Chapter 6 – Risks to Data & Information

3.1 - Potential risks to data and personal information when information is transmitted and
stored digitally

There are several risks to data and information, each detailed below:

If a user who is not allowed access to a network access it, it’s known as unauthorized access.

Cybercriminals can gain unauthorized access either by trying to guess logins, or by using computers/AI that
guess approximately 1000 logins per second.

Users may try to gain unauthorized access to use devices as botnets.

Botnets - devices used to spread malware (malicious software)

Malicious software – Software that is created with the intention to do harm.

The botnets are installed by criminals looking for the weakest, most vulnerable devices within the network. As
soon as they are infected, they infect the rest of the network.

Another risk to data and information could be deliberate damage by malware.

Malware can show messages, delete files, install programs, or even reprogram systems.

There are different types of malwares, detailed below:

Keyloggers
are an
example of
spyware.

Another risk to data could be accidental deletion:

This could be done through: Pressing a key accidentally, Loss of power unexpectedly, Formatting media on the
wrong storage device.

Edexcel IGCSE ICT Revision Notes

1
Criminals can also lose data due to theft. This can happen in a variety of forms:

A. Phishing

Phishing is the criminal activity of sending emails or having a website intended to trick someone into giving
away personal information (such as credit card details or computer passwords).

One type of phishing is spearing phishing – this is when the messages are more personalized and targeted to a
small number of people.

Another type is smishing – this is when the messages go through SMS.

B. Pharming

Pharming is like phishing, except this is not through messages, but rather by creating fake versions of trusted
websites.

This can be done through two main methods:

I) Internet traffic being sent to the real website is reforwarded to the fake website. This is done by
altering the domain name servers. A domain name server is a computer connected to the
internet that translates domain names, for example pearson.com, into IP Addresses.

II) Fake URL – Sometimes criminals will spell their fake website’s URLs as a misspelled version of
the original. Therefore, when the users mistype the original URL, they are directed to the fake
one. For example, www.britishschoolofbahrain.com is the original website, but
www.britiahschoolofbahrain.com is the pharmed website.

As mentioned in Chapter 5, there are several ways to protect data and personal information.

This could be: Firewalls, Encryption, File Access Rights, Transaction Logs, or even Passwords/Pins/Biometrics.

Remember passwords must be: More than 8 characters long, mix of letters, numbers and symbols, changed frequently,
upper and lowercase, something not known (e.g. don’t use birthday).

Another method of protection is CAPTCHA:

CAPTCHA – A computer system which can identify whether a user is a human or a computer.

CAPTCH may ask users to either enter text, choose images or solve puzzles.

reCAPTCHA is a form of CAPTCHA but they use extracts from books, and the typed data is used to type up eBooks.

Edexcel IGCSE ICT Revision Notes

2
Another important tool is Anti-malware:

Anti-malware – prevents malware from accessing or operating on computer scans or computer files in real time and
allows users to scan files, folders, or whole systems.

Anti-virus: works just like virus prevention in real life. Files being downloaded are constantly checked for signs of virus
definitions. If matches are found, the file is quarantined so that it cannot be run.

This software must be upgraded regularly, as viruses are being updated regularly.

Anti-malware also includes Anti-spyware and Anti-adware.

HTTPS:

Users should also look out for websites and make sure they follow the HTTPS format (Hypertext Transfer Protocol
Secure) which keeps communications private and provides security for users’ accounts.

HTTPS authenticates payments through a payment server, and provides encryption using SSL (Secure Socket Layer) and
TSL (Transport Layer Security)

Backup Procedures:

Backups can be done on online or local storage.

Online is safer but slower, while local is faster but at a higher risk of loss.

There are three kinds of backups:

1 – Full Backup: Creates a copy of ALL files.

2 – Differential Backup: Creates a copy of all files that CHANGED SINCE THE LAST FULL BACKUP ONLY.

3 – Incremental Backup: Creates a copy of files that CHANGED SINCE THE LAST PREVIOUS BACKUP (WHATEVER IT WAS)

When backing up its better to:

- Schedule and automate backups.

- Do backups at times of low file activity.
- Store in multiple locations
- Use Online Storage
- Create more than one copy in different locations.

Online Payment Systems

When entering data from bank cards you may be asked for: Card Number, Card Security Code (CSC), Expiry Date,
Cardholder Name

Examples of online third-party payment processors are PayPal and BenefitPay.

Contactless payment has also been introduced using NFC and RFID, however it is less secure.

Edexcel IGCSE ICT Revision Notes

3
Edexcel IGCSE ICT Revision Notes
4