Friday, 1 February 2008

Finalll

Security Report
Natasha Dillow

E-commerce is shopping over the internet. It may be to buy goods or a service. All transactional websites face certain threats, including Joe Browns. Companies need to be aware of this and protect themselves appropriately.
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing, which is when your details are taken and used to hack your account.

When making a purchase, the customer gives their credit card details and other personal information to the website. This isn’t the only data given to the website. Joe Browns and other transactional websites also collect data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.

There are several threats to a company/person using the computer and internet. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the Joe Browns system may get passed on to your computer if you download anything from them. It is important that Joe Browns are aware of these hazards and protect themselves in a particular way. For example, anti-virus software seeks out any viruses on your computer and deletes them. This is the main and most effective way of curing viruses, but prevention is better than cure. To prevent them, you should be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. However, anti-virus software is getting worse, according to the German computing magazine c’t. They studied 17 different pieces of anti-virus software and found that most of them could not track newer viruses as the creators are getting better at disguising them. Anti-virus software needs to be updated often to be effective. Firewalls are also a good way of the prevention of viruses. (See below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers, and this protection must be updated regularly to keep up with the new threats.

Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked. Firewalls should be installed on computers which are used for personal use, computers in the workplace and computers in a business. Joe Browns definitely has firewalls as it is essential that any transactional business does to keep data safe.

Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software; it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download. Spyware may be purposely installed into your computer too. You may install a key-logger to see what is being written in emails etc. This records the strokes of the keyboard rather than what is on screen, so it is harder to prevent as somebody has intentionally put it there. Unless you know it’s there, you probably wouldn’t think to look for it. This has been an issue brought up recently about how spyware may be used in domestic abuse as a way for a person to control and monitoring their partner. However, there is one recent situation where installing spyware into a person’s computer without them knowing proved helpful. A mother was suspicious of her 12-year old daughter’s internet habits when she started behaving oddly, so installed a program to monitor everything. She found that her daughter was having a relationship with a 21-year-old man from Bristol. It began because her daughter pretended to be older than she was, and after a sexual encounter she admitted her age but the young man still wanted to continue with the relationship and admitted to police that they were going to have intercourse again. This is a positive use of spyware, but generally spyware is an infringement of privacy and a threat to the computer user.

Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in. Joe Browns has all of their customers’ personal data on computer record, and cannot afford to lose this essential information. They should ensure that they back-up their records regularly, and that this information is encrypted and password protected in case of hackers.

Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.

Dishonest employees can cause your business to lose money or become bankrupt. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees. Training about being honest is not the only type of training that is important, but training your employees about the other dangers and threats mentioned here is essential. It is important that you train all of your employees to look out for your company and make sure that everybody tries their best to keep their company safe.

Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.

Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted. Joe Browns is a secure site that uses Thawte as a way of keeping the data safe while it is transferred. Thawte uses SSL certificates to ensure that data is kept as best protected as possible.

Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company or requests to a server so it crashes. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site.

Fire is a problem to your hardware. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly
There is some legislation in place to protect us from some of the internet dangers.

Computer misuse act, 1990: Hacking and the introduction of viruses are illegal under this act. Any person who deliberately tries to access data (knowing that they are not authorised to) can be persecuted under this act. It they then intend to use this data further for misuse, the crime is worsened. It is also illegal to modify anything on the computer without the permission of the data holder. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking. An example of past prosecution under this act is of a teenager who bombarded an ex-employer’s mail server with five million emails. He pleaded guilty and was sentenced to a two month curfew and had an electronic tag installed. Joe Browns must ensure that no unauthorised person can access or manipulate the data held by the company, but this legislation is in place just in case somebody manages it.

Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown. Joe Browns must comply with this legislation and ensure that the personal data held is not kept longer than necessary, and is kept safe and secure.

There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998. America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.

Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.

Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract. This means that Joe Browns must cancel any transaction of non-perishable goods within seven days of the transaction if the customer so wishes.

There are several reasons I can tell that JoeBrowns.co.uk is a safe website. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information. Also, information is encrypted when transferred and the website is secure. This is expected for many large and popular transactional websites. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary. However, there is always a risk when transferring any data over the internet.
The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use. There are many threats to your files and personal data when using your computer, especially the internet. With the right protection, preventative methods and backing up methods, your identity and your files should be safe. It is also essential that you keep your protective methods updated, for example have a new version of an anti-virus programme and back-up your work regularly. It is important that the law keeps up to date with the dangers to us over the internet. For example, a woman in America posed as a young male and sent abusive messages over the social networking site, ‘Myspace’, which drove a young girl to suicide. This behaviour is obviously wrong, but in America it is not illegal. All countries need to make sure that they have legislation in place to prevent people from being tempted to do damaging things, and punish those who do. With the right preventative methods and legislation in place, we can suppress crime via the internet and keep ourselves, our files and our computer safe. Not only individually, but transactional websites and employers also have to comply with these safety precautions.