damaging program that affects, or infects, a computer or mobile device negatively by altering the way the computer or device works without the user’s knowledge or permission

Worm

A program that copies itself repeatedly, for example, in memory or on a network, using up resources and possibly shutting down the computer, device, or network

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

14

15 of 58

Internet and Network Attacks (3 of 6)

Botnets

  • A compromised computer or device, known as a zombie, is one whose owner is unaware that the computer or device is being controlled remotely by an outsider.
  • A botnet, or zombie army, is a group of compromised computers or mobile devices connected to a network that are used to attack other networks, usually for nefarious purposes.
  • A bot is a program that performs a repetitive task on a network.
  • Cybercriminals install malicious bots on unprotected computers and devices to create botnets.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

15

16 of 58

Internet and Network Attacks (4 of 6)

Denial of Service Attacks

  • A DoS attack is a type of attack, usually on a server, that is meant to overload the server with network traffic so that it cannot provide necessary services, such as the web or email.
  • A more devastating type of DoS attack is the distributed DoS (DDoS) attack in which multiple computers, such as a zombie army, are used to attack a server or other network resource.
  • The damage caused by a DoS or DDoS attack usually is extensive.

Back Doors

  • A back door is a program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer, or network.
  • A rootkit can be a back door.
  • Some worms leave back doors, which have been used to spread other worms or to distribute spam from the unsuspecting victim’s computers.
  • Programmers often build back doors into programs during system development to save development time.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

16

17 of 58

Internet and Network Attacks (5 of 6)

  • Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim’s computer or network.
  • Two common types of spoofing schemes are IP and address spoofing.
  • IP spoofing occurs when an intruder computer tricks a network into believing its IP address is associated with a trusted source.
  • Address spoofing occurs when the sender’s email address or other components of an email header are altered.

Figure 5-5 Spoofers alter the components and header of an email message so that it appears the message originated from a different sender.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

17

18 of 58

Internet and Network Attacks (6 of 6)

Practices for Protection from Viruses and Other Malware

  • Use virus protection software
  • Use a firewall
  • Be suspicious of all unsolicited email and text messages
  • Disconnect your computer from the Internet
  • Download software with caution
  • Close spyware windows
  • Before using any removable media, scan it for malware
  • Keep current and back up regularly

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

18

19 of 58

Knowledge Check Activity 5-1

True or False?

Rootkit is the only type of malware that is a back door.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

19

20 of 58

Knowledge Check Activity 5-1: Answer

Rootkit is the only type of malware that is a back door.

Correct Answer: True

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

20

21 of 58

Secure IT: Protect Yourself and Your�Data (1 of 7)

  • Your digital footprint is the record of everything you do online.
  • A digital footprint can be nearly impossible to completely erase.
  • Firewalls and access controls protect data and information on computers and other devices For most computer users, the greatest risk comes from attackers who want to steal their information for their own financial gain.
  • The risks you face online when using the Internet or email include:
  • Online Banking
  • E-commerce Shopping
  • Fake Websites
  • Social Media Sites

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

21

22 of 58

Secure IT: Protect Yourself and Your�Data (2 of 7)

Table 5-3 Uses of personal information.

Organization

Information

Valid Use

Invalid Use

School

Telephone number

Call you about an advising appointment

Give to credit card company who calls you about applying for a new credit card

Hospital

Medical history

Can refer to past procedures when you are admitted as a patient

Sell to drug company who sends you information about its drugs

Employer

Personal email address

Will send to you the latest company newsletter

Provide to a local merchant who is having a holiday sale

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

22

23 of 58

Secure IT: Protect Yourself and Your�Data (3 of 7)

  • Mobile users today often access their company networks through a virtual private network (VPN).
  • A VPN is a private, secure path across a public network that allows authorized users to secure access to a company or other network.
  • A VPN provides the mobile user with a secure connection to the company’s network server as if the user has a private line.
  • VPNs help ensure that data is safe from being intercepted by unauthorized people by encrypting data as it transmits from a laptop, smartphone, or other mobile devices.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

23

24 of 58

Secure IT: Protect Yourself and Your�Data (4 of 7)

  • Firewalls protect network resources from outsiders and to restrict employees’ access to sensitive data, such as payroll or personnel records.
  • A proxy server is a server outside the organization’s network that controls which communications pass in and out of the organization’s network.
  • Both Windows and Mac operating systems include firewall capabilities, including monitoring Internet traffic to and from installed applications.

Figure 5-8 How a firewall works.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

24

25 of 58

Secure IT: Protect Yourself and Your�Data (5 of 7)

  • Unauthorized access is the use of a computer or network without permission. It is possibly an illegal activity.
  • Organizations take several measures to help prevent unauthorized access and use.
  • An organization’s acceptable use policy (AUP) should specify the acceptable use of technology by employees for personal reasons.
  • An organization should document and explain AUP to employees.
  • The AUP also should specify the personal activities, if any, that are allowed on company time.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

25

26 of 58

Secure IT: Protect Yourself and Your�Data (6 of 7)

  • Many organizations use access controls to minimize the chance that a perpetrator, intentionally or an employee accidentally may access confidential information on a computer, mobile device, or network.
  • The computer, device, or network should maintain an audit trail that records access attempts, both successful and unsuccessful.
  • To protect against data loss caused by hardware, software, or information theft or system failure, backup is required.
  • Online backup services use special software on the computer to monitor what files have changed or have been created. Cloud backup services can save you the cost of maintaining hardware.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

26

27 of 58

Secure IT: Protect Yourself and Your�Data (7 of 7)

Table 5-4 Various backup methods.

Type of Backup

Description

Advantages

Disadvantages

Full Backup

Copies all of the files on media in the computer

Fastest recovery method; all files are saved

Longest backup time

Differential backup

Copies only the files that have

changed since the last full backup

Fast backup method; requires minimal storage space to back up

Recovery is time-consuming because the last full backup and the differential backup are needed.

Incremental backup

Copies only the files that have

changed since the last full or

incremental backup

Fastest backup method; requires minimal storage space to back up; only most recent changes saved

Recovery is most time-consuming because the last full backup and all incremental backups since the last full backup are needed.

Selective backup

Users choose which folders and files to include in a backup

Fast backup method; provides great flexibility

Difficult to manage individual file backups; least manageable of all the backup methods

Continuous data protection

All data is backed up whenever

a change is made.

The only real-time backup;

very fast recovery of data

Very expensive and requires a great

amount of storage

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

27

28 of 58

Wireless Security (1 of 5)

Protect Mobile Devices

  • Along with the protection of devices from theft, it is also necessary to protect the privacy of your information.
  • Some risks from attacks on Wi-Fi networks include the following:
    • Reading wireless transmissions or viewing or stealing computer data
    • Injecting malware or downloading harmful content

Precautions

  • When using public Wi-Fi, be sure you are connecting to the approved wireless network.
  • Limit the type of activity you do on public networks to simple web surfing or watching online videos.
  • Accessing online banking sites or sending confidential information that could be intercepted is not a good idea.
  • Configuring your Wi-Fi wireless router to provide the highest level of security is an important step.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

28

29 of 58

Wireless Security (2 of 5)

Table 5-5 Configuration settings for wireless routers.

Wireless Router Settings

Explanation

Recommended Configuration

Access password

This requires a password to access the

configuration settings of the device.

Create a strong password so that attackers cannot access the wireless router and turn off the security settings

Remote management

Remote management allows the configuration settings to be changed from anywhere through an Internet connection.

Turn off remote management so that someone outside cannot access the configuration settings

Service Set Identifier (SSID)

The SSID is the name of the local wireless network.

Change this from the default setting to a value that does not reveal the identity of the owner or the location of the network (such as MyWireNet599342)

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

29

30 of 58

Wireless Security (3 of 5)

Table 5-5 Configuration settings for wireless routers (continued).

Wireless Router Settings

Explanation

Recommended Configuration

Wi-Fi Protected Access 2 (WPA2) Personal

WPA2 encrypts the wireless data

transmissions and also limits who can access the Wi-Fi network.

Turn on WPA2 and set a strong pre-shared key, which must also be entered once on each mobile device

Wi-Fi Protected Setup (WPS)

WPS simplifies setting up the security on a wireless router.

Turn off WPS due to its security vulnerabilities

Guest access

Guest access allows temporary users to access the wireless network without any additional configuration settings.

Turn on guest access when needed and turn it back off when the approved guests leave

Disable SSID broadcasts

This prevents the wireless router from

advertising the wireless network to anyone in the area.

Leave SSID broadcasts on; turning them off only provide a very weak degree of security and may suggest to an

attacker that your network has valuable information

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

30

31 of 58

Wireless Security (4 of 5)

Secure Your Wireless Network

The following list provides suggestions for securing your wireless network.

  • Immediately upon connecting your wireless access point and/or router, change the password required to access administrative features
  • Change the SSID, or network name, from the default to something
  • Do not broadcast the SSID
  • Enable an encryption method, and specify a strong password
  • Enable and configure the Media Access Control (MAC) address control feature; a MAC address is a unique hardware identifier for your computer or device
  • Choose a secure location for your wireless router so that unauthorized people cannot access it

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

31

32 of 58

Wireless Security (5 of 5)

Cloud Data Privacy

  • The cloud offers a tremendous amount of storage space at a relatively low cost; the security of data and the reliability of cloud companies trigger concerns.
  • Two types of risks arising from cloud computing include:
  • Personal risks: International laws and industry regulations protect sensitive and personal data.
  • Business risks: Ownership and security of data should be included in any contract between a business and a cloud storage provider.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

32

33 of 58

Information Privacy (1 of 11)

  • Authentication is the process of ensuring that the person requesting access to a computer or other resources is authentic and not an imposter.
  • Different methods of authentication are:
  • Passwords
  • Biometrics
  • 2 FA
  • CAPTCHA
  • Encryption

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

33

34 of 58

Information Privacy (2 of 11)

Passwords

  • A username—a user ID (identification), log-on name, or sign-in name—is a unique combination of characters, numbers, or alphabets that identifies one specific user.
  • A password is a secret combination of letters, numbers, and/or characters that only the user should know.

Figure 5-9 User sign in requiring password.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

34

35 of 58

Information Privacy (3 of 11)

Table 5-6 Ten most common passwords.

Rank

Password

1

123456

2

123456789

3

qwerty

4

password

5

1111111

6

12345678

7

abc123

8

password1

9

1234567

10

12345

Table 5-7 Numbers of possible passwords.

Password length

Number of possible Passwords

Average attempts to Break Password

2

9025

4513

3

857,375

428,688

4

81,450,625

40,725,313

5

7,737,809,375

3,868,904,688

6

735,091,890,625

367,545,945,313

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

35

36 of 58

Information Privacy (4 of 11)

  • Use a password manager, which is a program that helps you create and store multiple strong passwords in a single user vault file that is protected by one strong master password.
  • Password managers use two-step verification and advanced encryption techniques to ensure information is stored securely.
  • Some organizations use passphrases to authenticate users.
  • A PIN (personal identification number), sometimes called a pass code, is a numeric password. PINs provide an additional level of security.
  • A possessed object is any item that you must possess, or carry with you, to gain access to a computer or computer facility. For example, badges, cards, smart cards, and keys.
  • The card you use in an ATM (automated teller machine) is a possessed object that allows access to your bank account.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

36

37 of 58

Information Privacy (5 of 11)

Biometrics

  • Biometric security uses the unique characteristics of your face, hands, or eyes to authenticate you.
  • Some of the different types of biometrics include:
  • Retina
  • Fingerprint
  • Voice
  • Face
  • Iris
  • Hand
  • Signature

Figure 5-10 Facial recognition.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

37

38 of 58

Information Privacy (6 of 11)

  • Two-Factor Authentication is multiple types of authentication.
  • The most common authentication elements that are combined are passwords and codes sent to a cell phone using a text message.
  • Its short form is 2FA.
  • It makes authentication stronger.

Figure 5-12 Two-factor authentication.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

38

39 of 58

Information Privacy (7 of 11)

CAPTCHAs

  • CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”
  • A CAPTCHA is a program developed at Carnegie Mellon University that displays an image containing a series of distorted characters to identify and enter to verify that user input is from humans.

Figure 5-13 CAPTCHAs verify human usage.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

39

40 of 58

Information Privacy (8 of 11)

Encryption

  • Encryption is the process of scrambling information in such a way that it cannot be read unless the user possesses the key to unlock it so that it is returned to a readable format (decryption).
  • A digital signature is an electronic, encrypted, and secure stamp of authentication on a document issued by a CA organization.

Browser Security

  • Although all browsers are different, each can be configured for stronger security through different settings.
  • Some of the important security settings include:
    • Cookies, scripting, plug-ins, pop-ups, and clear browsing data

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

40

41 of 58

Information Privacy (9 of 11)

Protect your Personal and Financial Information

  • Your personal information includes not only your identity but your financial information.
  • Attackers can impersonate you, either to cause distress or for their financial gain.
  • You can, and should, take several steps to prevent your information from being stolen and falling into the hands of attackers.

Actions to Protect Your Personal and Financial Information

  • The United States has laws in place to help users monitor and protect their financial information that is stored by a credit reporting agency.
  • You can request one free credit report annually to review your credit history and determine if an attacker has secretly taken out a credit card or even a loan in your name.
  • You can also have a credit freeze (as well as a thaw) put on your credit information so that it cannot be accessed without your explicit permission. These are also free.
  • It is a good idea to monitor your credit information regularly.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

41

42 of 58

Information Privacy (10 of 11)

Protecting Your Online Profile

  • Several general defenses can be used for any social networking site.
  • First and foremost, you should be cautious about what information you post.
  • Second, you should be cautious regarding who can view your information.
  • Finally, you should pay close attention to information about new or updated security settings.

Privacy Laws

  • Information collected and stored about individuals should be limited.
  • Once collected, provisions should be made to protect the data.
  • Personal information should be released outside the organization collecting the data only when the person has agreed to its disclosure.
  • The individual should know that the data is being collected and have the opportunity to determine the accuracy of the data.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

42

43 of 58

Information Privacy (11 of 11)

Table 5-8 Some U.S. privacy laws.

Law

Purpose

Children’s Internet Protection Act

Protects minors from inappropriate content when accessing the Internet in schools and libraries

Children’s Online Privacy Protection Act (COPPA)

Requires websites to protect personal information of children under 13 years of age

Digital Millennium Copyright Act (DMCA)

Makes it illegal to circumvent antipiracy schemes in commercial software; outlaws sale of devices that copy software illegally

Freedom of Information Act (FOIA)

Enables public access to most government records

HIPAA (Health Insurance Portability and

Accountability Act)

Protects individuals against the wrongful disclosure of their health information

PATRIOT (Provide Appropriate Tools Required to

Intercept and Obstruct Terrorism)

Gives law enforcement the right to monitor people’s activities, including web and email habits

Privacy Act

Forbids federal agencies from allowing information to be used for a reason other than that for which it was collected

Fair and Accurate Credit Transactions Act (FACTA)

Provides rules for financial institutions, including lenders and credit reporting agencies, to protect consumers from fraud and identity theft

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

43

44 of 58

Discussion Activity 5-1

Biometric devices are gaining in popularity. Discuss the advantages and disadvantages of using biometrics over passwords/PINs.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

44

45 of 58

How To: Establish Policies to Ensure�Safety (1 of 7)

  • Companies establish guidelines for use, occasionally limit access, and possibly oversee employees’ activities for unacceptable actions.
  • A code of conduct is a written guideline that helps determine whether a specification is ethical, unethical or allowed or not allowed.
  • An IT code of conduct focuses on the acceptable use of technology.

Figure 5-14 Sample IT code of conduct.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

45

46 of 58

How To: Establish Policies to Ensure�Safety (2 of 7)

  • Content filtering is the process of restricting access to certain materials. Many businesses use content filtering to limit employees’ web access.
  • Web filtering software are programs that restrict access to specified websites. Some also filter websites that use specific words.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

46

47 of 58

How To: Establish Policies to Ensure�Safety (3 of 7)

Employee Monitoring

  • Employee monitoring involves the use of computers, mobile devices, or cameras to observe, record, and review an employee’s use of technology, including communications such as email messages, keyboard activity (used to measure productivity), and websites visited.
  • Many programs exist that easily allow employers to monitor employees.
  • If a company does not have a formal email policy, it can read email messages without employee notification.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

47

48 of 58

How To: Establish Policies to Ensure�Safety (4 of 7)

Disaster Recovery

  • A disaster recovery plan is a written plan that describes the steps an organization would take to restore its computer operations in the event of a disaster.
  • Each company and each department within an organization usually has its own.
  • It typically contains four components: Emergency plan, Back up plan, Recovery plan, and Test plan

Emergency Plan

An emergency plan specifies the steps and is organized by type of disaster and includes:

  • Names and phone numbers of people and organizations to notify
  • Computer equipment procedures and employee evacuation procedures
  • Return procedures (who can enter the facility and what actions they are to perform)

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

48

49 of 58

How To: Establish Policies to Ensure�Safety (5 of 7)

Backup Plan

The backup plan specifies how to use backup files and equipment to resume computer operations, and includes:

  • The location of backup data, supplies, and equipment
  • Who is responsible for gathering backup resources and transporting them to an alternate computer facility
  • The methods by which data will be restored from cloud storage
  • A schedule indicating the order and approximate time each application should be up and running

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

49

50 of 58

How To: Establish Policies to Ensure�Safety (6 of 7)

Recovery Plan:

The recovery plan specifies the actions to restore full computer operations such as replacing hardware or software.

Test Plan:

The test plan includes simulating various levels of disasters and recording the ability to recover.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

50

51 of 58

How To: Establish Policies to Ensure�Safety (7 of 7)

Table 5-9 Considerations for disaster recovery.

Disaster Type

What to Do First

What Might Occur

What to Include in the Plan

Natural (earthquake,

hurricane, tornado, etc.)

Shut off power

Evacuate, if necessary

Pay attention to advisories

Do not use phone lines if lightning occurs

Power outage

Phone lines down

Structural damage to building

Road closings, transportation

interruptions

Flooding

Equipment damage

Generator

Satellite phone, list of employee phone numbers

Alternate worksite

Action to be taken if employees are not able to come to work/leave the office

Wet/dry vacuums

Make and model numbers and vendor information to get replacements

Man-made (hazardous

material spill, terrorist

attacks, fire, hackers,

malware, etc.)

Notify authorities (fire

departments, etc.) of

immediate threat

Attempt to suppress fire

or contain spill, if safe to do so

Evacuate, if necessary

Data loss

Dangerous conditions for

employees

Criminal activity, such as data hacking and identity theft

Equipment damage

Back up data at protected site

Protective equipment and an

evacuation plan

Contact law enforcement

Make and model numbers and vendor information to obtain replacements

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

51

52 of 58

Ethics and Issues: Inclusivity and

Digital Access (1 of 2)

Digital Inclusion

  • Digital inclusion is the movement to ensure that all users, regardless of economic or geographic constraints, have access to the devices, data, and infrastructure required to receive high-speed, accurate, reliable information.
  • The goal of digital inclusion is to ensure that everyone has access to all the online resources, including education, participation in the local and national government, employment listings and interviews, and health care access.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

52

53 of 58

Ethics and Issues: Inclusivity and

Digital Access (2 of 2)

Some barriers to digital inclusion include:

  • Geographic areas that lack the infrastructure necessary to provide reliable Internet access
  • Government restrictions or censorship
  • Affordable devices or connections
  • Lack of education
  • Lack of understanding of the value of technology

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

53

54 of 58

Case Study Activity 5-1 (1 of 2)

Ms. Hania is a math teacher and uses her laptop only once a month for making assignments. One day, after starting her laptop and signing in to the operating system, a message was displayed stating that her virus protections are out of date and need to be updated.

She is worried she got a virus.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

54

55 of 58

Case Study Activity 5-1 (2 of 2)

After reading the case study on the previous slide, answer the following question:

What should Ms. Hania’s next step be?

  1. Sign out and shut down the laptop
  2. Visit a laptop repair center
  3. Uninstall the firewall
  4. Reinstall the protection software

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

55

56 of 58

Case Study Activity 5-1: Answer

What should Ms. Hania’s next step be?

Answer: d

Reinstall the protection software

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

56

57 of 58

Self-Assessment

  1. Which biometric security practices have you incorporated to ensure your information remains secure?
  2. Have you or anyone you know experienced ‘hacking’ of personal accounts? If yes, what type of information was hacked and how was it resolved?
  3. Take a few minutes and reflect on what you learned in this module. What topics would you like to learn more about?

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

57

58 of 58

Summary

Click the link to review the objectives for this module.

Link to Objectives

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

58