Data security refers to the protection of data from unauthorised access and data corruption throughout its lifecycle.
Glossary
Data Integrity | The overall accuracy, completeness, and consistency of data. |
Data Security | The protection of our data so that it does not get stolen or corrupted. |
Hacker | A criminal that accesses a system unlawfully, i.e. without rights. |
Malware | Software installed intended to cause harm. |
Virus | A type of malware that has a unique signature that can replicate itself. |
Phishing | A scam to trick a user into giving personal information or install malware. |
Pharming | A scam that uses a redirection to trick a user into giving sensitive data. |
Anti-malware Software | Can be installed in your computer to warn you that malware was installed. |
Audit Logs | A preventive measure in order to recover from errors or data loss. |
Encryption | An algorithm that jumbles up plain text so that it is unreadable. |
GDPR | General Data Protection Act, an EU regulation that protects our data and so ourselves. |
Why is data security an issue?
I think you would find it easy to understand that anything of value needs protecting. Would you trust everyone with your favourite toy? How would you feel if someone other than yourself misused it, scratched it... or gave it to someone else!
Keeping our data safe is extremely important because some it could be extremely sensitive that should only be kept within family or close friends. Companies need to store private data about their employees such as passwords and bank details.
Data Integrity vs. Data Security
Data integrity is the overall accuracy, completeness, and consistency of data. Why? We had learnt that computers are processors of data. In order to trust computer systems then it is extremely important that the data being handled is solid.
In other chapters in this course we came across multiple factors that can affect the integrity of our data. For example in Chapter 40 we talked about human error, in Chapter 47 we talked about bugs and when we talk about Networks errors are entirely possible between computers. All risks to data integrity need to be addressed but this topic looks at a darker truth.
In an ideal world we do not need to have this topic, but we do not live in an ideal world... unfortunately, in particular when we are on the internet our personal data is under threat 😧.
What is the danger?
Data security refers to the protection of our data so that it does not get stolen or corrupted. There are not so nice people out there who want to steal our personal information, or information of a sensitive nature e.g., our financial details. In order to come up with ways to protect ourselves, we first need to know what we are protecting ourselves from. Unfortunately there is a lot of ugly stuff 😢, but we will go through the most common ones here:
Hackers This is the act of accessing a computer system without right or permission so it is very illegal . Malicious people might want to steal your data in order to pretend to be you, or perhaps hold your information to ransom! Nowadays we have so many sophisticated security measures that it has become increasingly difficult to hack a system. In the 70s this used to be a sort of 'sport', but still very illegal.
Malware This is probably one of the biggest risks that we need to deal with on a daily basis. Since hackers are finding it increasingly difficult to gain access to certain information they write software to try and trick people like us! Malware is software that is intends to cause some form of damage for example deleting important data or altering it. Normally malicious software is designed to run without you knowing. There are various types of malware and I am pretty sure you are familiar with some of these: Viruses, worms, spyware, adware etc...
Man In The Middle Are you ever worried that someone might be looking into your messages as you are chatting with your friends? Unfortunately your fears are justified. Data interception is a form of tapping in order to steal data. This is also known as man in the middle because it is literally as though there is someone between your computer and your friend's computer.
Phishing and Pharming The invention of the internet has brought about many opportunities, but as we do learn in Chapter 46, Networks, there are dangers! Phishing and pharming ,portmanteau of the words fishing and farming, are both popular cyberattack techniques that exploit the way people use the internet and the way web browsers work. When someone is phishing, a cyber criminal sends an email as bait and it makes it seem like it was sent by a trust worthy organisation. Such emails can either demand private details or more commonly, have a call to action which installs some malicious software without the user knowing. Pharming can also start with an email in your inbox... although not always. At times malware is installed in your computer that is programmed to redirect your clicks to a website that looks legitimate but in fact it will not be. A fake website can display a legitimate-looking form that will ask you to enter personal information. You will not really know who is collecting your data and why.
Security Measures
Finally now we get to the part on how we can protect our data and therefore ourselves. You do not need be overly afraid to use safe computer systems, because robust systems have many security measures in place to keep you and your data safe therefore you can trust that your data integrity remains intact!
Authorisation and Levels of Access When multiple people are accessing the same system they are probably doing so for different reasons and so people are granted specific rights to do a certain amount of things. It is probably easier to explain with an example. Students, teachers and head of sections all access MySchool. However, as a teacher, I am not able to see every piece of information about you on MySchool even though it is there. When I click on something that I should not have access to I see the following error message:
Many systems, including MySchool have different levels of access and this is important because not everyone should have equal right to read, write and delete data.
Authentication When there is a way for a user to prove who they are and that they have permission to access a system. This is also referred to as login. Various factors of authentications exist nowadays: 1FA is logging in with a username and password; 2FA requires logging in with verification on a mobile device; and 3FA use of biometrics like fingerprint scan.
Anti-malware software People that download software online should probably install an anti-malware software. This is a piece of software that can recognise signatures of known viruses and thus identify software that seems very suspicious. Most modern operating systems come with really good anti-malware software e.g. Windows Defender. MacOS adopt a different school of thought. Applications for Macs go through a rigorous process and it is a bit more difficult to install software on a Mac whose author is anonymous. This aspect is covered in more detail in Chapter 38.
Encryption This is an algorithm that jumbles up messages for example a message stating "hello" gets encrypted into "cRHFlKylCpUNW03UMxGNeXlNm+XKbg3ZWvi4sWi4dCQ=". Only people who need to read the message are able to decrypt the jumbled up text. Let us assume that the worst happens, and someone malicious managed to get your data, if it is encrypted then it would not be of much use because it is unreadable.
Firewall A network (hardware) device or a utility software, more on Chapter 38, that analyzes traffic entering and leaving a protected network. It will refer to a list of rules to either "allow" or "block" activity both in and out of the network. This means that network activity which cannot be trusted will not be allowed to enter. The installation and configuration of a firewall can protect data on a network from unauthorized access by hackers who tend to use a variety of tools that can quickly harm a network like a virus.
Data Loss
The worst thing that can happen to our data is that we actually lose it. Data is permanently stored in some kind of secondary storage and whilst it is true that malicious people are a big threat to our data, so is.... Mother Nature. There is no real security measure we can adopt to prevent tragedies and catastrophic accidents. This means that if the worst ever happens we need a way to rebuild our data, this is also known as data recovery.
We will briefly outline two popular data recovery measures:
Offsite Backups A backup is an exact copy of data. Backups are often stored in a large secondary storage medium far away. Nowadays many reliable cloud services are available to keep your data safe at a reasonable cost. So when for some reason or another your data is lost, recovery is possible via the backup. For this to be effective backups should be taken regularly.
Audit Trails and Logs This is a popular alternative because backups are quite laborious to maintain. It is common for systems to keep a log of important events such as data that has been added, changed or deleted. If the event also contains information about the user that invoked it, then we call it an audit trail. Recovery is possible because at any point in time one is in a position to rebuild the data by repeating all the events that happened since the data loss.
Right to Privacy and Right to be Forgotten
To put it really simply, privacy is a basic human right. Being in control of our data is essential to our autonomy and protection. Privacy laws are meant to protect us from random and unjustified use of power by states and companies. They allow us to regulate what can be known about us and done to us! Systems that keep data about ourselves need to respect these laws. When you are older and perhaps build systems, those too must comply with the laws of your time ⚖️.
Comments