Threats to Data.

Introduction
There are a various number of threats to data and being affected by one of these
threats is inevitable, however there are methods of reducing the chances of getting
these threats. Some solutions like an anti-virus guard would prove inefficient in
protecting a system against threats if it isnt updated because there are many
viruses and more are being created, an updated anti-virus guard would be able to
recognize more of these viruses than an outdated one.
The Different Legislations like Copyright and Data Protection act and the computer
misuse act etc. are enforced differently in different countries. In a country like Sri
Lanka these laws arent as enforced compared to a country like England.

1. Hackers
Hacker is a term that refers to many different computing topics. However, in the mainstream, a hacker is
any individual or group that circumvents security to access unauthorized data.
Most hackers are highly skilled computer programmers that locate security gaps and access secure
systems via unique analytical skills. A great hacker is known to be able to "think outside the box."
Hacker types are delineated according to intent, as follows:

Black hat hackers break into computer systems illegally and cause harm by stealing or destroying
data, i.e., a banking system to steal money for personal gain.

White hat hackers use their skills to help enterprises create robust computer systems.

Grey hat hackers perform illegal hacking activities to show off their skills, rather than to achieve
personal gain

2. Virus

Viruses are malicious programs that spread throughout computer files without user knowledge. Most
widespread virus infections spread through email message attachments that activate when opened. The
vicious cycle of a virus perpetuates as infected emails are forwarded to multiple users. Viruses also
spread through shared media, such as Universal Serial Bus (USB) drives.

Initially created as pranks, viruses are responsible for widespread and significant computer system and
file destruction. Installing anti-virus software helps prevent, block or remove previously installed viruses.
There are a variety of threats that users may have to face when online, these threats and methods of
preventing these threats will be discussed thoroughly in this document.
a. Logic Bombs : Logic bombs are normally used for malicious purposes, but they can also be

used as a timer to prohibit a consumer from using certain software past a trial basis. In this
case, unless the consumer ends up purchasing the software at the end of the free trial, a trial
bomb will deactivate the program. If the vendor wants to be particularly nasty, it can program
the trial bomb so that it takes other data along with it, not just the program data
b. Worms : A worm is type of malicious software (malware) that self-replicates and distributes
copies of itself to its network. These independent virtual viruses spread through the Internet,
break into computers, and replicate without intervention from and unbeknownst to computer
users.
c.

Trojan Horse : The Trojan horse is named for ancient Greeces apparent gift of peace to the
Trojans, when a giant wooden horse was secretly filled with Greek warriors. After the Trojans
allowed the horse to enter their great city, the Greek warriors emerged from the horse gained
control of the city of Troy.

The following are types of trojan horses:

Backdoor Trojan: opens a back door for a user to access a victims system at a later time

Downloader: This Trojan downloads malicious software and causes harm to the victims computer
system.

Infostealer: This Trojan attempts to steal information from the victims computer.

Remote Access Trojan (RAT): This can be hidden in games or other programs of a smaller variety
and give the attacker control of the victims computer.

Data Sending Trojan: This gives the perpetrator sensitive information like passwords or other
information programmed to be hijacked.

Destructive Trojan: This destroys the victims files.

Proxy Trojan: As a proxy server, this allows the attacker to hijack a victims computer and conduct
illegal activities from the victims computer.

3. Identity Theft

Identity thieves have a number of avenues for stealing personal information via electronic means.
These include:

Retrieving stored data from discarded electronic equipment such as PCs, cellphones and
USB memory sticks

Stealing personal information using malware such as keystroke logging or spyware

Hacking computer systems and databases to gain unauthorized access to large amounts of
personal data

Phishing, or impersonating trusted organizations (such as the IRS, a bank or large retailer)
via email or SMS messages and prompting users to enter personal financial information

4. Phishing
Similar to fishing in a lake or river, phishing is computer lingo for fishing over the Internet for
personal information. The term was first used in 1996, when the first phishing act was recorded.
Phishing uses link manipulation, image filter evasion and website forgery to fool Web users into
thinking that a spoofed website is genuine and legitimate. Once the user enters vital information,
he immediately becomes a phishing victim.
5. Internal Threats to Data
Natural disasters :A natural disaster such as a tsunami or a hurricane may wipe out a business online
workstation, and they may be left with absolutely no data of any of their more recent transactions. This
may hence make customer data unrecoverable, and will result in the business experiencing many
financial losses.
Theft: This happens when customer data stored inside an online business workstation is physically stolen
by a thief. This may occur if a thief manages to infiltrate the workplace of an online business and
physically remove hardware components from the business server computer, which may hence make the
data lost unrecoverable and susceptible to manipulation.

Methods to protect Data?

How to prevent hacking

Hackers rely on weaknesses in your computer therefore performing regular operating updates will help
preventing hacking. Install a firewall in your computer, firewalls are a piece of hardware or a software
program that helps prevents hackers, viruses etc from gaining access to your computer through the
internet. Even the firewall needs to be updated regularly for maximum protection. Use different and strong
passwords for your online accounts (strong passwords are those which contain alphanumerical data,
upper case and lower case letters and not too long or too short etc.). Install a well updated anti spyware
software. If spyware is in your computer it collects data such as what you type for example your
passwords and send it to a computer else ware so they can use your passwords to login to your
accounts, anti-spyware prevents this.

How to prevent virus ? :

Viruses can be prevented by taking sensible precautions, including:

Keeping your operating system up to date.

Using up to date anti-virus software.
Not opening an email attachment unless you are expecting it and know the source (many
email servers scan emails with anti-virus software on the user's behalf).
Not allowing other users to use their own memory stick on your system.
Only downloading files from reputable web sites.
Avoiding software from unreliable sources.
Anti-virus software can inspect computer files and email attachments for viruses and remove or
quarantine any which are found.
It is good practice to backup your data regularly. If a virus does damage your data, you
can restore the damaged files from backup.

How to prevent Identity Theft ?

There a re a number of simple, straightforward actions we can all take to protect our online identity and
guard against online fraud.

Choose strong passwords: This is particularly important for the extra verification services used
on some websites. Never pick obvious passwords like your date of birth or simply 'password.' The
strongest passwords contain letters, numbers and symbols. Pick two random words and then change
some of the letters (e.g.b00kshep1).

Stay secure: Before entering payment details online check the link is secure. There should be a
padlock symbol in the browser window frame (not the page itself), and the web address should being with
'https://'. The 's' stands for 'secure'.

Always look out for the padlock symbol and 'https' when entering details online

How to prevent identity theft

Check your statements: Watch out for any payments you haven't made, and check that the
correct amount has been debited.

Destroy documents: Make sure you shred documents before binning them if they contain
important personal information.

Avoid Cold Calls: If you have not had a conversation with someone before then do not hand
over money or personal details over the phone.

Set privacy settings: Make sure that it is not possible for the public at large to view personal
information about yourself online or on social networking sites. This may provide an avenue for criminals
to build up a picture of your identity.

Keep your details close: Writing passwords down on your mobile phone or forgetting to cover
your pin at ATM's are just some of the ways that physical fraud can take place. The safest place for a
password is in your head.

How to prevent Phishing ?

1. CHECK THE SOURCE OF INFORMATION FROM INCOMING MAIL

Your bank will never ask you to send your passwords or personal information by
mail. Never respond to these questions, and if you have the slightest doubt, call
your bank directly for clarification.
2. NEVER GO TO YOUR BANKS WEBSITE BY CLICKING ON LINKS INCLUDED
IN EMAILS
Do not click on hyperlinks or links attached in the email, as it might direct you to a
fraudulent website.

Type in the URL directly into your browser or use bookmarks / favorites if you want
to go faster.
3. ENHANCE THE SECURITY OF YOUR COMPUTER
Common sense and good judgement is as vital as keeping your computer protected
with a good antivirus to block this type of attack.
In addition, you should always have the most recent update on your operating
system and web browsers.
4. ENTER YOUR SENSITIVE DATA IN SECURE WEBSITES ONLY
In order for a site to be safe, it must begin with https:// and your browser should
show an icon of a closed lock.
Physical Data Protection
There are many things you can do to make your equipment more secure:

Lock the room when not in use

Use swipe cards or keypads to activate locks

Bolt computers to the desk

Keep windows shut - especially if on the ground floor. Use bars.

CCTV video cameras

In large firms, security guards

GoPro Privacy Policy

Privacy Policy includes the following clauses to protect the customers .

1. GoPro International Compliance
2. Information You Provide
3. Automatically Collected Information
4. Uses of Information
5. Sharing and Disclosure of Information
6. Choice/Opt-out
7. Correcting / Updating or Removing Information
8. Third Party Website Links and Features
9. Childrens Privacy

10. International Users

11. Changes in Our Privacy Policy
12. How we Protect Your Personal Information .

Legistlation .
Data Protection Act( 1998)
During the second half of the 20th century, businesses, organisations and the government began using
computers to store information about their customers, clients and staff in databases. For example:

names
addresses
contact information
employment history
medical conditions
convictions
credit history

Databases are easily accessed, searched and edited. Its also far easier to cross reference information
stored in two or more databases than if the records were paper-based. The computers on which
databases resided were often networked. This allowed for organisation-wide access to databases and
offered an easy way to share information with other organisations.
The Data, information and databases section has more on searching databases.
Misuse and unauthorised access to information
With more and more organisations using computers to store and process personal information there was
a danger the information could be misused or get into the wrong hands. A number of concerns arose:

Who could access this information?

How accurate was the information?
Could it be easily copied?
Was it possible to store information about a person without the individuals knowledge or
permission?

Was a record kept of any changes made to information?

The purpose of the Data Protection Act

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to
give legal rights to people who have information stored about them.
Other European Union countries have passed similar laws as often information is held in more than one
country.
According to thee DPA the following principles need to be followed by businesses :
1. Data should be processed fairly and lawfully.
2. Data should be collected for one or more specified and lawful purposes and it should not be further
processed to be used for any other purposes than those specified.
3. The data collected about a person should not be excessive in relation to their purpose or purposes for
which they are processed and the data must be adequate and relevant.
4. The personal information that is collected should be accurate and must be kept up to date.
5. Personal data should be kept no longer than required to meet its purpose or purposes.
6. Personal data should be processed according to the "data subject's" rights, which is also stated under
this Act.
7. All the personal data about individuals have to be protected from unauthorized and unlawful
processing. Data should also be protected against accidental loss, destruction of or damage to, personal
data. The organization is required to take specific security measures to protect the personal data.
8. Personal data cannot be transferred to other countries unless that country ensures the protection of the
rights and freedoms of the data subjects in relation to the processing of the personal data.

Computer Misuse Act .

The Computer Misuse Act 1990 (CMA) is an act of the UK Parliament passed
in 1990. CMA is designed to frame legislation and controls over computer
crime and Internet fraud. The legislation was created to:

Criminalize unauthorized access to computer systems.

Deter serious criminals from using a computer in the commission of a

criminal offence or seek to hinder or impair access to data stored in a

computer.
The CMA is broad and sweeping, but has also been broadly and liberally
applied in the courts. This has raised concerns among privacy advocates and

those who believe in circumscribing government influence on daily life and

behavior. Nevertheless, the CMA has served as a model for computer crime
legislation in other Commonwealth countries.
Copyright , Design and Patent Act (1988)
This Act was introduced to protect the investment of time, money and effort by the people who
create original pieces of work.
This can mean authors of books, composers of music, the makers of a film, a computer game
designer or a company that creates applications for smart phones.
They all invest a great deal of time and money to produce these things and quite rightly, their
work belongs to them.
The Copyright, Designs and Patents Act has two main purposes:
1. To ensure people are rewarded for their endeavours
2. To give protection to the copyright holder if someone tries to copy or steal their work.

Distance Selling Act (2005)

Businesses must provide consumers with clear information so that they can make an informed choice
about whether or not they wish to buy from you. The information you give to the consumer must include
details about:

your business;

the goods or services you are selling;

your payment arrangements;

your delivery arrangements;

Right to cancel period of 7 working days (known as the cooling off period);

Recovery of paid monies

Restoration of goods after cancellation.

The Regulations should also be read in conjunction with the E-commerce Regulations 2002. These
Regulations set down clear guidance on promoting online trust and confidence when selling goods and
services online. You should also check out the 2004 regulations that apply to the purchase of financial
services
You must give consumers 7 working days in which they can decide to withdraw from the contract (the
'cooling off' period). This doesn't apply to goods and services (1) made to the consumer's specifications;
(2) audio and video records, computer software unsealed by the consumer; (3) newspapers, periodicals
and magazines; (4) gaming, betting or the lottery.
The cooling-off period is 3 months where you haven't given notice of the 7 working day cooling off
period. Unless agreed otherwise, consumers have a right to receive goods or services within 30 days. If
your sale is to another business the Distance Selling Regulations do not apply.
CONCLUSION
There are a variety of threats to data and a being affected by one of these threats is inevitable however
there are methods of reducing the chances of getting these threats. Some solutions like an anti-virus
guard would prove inefficient in protecting a system against threats if it isnt updated because there are
many viruses and more are being created, an updated anti-virus guard would be able to recognize more
of these viruses than an outdated one.
Biometric Security although may seem impossible to hack or break through can be done for example a
padlock could be broken by a large force applied to it like from a bullet. Also security guards can be bribed
for access of the information there were paid to protect.
The Different Legislations like Copyright and Data Protection act and the computer misuse act etc. are
enforced differently in different countries. In a country like Sri Lanka these laws arent as enforced
compared to a country like England, therefore people living in Sri Lanka can easily break these laws.
Technology is rapidly expanding and therefore there will be more threats to data and more solution to
counter these threats. There is no 100% guarantee that these solutions will stop every single threat but
they will stop whatever threats they can.