Threats to data security
Recently, computer systems and the internet have been introduced in more businesses so the threats have increased. This means that computer systems and data need to be protected, including financial transactions over the internet.
Types of threats
The most common threat is a computer virus which is a program that replicates and spreads, trying to break a system. A trojan is designed to give full control of a PC to another.
A worm is a standalone program that replicates to spread to other computers
Phishing is where someone pretends to be a reliable source in order to access private information. This is most common through instant messaging, where users are tricked into entering their details on an untrustworthy website.
- Spyware is a software which hacks into private details and logins without the user being aware. They are difficult to detect and some are installed to monitor users intentionally.
DPA states that if a business losses information on you either by just accidental loss or by a hacker, then that business may be prosecuted for not keeping your data secure.
The Computer Misuse Act (CMA) was designed in 1990 to prevent unauthorized access to computers or to at least prosecute such offenders.
Impacts on Customers: They may become victims of Identity theft
Impacts on Employees: Higher monitorization of what Employees are doing, demotion in Job, possibly a warning or they may be fired.
Impacts on Business or Organisation: May have to be forced to pay compensation, may have to close, increase level of security and customers may not trust the business in future and may go elsewhere.
There is a computer misuse act which deals with hacking and viruses and was passed in 1990. The main parts of the act are:
Unauthorised access to computer material
This is in connection with hacking, which is getting data or programmes that you aren’t allowed to view. It is illegal if you have not been given permission to view it or use the computer to access it.
Unauthorised access with the intent to commit further offences
If the information is viewed with permission but with the intent of using it to commit a crime, for instance blackmailing then you are breaking this law.
Unauthorised acts with intent to to impair computers
Meaning that making unauthorised changes to the computer materials it breaking this law, for example sending a virus to cause a malfunction or damaging the data.
As everyone has a right to privacy and not have their information free to share online, the government started the Data Protection Act (DPA) in 1984 and the last update to it was in 1998.
If any business/company wants to keep information on people, they must register with the Office of the Information Commissioner.
Personal Data = Data on any living person who can be identified. This can include (but is not limited to); race, political opinions, religion, physical/mental condition, if part of a Trade Union.
Data Subject = a living individual to whom personal data relates.
Data Controller = a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Data protection 2
The DPA gives several rights to Data Subjects and has guidelines to Data Controllers.
Rights of Data Subjects: Subject Access, Correction, Prevent Distress, Prevent Direct Marketing, Automatic Decisions, Complaint to the Information Commissioner, Compensation.
Explanations: Subject can ask for information from Controller, Can force Controller to correct any mistake, Can prevent any information of Subject being kept if it can cause distress, Can prevent junk emails or calls, Subject can stop Data User from making automatic decisions, Use of personal data reviewed by Commissioner, Compensation if data is incorrect, lost or disclosed.
Exemptions: National Security, Crime/Taxation, Domestic Purposes and if seeing your records may cause you harm.