There are various definitions, depending on the context in which the term is being used. Perhaps the most comprehensive definition, as provided by Security in a box, a joint venture between two organisations focused on the protection of human rights, is as follows: “Digital security refers to ensuring the ability to use digital information and information systems without interference, disruption, unauthorised access or data collection”
Security Issues
There are several digital security risk areas, depending on the context. We will look at the digital risk areas associated with information, Internet, computer and physical.
Devices and Networks
We are all aware that our computers, laptops, tablets and smart phones are at risk from malicious software, also known as malware. What is not always so clear is what all the different terms mean. To follow is a summary of some of the digital security risks that our devices and networks may suffer from.
First off let’s unpack what malware means
Malware is an abbreviation for malicious software, software that is used to compromise computer functions, steal data, bypass controls, or otherwise harm the computer that hosts it.
Adware
Bot
Bugs
Ransom Ware
Roolkits
Spyware
Trojan Horses
Viruses
Worms
Below is a list of symptoms that may indicate that your computer is infected by malware.
Increased CPU usage
Slow computer or web browser speeds
Problems connecting to networks
Freezing or crashing
Modified or deleted files
Appearance of strange files, programs, or desktop icons
Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off antivirus and firewall programs)
Strange computer behavior
Emails/ messages being sent automatically and without user’s knowledge (a friend receives a strange email from you that you did not send)
Digital Fraud and Crime
Digital Fraud and Crime includes crimes such as scams, child pornography, identity theft, social media re-engineering, cyber bullying, cyber stalking and cyber harassment. Although to a large extent the Internet is required for many of these crimes to take place, it is also telecommunication devices and tablets that are involved.
Fraud and Theft Scams Financial and personal information theft is most commonly the purpose of this type of crime. Some of the more notable scams used to gain this information include the following:
Free Samples – Companies offering free samples if the victim pays by credit card. They then find that their card is being used for unauthorised purchases
Mystery Shopper Positions – Companies are asking for extensive background checks, then give the victims a ‘cheque’ to go and buy things at a specific retail store outlet over an extended period. The balance left of the ‘cheque’ is their commission. After the victim does the shopping and deposits the ‘cheque’ the bank advises them that the ‘cheque’ is counterfeit and that they are liable for the products purchased. Other instances are when the victims are asked during the background check phase for personal details such as financial information.
Disaster Fraud – Victims get emails from ‘organisations’ that work with areas affected by some disaster (e.g. Haiti). They are requested to donate toward the funding of the organisation, which in fact does not exist. Another aspect is when a computer malware has been installed and the hacker gets hold of your email contact list. They then email your contacts claiming to be you and request that money is sent to assist “you”.
Rental and Real Estate Scams – The scammers negotiate with the homeowner on a rental fee, but wishes to send additional funds to cover housing expenses, etc. They then ask for the additional amount to be given to them in cash. The reality is that the original transfer is counterfeit or ‘recalled’ and as banks don’t normally place a hold on the funds until it is cleared, the victim will have immediate access to the funds thinking the deposit is cleared. However, it turns out that the cheque used to deposit is counterfeit. Another aspect of the same type of crime is when the scammer backs out of the agreement (before the bank notifies the victim that the cheque is counterfeit) and requests a refund.
“You Have Won…” – Lotto and sweepstakes prizes are sent via cell phone or email. Either you have to give out your banking details and I.D. to get the prize money, which of course is not the case but rather they take your hard earned money, or you need to pay “taxes and fees” to cover the processing of the prize money (Internet Crime Complaint Center).
Sexual Offending Against Children
Although child pornography has been around long before the advent of technology, there has been an increase in cyber- enabled crime against children.
Some of these crimes include:
Online Grooming - Criminal pretends to be a young person and connects with other young teenagers. After awhile they suggest that they meet, where the crime then takes place. The crime could be rape or kidnapping.
Sexual comments and messages being sent to young teenagers.
Sexting – where the criminals encourage self-generated indecent imagery (SGII) that is then later used to ‘blackmail’ the young person, or it is used for financial gain.
Physical Harm as a Result of Digital Crime
This includes harassment, online stalking, cyber bullying and hate crime. Victims report that they receive unwanted emails that threatening or obscene. Cyber-bullied victims have been harassed so much so that they end up committing suicide. In some cases the online stalker has gone on to murder their stalked victims.
Online Privacy Issues
In the learning unit on Digital Law we looked at online privacy issues in great detail, specifically on the infringement thereof. However, we have not really dealt with the issues that PRISM raise. When we enter a site there are several things at play straight away that border on infringement. The first is that of cookies, which are innocuous in their intent, but if hacked can reveal user’s authentication and other stored information.
Cookies are used to better enable user’s navigation, store information about the user’s online behaviour, as well as store user preferences (which can at times include financial information).
Terms and Conditions We really need to stop and think about what we are ‘agreeing’ to when we click on that button. Do we really know what we are agreeing to? No, in fact a digital legal specialist has said that even he doesn’t read these agreements. The reality though is that we are more often than not agreeing to let the company use our information for other purposes.
Security Tools, Methods, and Technology
Given that the security risks are multi-dimensional and from multiple sources and devices, to follow is a breakdown of the various things you can do to protect yourself, your data and your devices. Please note that this is by no means a comprehensive list, but should guide you in practices.
1. Protection for devices from malware and hackers Use antivirus software and ensure that your software updates are up to date. There are many free tools available such as Avast, Spybot and Comodo Firewall that will help you protect your devices.
2. Protect your information Anything can happen, despite your best efforts to protect your information. Key is to ensure that you back up your information both on physical devices and secure cloud services. Moreover you should maintain a healthy computer environment. There is a reason computer labs dictate no food and drinks being permissible nearby…this is to prevent human error where a drink spills on the device or food condiments drip into the device.
3. Creating and maintaining secure passwords Use a secure password database tool, such as KeePass, will greatly support your method of maintaining secure passwords. Using alphas, numeric and symbols are a great way to make your password ‘unhackable’.
4. Protecting sensitive files on your computer Having a multi-layer defence is the best you can do to protect your data and device. Make sure you practice point 1 and 2, but also encrypt those files that contain sensitive data.