Computer Security

• Author: Rhoda Wilburn
• Pages: 108-112

Page 108

Computers have become such a big part of everyday life—both at work and at home—for many people around the world. These days, computers are an essential part of practically every type of business, from small, home-based businesses to large multinational corporations. In the business world, companies use computers to store information, design and manufacture products, run complex calculations, etc. On a personal level, many people rely on their home computers to store important information, watch movies, play games, communicate with others, and shop over the Internet.

Because so much valuable information is stored on computers, a new type of criminal has emerged in recent years. These criminals, sometimes called "hackers" or "scammers," use their computers to "break in" to companies' or other people's computers to steal information, such as credit card numbers. The incidence of identity theft is on the rise as computer criminals find increasingly sophisticated ways to obtain personal information and use it in malicious ways. However, not all hackers are interested in stealing information. Instead, some send viruses through websites or email to damage the receivers' computers.

RECORDS PROTECTION

Information stored in a computer system is subject to a variety of threats. It was not long ago that the biggest concern about computer data was protecting it from physical disasters such as floods and fires, technology failures, and human errors. Most organizations develop contingency plans whereby they examine the possibilities of losing computer operations, and formulate procedures for minimizing damage. A disaster recovery plan is typically adopted to outline how the organization will carry on business in the event of a catastrophic loss. Data backup is an essential element of disaster recovery and involves the regular, systematic backing up of data to media that may include floppy disks, removable hard disks, CD-ROMs, or magnetic tape. Ideally, the backup files are then stored in a safe that is fireproof, heatproof, waterproof, and preferably protected at an off-premise location.

While the threat to computer files from disasters is real, research shows that employees are frequent culprits in the destruction or alteration of company information. Customer information, new-product plans, company financial information, and legal information can be stolen and sold to other organizations. Former or disgruntled workers who want revenge on their employer or supervisor have been known to resort to computer crime. The victim of information

Page 109

theft rarely learns of the problem until afterward, since copying information does not alter the original in any way. For this reason, prosecution is rare and frequently results in mild treatment. In some cases, perpetrators have taken new jobs as security consultants after receiving minor punishments.

Although records protection is still of concern today, there are many more concerns about the safety of computer data, both at work and at home. Because so much business is now conducted over the Internet, computer criminals have discovered ways to steal that information. Terms such as spyware, phishing, pharming, viruses, firewalls, and spam are practically household words among computer users, especially those who use the Internet.

SPYWARE

Spyware is a term used to describe a program that is put on a computer without the user's permission, and usually without the user's knowledge. A spyware program runs in the background and keeps track of the programs the user runs and the websites the user visits. Some spyware tracks the user's keystrokes and extracts passwords and other information as they type. It then uses the information gathered to display certain advertisements or forces the user's browser to display certain websites or search results. Most spyware is written for the Windows operating system.

Spyware can be installed on an unsuspecting user's computer in any of the following ways:

Piggybacked software installation: Some software applications install spyware as part of the program installation. This is especially true of "free" software that users download onto their computers.

Drive-by download: Some websites automatically try to download and install spyware on the user's machine. Sometimes when this happens, the user's browser may display a standard popup message that tells the name of the software and asks if the user wants to install it. But if the user's security setting is low enough, his browser may not display the message.

Browser add-ons: This type of spyware adds enhancements, such as a toolbar, an animated pal, or additional search boxes, to the user's web browser. While the user may like these enhancements, some of them embed themselves deep in the user's computer and are very hard to remove from the computer. These embedded spyware programs are also known as browser hijackers.

Masquerading as anti-spyware: Some spyware claim to be anti-spyware software, but in reality are spyware programs themselves. They trick users into thinking that they remove spyware, when they...