In this article, we look at an overview of IT threats and how to safeguard your computers, information and communication against computer and communication threats such as criminal acts and malicious tech. We explore the use of identification tools, encryption, access control, audit controls and people controls.
SECURITY AND CONTROL
Computer and communication threats
Information technology (IT) can be disabled by a number of occurrences:
- Errors: Human, Procedural and software errors
- Electrochemical problems
- Threatened by natural hazards and civil strife and terrorism
- Criminal acts; theft of hardware and software, time and services and information
- Crimes of malice and destruction
Criminals may be employees, outside users, hackers, crackers and professional criminals.
Errors and Accidents
Human errors include unexpected things people do with a computer system such as:
- Failure to acquire a computer fit for one’s need
- Emotions: abandoning the computer or throwing
- Procedural errors: computer failures related to failure to follow procedures
- Software errors: the “bugs” affects the performance of a program
Mechanical and electrical systems such as circuit boards don’t always work. They may be improperly constructed, get dirty, overheated or wear out. Power failures (brownouts and blackouts) can shut a system down. Power surges can burn out equipment. And there’s always dirty data: keyboarding in data that is incomplete, outdated or inaccurate.
Natural and other hazards
Natural hazards include fires, floods, earthquakes, tornados, hurricanes etc. which may inflict damage over wide area. Other hazards include civil strife and terrorism; civil riots, wars and acts of terrorism.
Computer and communication threats: crimes
Theft of hardware includes shoplifting an accessory in a computer store, removing a laptop or telephone service from someone’s car, stealing shipments of microprocessor chips off a loading dock (professionals).
Theft of software includes stealing someone’s diskette or disks with software, copying programs, counterfeiting a well-known software programs.
Theft of time and services includes using your employees computer to play games, tapping into cellular networks and dialing for free.
Theft of information includes stealing confidential personal records and selling, stealing credit information.
Worms and viruses
These are forms of malicious high – tech. A worm is a program that copies itself repeatedly into memory or onto disk drive until no more space is left. A virus is a “deviant” program that attaches itself to computer systems and destroys or corrupts data. Viruses may be passed through diskettes, flash memory cards and networks.
Types of viruses
Boot – sector – virus
Replace the boot sector instructions with its instructions and get loaded into main memory before operating system and be in a position to infect other files. Example AntCOSMOS, AntEXE
Attach themselves to executable files i.e. those files that begin a program. In DOS these files have extension of .com and .exe
Hybrid of file and boot – sector – virus. Infect both files and boot sector hence difficult to detect it. Polymorphic virus, can mutate and change form
Places illegal, destructive instructions at the middle of a legitimate program
Set to go off at a certain date and time
Employees: 75 – 80% of everything happens inside. Use IT for personal profit, or steal hardware or information for sell. Fraud involves credit cards, telecommunication, employee’s personal use of computers, unauthorized access to confidential files and unlawful copying of copyrighted or licensed software.
Outside users: Suppliers and clients may gain access to a company’s information technology and use it to commit crime.
Hackers and crackers: Hackers are people who gain unauthorized access to computer or telecommunication systems for the challenge or even the principle of it. Crackers also gain unauthorized access to information technology but do so for malicious purposes (financial gain, shutdown hardware, pirate software or destroy data)
Safeguarding against computer and communication threats
Identification and Access
Computers authenticate your identity by determining:
- What you have
- What you know and
- Who you are
What you have
Credit, debit and cash machine cards have magnetic strips or built in computer chips that identify you to the machine, they may request you to display your signature. Computer rooms may be guarded by security officers. Keeping a lock on personal computers.
What you know
Use of PIN (Personal Identification Number), Use of passwords and Use of digital signatures.
Who you are: (The physical traits)
Biometric devices that read fingerprints (computerised), voice, blood vessels in the back of the eyeball, the lips, one’s entire face.
Altering of data so that it is not usable unless the changes are undone. Use of encryption programs such as PGP (pretty good privacy). Useful in some organizations especially concerned with trade secrets, military matters etc.
Protection of software and Data
Control of Access
Access to online files is restricted only to those who have a legitimate right to access. Example, some organizations have a transaction log that notes all accesses or attempted accesses to data.
Many networks have audit controls that track which programs and servers were used, which files opened. Creates audit trails, record of how a transaction was handled from input through processing and output.
Includes screening of job applicants, separating employees functions, manual and automated controls.
Computer and communication threats are risks you can avoid. Consider implementing strong internal control activities in your IT function, get a security audit performed by experts or consultants and implement features to tighten your digital environment.