Computer Fundamentals: Module 6: Security and Safety

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Ergonomics

An applied science that specifies the design and arrangement of items that you use so that you and the items interact efficiently and safely.

attackers

An individual who launches attacks against other users and their computers, also known as a threat actor.

digital certificate

Code attached to a file that verifies the identity of the creator of the file.

What would a password manager allow you to do?

Create and store multiple strong passwords.

How will you decide which browser security settings to allow and which ones to block?

I will need to review each browser security setting and use my best judgement.

Isabel received a message on her computer that appeared to be from the FBI. It informed her that her computer has been locked and she would need to pay a fee to retrieve her data. How would you describe what is happening?

It is most likely ransomware because it is telling her she has to verify payment information to unlock her computer.

Causes and Examples of RSI

Repetitive activity Repeating the same activity over a lengthy time period Typing on a keyboard for multiple hours every day over several years Improper technique Using the wrong procedure or posture Slouching in a chair Uninterrupted intensity Performing the same high-level activity without frequent periods of rest Working at a computer all day with no breaks

data backup

The process of copying files from a computer's hard drive to be stored in a remote location.

Authentication

The process of ensuring that the person requesting access to a computer or other resources is authentic, and not an imposter.

Phishing

In Computer Concepts, sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into giving private information.

Ten Most Common Passwords

1 123456 2 123456789 3 qwerty 4 password 5 1111111 6 12345678 7 abc123 8 password1 9 1234567 10 12345

SEM Action Steps

1 Buy green When purchasing new electronic equipment buy only products that have been designed with environmentally preferable attributes. 2 Donate Donate used but still functional equipment to a school, charity, or non-profit organization. 3 Recycle Send equipment to a verified used electronics recycling center.

technology addiction

A behavioral hazard that occurs when a user is obsessed with using a technology device and cannot walk away from it without feeling extreme anxiety.

Social engineering

A category of attacks that attempts to trick the victim into giving valuable information to the attacker. At its core, social engineering relies on an attacker's clever manipulation of human nature in order to persuade the victim to provide information or take actions.

Add Two Factor Authentication

A growing trend in authentication is to combine multiple types of authentication. This is most often used with passwords (something you know) and the approved user having a specific item in his possession (something you have) that no one else would have. This is called two factor authentication (2FA) and it makes authentication stronger. The most common authentication elements that are combined are passwords and codes sent to a cell phone using a text message. After correctly entering your password a four-to six-digit code is sent to your cell phone. The code must then be entered as the second authentication method.

two factor authentication (2FA)

A method that combines multiple types of authentication to increase security. This is most often used with passwords (something you know) and the approved user having a specific item in his possession (something you have) that no one else would have. This is commonly used by combining passwords and codes sent to a cell phone using a text message.

weak password

A password that is short in length (less than 15 characters),uses a common word (princess), a predictable sequence of characters (abc123), or personal information (Braden).

password manager

A program that helps you create and store multiple strong passwords in single user "vault" file that is protected by one strong master password.

Wi-Fi

A wireless data network technology that provides high-speed data connections that do not require a physical connection. It is used for mobile devices.

How is a worm different from a Trojan?

A worm spreads through a network, whereas a Trojan hides inside another program.

address spoofing

An attack that changes the device's address so that data is sent to the attacker's computer.

The news reports a security breach of credit card information at a large department store that has recently laid off many employees. Why should the store investigate the possibility of the breach being from an insider?

Because insiders sometimes create threats after incidents at their places of employment

Electrical Changes

Blackout Total loss of power Brownout Drop in voltage lasting minutes or hours Spike Very short duration of voltage increase Surge Short duration of voltage increase Noise Unwanted high frequency energy

Protect Mobile Devices and Your Privacy

In addition to protecting your mobile device from theft, you should also protect it from attackers who want to steal information stored on it or transmitted to and from the device. You should also protect the privacy of your information.

Understand the Risks to Physical, Behavioral, and Social Health

In addition to the hazards related to the safety of your information and hazards to the environment from toxic electronic components, there is another type of hazard. This is the hazard of technology to our physical health as well as our behavioral and social well-being.

Uses of Personal Information

School Telephone number Call you about an advising appointment Give to credit card company who calls you about applying for a new credit card Hospital Medical history Can refer to past procedures when you are admitted as a patient Sell to drug company who sends you information about their drugs Employer Personal email address Will send to you the latest company newsletter Provides to a local merchant who is having a holiday sale

In which of the following situations is a digital certificate useful?

You are signing a rental lease.

Hactivists

Attackers who are strongly motivated by principles or beliefs.

Use Strong Authentication

Authentication is the process of ensuring that the person requesting access to a computer or other resources is authentic, and not an imposter. There are different types of authentication or proof of genuineness that can be presented.

e-waste

Electronic waste from discarded digital devices. It often contains toxic metals such as lead and mercury.

Which term refers to the science that specifies the design and arrangement of items you use so you interact with the items efficiently and safely?

Ergonomics

A Trojan is a malicious program that uses a computer network to replicate.

False

Social-networking sites have a history of providing tight security and giving users a clear understanding of how security features work.

False

Marcus recently had his cell phone stolen. All of the following are security features that should help him locate his stolen phone EXCEPT which one?

He can use remote tracking to retrace the thief's steps.

Use Strong Passwords

In most computer systems, a user logging in would be asked to identify herself. This is done by entering an identifier known as the user name, such as MDenton. Yet because anyone could enter this user name, the next step is for the user to authenticate herself by proving that she actually is MDenton. This is often done by providing information that only she would know, namely, a password. A password is a secret combination of letters, numbers, and/or characters that only the user should have knowledge of. Logging in with a user name and password. Passwords are by far the most common type of authentication today. Yet despite their widespread use, passwords provide only weak protection. The weakness of passwords is due to human memory: you can memorize only a limited number of items. Passwords place heavy loads on human memory in multiple ways: The most effective passwords are long and complex. However, these are difficult to memorize and then accurately recall when needed. Users must remember multiple passwords for many different accounts. You have accounts for different computers and mobile devices at work, school, and home; multiple email accounts; online banking; Internet site accounts; and so on. For the highest level of security, each account password should be unique, which further strains your memory. Many security policies require that passwords expire after a set period of time, such as every 45‒60 days, when a new one must be created. Some security policies even prevent a previously used password from being used again, forcing you to repeatedly memorize new passwords over and over. Because of the burdens that passwords place on human memory, most users take shortcuts to help them memorize and recall their passwords. One shortcut is to create and use a weak password. Weak passwords use a common word as a password (princess), a short password (football), a predictable sequence of characters (abc123), or personal information (Braden) in a password. Several recent attacks have stolen hundreds of millions of passwords, which are then posted on the Internet. Attackers can easily break weak passwords using sophisticated hardware and software tools. They often focus on breaking your passwords because, like the key to a door, once the password is compromised it opens all the contents of your computer or account to the attacker. It is important that you create and manage secure, strong passwords. A strong password is a longer combination of letters, numbers, and/or symbols that unlocks access to protected electronic data. A longer password is always more secure than a shorter password, regardless of complexity. In other words, Long is strong. This is because the longer a password is, the more attempts an attacker must make to break it. Most security experts recommend that a secure password should be a minimum of 15-20 characters in length. The number of possible passwords for different password lengths using a standard 95-key keyboard along with the average attempts needed to break a password. Obviously, a longer password takes significantly more time to attempt to break than a short password. In addition to having long passwords there are other general recommendations regarding creating passwords: Do not use passwords that consist of dictionary words or phonetic words. Do not repeat characters (xxx) or use sequences (abc, 123, qwerty). Do not use birthdays, family member names, pet names, addresses, or any personal information. Now, you are wondering, how can I possibly apply all these recommendations and memorize long, complex, and unique passwords for all my accounts? Instead of relying on human memory for passwords, security experts universally recommend that you use a password manager, a program installed on your computer or mobile device. With a password manager, you can create and store multiple strong passwords in single user "vault" file that is protected by one strong master password. You can then retrieve individual passwords as needed from the vault file, thus freeing you from the need to memorize multiple passwords. The value of using a password manager is that unique strong passwords such as WUuAôxB$2aWøBnd&Tf7MfEtm can be easily created and used for any of your accounts.

Malware

Malicious software, such as viruses and spyware, that can delete or corrupt files and gather personal information.

Number of Possible Passwords

Password Length 2 Number of possible passwords 9025 Average attempts to break password 4513 3 857,375 428,688 4 81,450,625 40,725,313 5 7,737,809,375 3,868,904,688 6 735,091,890,625 367,545,945,313

You can monitor and protect your financial data in all of the following ways EXCEPT _____.

Storing financial information in an unsent email message.

What is it called when an attacker convinces you to enter personal information at an imposter website after receiving an email from a person masquerading as an employee from your bank?

phishing

What type of security requires something you know and something you have that no one else has?

two factor authentication

Encryption

A security method of "scrambling" information as it is transmitted over a network. Information is scrambled in such a way that it cannot be read unless the user possesses the "key" to unlock it back to a readable format.

Risks to Computer Security and Safety

A risk is the possibility something might occur that results in an injury or a loss. You often hear warnings about risks, such as a thunderstorm approaching or that a floor is wet. You probably take some type of action to protect yourself when you become aware of risks, such as going indoors to avoid the storm or walking carefully so that you do not slip and fall. Although we do not often think about it, using our computers can also introduce risks. And as with a storm or wet floor you should take precautions with these computer risks. Today, one of the more dangerous risks of using a computer is that someone will steal our important information. Although the technical term for these thieves is threat actor, a more general and common term used to describe individuals who launch attacks against other users and their computers is simply attackers. These attackers may work individually, but more often they belong to organized gangs of young attackers who meet in hidden online "dark web" forums to trade information, buy and sell stolen data and attacker tools, and even coordinate their attacks. Who are these attackers? Script kiddies are individuals who want to attack computers, but lack the knowledge of computers and networks needed to do so. Script kiddies instead do their work by downloading freely available automated attack software (scripts) from websites and using it to perform malicious acts. Hactivists are attackers who are strongly motivated by principles or beliefs. Attacks by hactivists can involve breaking into a website and changing the contents on the site as a means of making a political statement. Cyberterrorists attack a nation's computer networks, like the electrical power grid, to cause disruption and panic among citizens. Instead of using an army to strike at an adversary, governments are now employing state-sponsored attackers to launch computer attacks against their enemies through nation state actors. Another serious security threat to companies can come from its own employees, contractors, and business partners, called insiders. For example, a healthcare worker upset about being passed over for a promotion might illegally gather health records on celebrities and sell them to the media, or a securities trader who loses billions of dollars on bad stock bets could use her knowledge of the bank's computer security system to conceal the losses through fake transactions. Once, the reason for launching computer attacks was for the attackers to show off their technology skills (fame). Today that is no longer the case. Attackers are more focused on financial gain: to steal personal information so that they can generate income (fortune). These attackers try to steal and then use your credit card numbers, online financial account information, or Social Security numbers. With this information they can pretend to be you and buy expensive items online while charging them to your credit card, or break into your bank account to transfer your money to another account.

Script kiddies

An individual who wants to attack computers, but lacks the knowledge of computers and networks needed to do so. Script kiddies download freely available automated attack software (scripts) from websites and use it to perform malicious acts.

nation state actors

Government-sponsored attacker that launches computer attacks against their enemies.

Attacks Using Social Engineering

Social engineering is a category of attacks that attempts to trick the victim into giving valuable information to the attacker. At its core, social engineering relies on an attacker's clever manipulation of human nature in order to persuade the victim to provide information or take actions. Several basic principles of psychology make social engineering highly effective. One of the most common forms of social engineering is phishing. Phishing is sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into giving private information. Users are asked to respond to an email or are directed to a website where they are requested to update personal information such as passwords, credit card numbers, Social Security numbers, bank account numbers, or other information. However, the email or website is actually an imposter and is set up to steal what information the user enters. A few years ago phishing messages were easy to spot with misspelled words and obvious counterfeit images, but that is no longer the case. In fact, one of the reasons that phishing is so successful today is that the emails and the fake websites are difficult to distinguish from those that are legitimate: logos, color schemes, and wording seem to be almost identical. Attackers can use hoaxes as a first step in an attack. A hoax is a false warning, often contained in an email message that pretends to come from a valid source like the company's IT department. The hoax says that there is a "deadly virus" circulating through the Internet and that you should erase specific files or change security configurations, and then forward the message to other users. However, changing configurations allows an attacker to break into your computer. Or, erasing files may make the computer unstable, prompting you to call the telephone number in the hoax email message for help, which is actually the phone number of the attacker. Spam is unwanted email messages sent from an unknown sender to many email accounts, usually advertising a product or service such as low-cost medication, low-interest loans, or free credit reports. Spam continues to flood the email inboxes of Internet users. About 14.5 billion spam emails are sent daily, and if there is only one response for every 12.5 million emails sent, spammers still earn about $3.5 million over the course of one year. Beyond being annoying and interfering with work productivity as users spend time reading and deleting spam messages, spam can be a security vulnerability. This is because spam can be used to distribute malware. Spam sent with attachments that contain malware is one of the most common means by which attackers distribute their malware. If you open a malicious attachment sent through a spam email. your computer is immediately infected.

What is a digital certificate?

Technology used to verify a user's identity

Cyberstalking

The use of technology to stalk another person through email, text messages, phone calls, and other forms of communication.

Technology can lead to all of the following behavioral risks EXCEPT _____.

higher satisfaction with life

Which of the following is a characteristic of a strong password?

letters, numbers, and symbols

worm

A collection of harmful computer code that spreads throughout a computer and/or network without requiring user interaction.

uninterruptible power supply (UPS)

A device that maintains power to computer equipment in case of an interruption in the primary electrical source.

surge protector

A device that protects computer equipment by absorbing electrical spikes, surges, or noise before they can reach the equipment.

hoax

A false warning, often contained in an email message that pretends to come from a valid source like the company's IT department. Attackers use this method to break into computers.

password

A string of uppercase and lowercase letters, numbers, and symbols that when entered correctly, allow you to open a password-protected database or to obtain access to a Window user's account.

Cyberbullying

Bullying that takes place on technology devices like cell phones, computers, and tablets using online social media platforms, public online forums, gaming sites, text messaging, or email. Cyberbullying includes sending, posting, or sharing negative, harmful, mean-spirited, and usually false content about another person.

How Personal Information Is Stolen

Dumpster diving Discarded credit card statements, charge receipts, and bank statements can be retrieved after being discarded in the trash for personal information. Phishing Attackers convince victims to enter their personal information at an imposter website after receiving a fictitious email from a bank. Change of address form Using a standard change-of-address form the attackers divert all mail to their post office box so that the victim never sees any charges made. Pretexting An attacker who pretends to be from a legitimate research firm asks for personal information. Stealing Stolen wallets and purses contain personal information that can be used in identity theft.

Percentage of Smartphone Usage During Select Activities

Shopping 92% Spending leisure time 90% Watching television 89% Talking to family or friends 85% Eating in a restaurant 81% Eating at home 78% Driving 59% During a business meeting 54% Walking across a road 44%

decryption

The process of unlocking encrypted information back into a readable format.

insiders

The security threat to a company that comes from its own employees, contractors, and business partners.

Privacy

The state or condition of being free from public attention to the degree that you determine.

wireless routers

This central connection device needed for a home-based Wi-Fi network. The wireless router acts as the "base station" for the wireless devices, sending and receiving wireless signals between all devices as well as providing the "gateway" to the external Internet.

Spam

Unwanted email messages sent from an unknown sender to many email accounts, usually advertising a product or service such as low-cost medication, low-interest loans, or free credit reports; also called junk mail or junk email.

How can you protect a computer from electrical spikes and surges?

Use a surge protector.

Identity theft

Using someone's personal information, such as their name, Social Security number, or credit card number, to commit financial fraud.

There are various risks from attacks on Wi-Fi networks. These include all of the following EXCEPT _____.

creating malware

You can configure your wireless router to protect your devices in all of the following ways EXCEPT ____.

naming your router something you'll remember, like your street address

With more and more people using technology, what physical health diagnosis is on the rise?

repetitive strain injury

cookie

A file created by a website and that stores information on your computer, such as your website preferences; also called a first-party cookie.

Ransomware

A type of malware that prevents a user's device from properly and fully functioning until a fee is paid. The ransomware embeds itself onto the computer in such a way that it cannot be bypassed, even by rebooting.

Configuration Settings for Wi-Fi Wireless Routers

Access password This requires a password to access the configuration settings of the device. Create a strong password so that attackers cannot access the wireless router and turn off the security settings. Remote management Remote management allows the configuration settings to be changed from anywhere through an Internet connection. Turn off remote management so that someone outside cannot access the configuration settings. Service Set Identifier (SSID) The SSID is the "name" of the local wireless network. Change this from the default setting to a value that does not reveal the identity of the owner or the location of the network (such as MyWireNet599342). Wi-Fi Protected Access 2 (WPA2) Personal WPA2 encrypts the wireless data transmissions and also limits who can access the Wi-Fi network. Turn on WPA2 and set a strong preshared key (PSK), which must also be entered once on each mobile device. Wi-Fi Protected Setup (WPS) WPS simplifies setting up the security on a wireless router. Turn off WPS due to its security vulnerabilities. Guest access Guest access allows temporary users to access the wireless network without any additional configuration settings. Turn on Guest Access when needed and turn it back off when the approved guests leave. Disable SSID broadcasts This prevents the wireless router from "advertising" the wireless network to anyone in the area. Leave SSID broadcasts on; turning them off only provides a very weak degree of security and may suggest to an attacker that your network has valuable information.

repetitive strain injury (RSI)

Aches and pains associated with repeated and long-term usage of the devices.

Security Features for Recovery of a Stolen Device

Alarm The device can generate an alarm even if it is on mute. Last known location If the battery is charged to less than a specific percentage, the device's last known location can be indicated on an online map. Locate The current location of the device can be pinpointed on a map through the device's GPS. Remote lockout The mobile device can be remotely locked and a custom message sent that is displayed on the login screen. Thief picture A thief who enters an incorrect passcode three times will have his or her picture taken through the device's on-board camera and emailed to the owner.

Protecting Computers from Electrical Problems

Although the electrical power that comes into your home, school, or place of work is generally constant in its "force" (voltage), there may be occasional increases or decreases that can impact sensitive electrical devices, particularly computers. A surge protector can defend computer equipment from spikes, surges, and noise. A surge protector lies between the computer and the electrical outlet, and absorbs any electrical change so that it does not reach the computer equipment. While surge protectors can protect from a momentary change they cannot provide power in the event of a blackout or brownout. In this case an uninterruptible power supply (UPS) can be used. Like a surge protector, a UPS is positioned between the computer and electrical outlet; however, it contains a battery that maintains power to the equipment for a short time in case of an interruption in the primary electrical power source.

Cyberterrorists

An individual who attacks a nation's computer networks, like the electrical power grid, to cause disruption and panic among citizens.

Common Cybersecurity Attacks

Attackers have a wide array of tools that they use to attack computers and networks. These tools generally fall into two categories. The first category is malicious software programs that are created by attackers to infiltrate the victims' computers without their knowledge. Once onboard, this software can intercept data, steal information, launch other attacks, or even damage the computer so that it no longer properly functions. The other category may be overlooked but is equally serious: tricking users into performing a compromising action or providing sensitive information. These attacks take advantage of user confusion about good security practices and deceive them into opening the door for the attacks. Defeating security through a person instead of technology is a low-cost but highly effective approach for the attackers.

Discuss Measures to Prevent Identity Theft and Protect Financial Information

Attackers target your personal information because with your information, they can steal your hard-earned money or ruin your ability to receive a loan. In many ways the theft and manipulation of your personal information for financial fraud is one of the most harmful types of attacks. There are several ways that you can and should prevent your information from falling into the hands of attackers. It is especially important to protect your financial data.

Social Engineering Principles

Authority Directed by someone impersonating authority figure or falsely citing their authority "I'm the CEO calling." Intimidation To frighten and coerce by threat "If you don't reset my password, I will call your supervisor." Consensus Influenced by what others do "I called last week and your colleague reset my password." Scarcity Something is in short supply "I can't waste time here." Urgency Immediate action needed "My meeting with the board starts in 5 minutes." Familiarity Victim well-known and well-received "I remember reading a good evaluation on you." Trust Confidence "You know who I am."

Siobhan has recently opened a Facebook account and as a new user, is posting frequently and accepting many friend requests. You see a post about an upcoming trip and notice that her profile is open to the public. What can you tell Siobhan to help her use social networking safely?

Be cautious about what information she posts.

How can you protect personal information gathered by legitimate organizations?

Create a separate email account for receiving information from websites.

Use Protective Measures to Safeguard Computers and Data

Cybersecurity attacks are relentless. Over 11.2 billion data records have been breached since 2005. It is estimated that malicious cyber activity cost the U.S. economy up to $109 billion annually. And the numbers go on and on. Because attacks are nonstop it is very important that you use protective measures to safeguard your computers and make your data secure from the attackers. You may be thinking, "All this security stuff is too technical for me to do." However, that's not entirely true. Although some measures to ward off malware are technical, most are just practical common sense to prevent social engineering attacks. That's because social engineering attacks are the focus of attackers: over 93 percent of data breaches start by a phishing attack, and 22 percent of employees have clicked at least one phishing link in the last year. If users can resist phishing attacks—even just a little—it can significantly reduce the number of overall successful attacks and start to make a real dent in cybercrime. Using protective measures to safeguard your computers and data has never been more important than it is today.

Your Facebook profile is private so there is no need to worry about your boss ever seeing your posts such as your Spring Break pictures.

False

Protect Financial Information

Financial information is frequently stolen by online attackers. Avoiding this theft involves two basic steps. The first step is to deter thieves by safeguarding information. This includes: Shred financial documents and paperwork that contains personal information before discarding it. Do not carry a Social Security number in a wallet or write it on a check. Do not provide personal information either over the phone or through an email message. Keep personal information in a secure location in a home or apartment. The second step is to monitor financial statements and accounts by doing the following: Be alert to signs that may indicate unusual activity in an account, such as a bill that did not arrive at the normal time or a large increase in unsolicited credit cards or account statements. Follow up on calls regarding purchases that were not made. Review financial and billing statements each month carefully as soon as they arrive. There are laws to help U.S. users monitor and protect their financial information that is stored by a credit reporting agency. You can request one free credit report annually to review your credit history and determine if an attacker has secretly taken out a credit card or even a large loan in your name. You can also have a credit "freeze" (as well as a "thaw") put on your credit information so that it cannot be accessed without your explicit permission. These are also free. It is a good idea to monitor your credit information regularly.

Securing Personal Information

For most computer users the greatest risk comes from attackers who want to steal their information for their own financial gain. The risks you face online when using the Internet or email include: Online banking. Attackers try to steal your password to access your online bank account and transfer your money overseas. E-commerce shopping. When you enter your credit card number to make an online purchase an attacker can try to intercept your card number as it is transmitted over the network. Fake websites. Attackers can set up an "imposter" website that looks just like the site where you pay your monthly credit card bill. This fake website tricks you into entering your username and password, and that information then falls into the hands of the attackers. Because the fake website looks very similar to the real website, it can be hard to identify these unsafe websites. Social media sites. Attackers can ask to be a "friend" on your social media site by pretending to be someone you met or went to school with. Once you accept this new friend the attacker may be able to see personal information about you, such as your pet's name or your favorite vacation spot. This information could be used to reset your password on another website that requires the answer to the security question What is the name of your pet? Also, smartphone apps that are linked to social media sites have been known to gather user information without proper notification. Gathering your personal information is not something that is done only by attackers. Many organizations collect and store your personal information for legitimate means. This information should be accessible only to those who are authorized to use it. But some organizations might secretly share your confidential information without your consent. The total amount of data collected on individuals can be staggering. Many organizations use data mining, which is the process of sorting through extremely large sets of data to uncover patterns and establish relationships. Most data mining tools even allow organizations to predict future trends. Some tips for protecting your personal information that is gathered by legitimate organizations include: Give only necessary information when completing an online form or a warranty or rebate card. Review the information that online sites such as Google, Facebook, Microsoft, and others have stored about you. Request to be removed from mailing lists. Create another email account to use when a merchant or website requires an address. Do not use your social media account login information to log in to another site (when that option is available).

Risks to Physical Health

How frequently do you use your smartphone? It's probably more often than you think. Although it varies by age, according to some estimates younger users check their smartphone 86 times each day. And most of the time users are on their smartphones they are doing something else as well. Although we might not use a personal computer with the same frequency or in the same way as we do a smartphone, nevertheless the amount of time spent on a computer for most people is measured in the thousands—or even tens of thousands—of hours per year. And any activity at which you spend that much time is very likely to put a strain on your physical body. Many users of technology devices report aches and pains associated with repeated and long-term usage of the devices, known as repetitive strain injury (RSI). RSI impacts your muscles, nerves, tendons, and ligaments. RSI most often affects the upper parts of the body, including: Elbows Forearms Hands Neck Shoulders Wrists There are a variety of symptoms for RSI: Aching Cramp Numbness Pain Stiffness Tenderness Throbbing Tingling Weakness Most computer users suffer from RSI that is brought about through using an improper technique for sitting at a computer. Incorrect posture while working on a computer: the user is not sitting up straight in the chair, he is too close to the computer screen, and glare from the window behind him is reflecting off the screen. Being too close to a screen or looking at screens without regular breaks can cause eyestrain. To prevent RSI your workplace should be arranged correctly. Ergonomics is an applied science that specifies the design and arrangement of items that you use so that you and the items interact efficiently and safely. The correct ergonomic posture and techniques for working on a computer. These include: Arms. The arms are parallel to the floor at approximately a 90-degree angle. Eyes. The distance to the screen is 18-28 inches from the eyes, and the viewing angle is downward at about 20 degrees to the center of the screen. Feet. The feet are flat on the floor. Use a proper chair with adjustable height and multiple legs for stability.

Prevent Identity Theft

Identity theft involves using someone's personal information, such as their name, Social Security number, or credit card number, to commit financial fraud. Using this information to obtain a credit card, set up a cellular telephone account, or even rent an apartment, thieves can make excessive charges in the victim's name. The victim is charged for the purchases and suffers a damaged credit history that can lead to being denied loans for school, cars, and homes. The following are some of the actions that can be undertaken by identity thieves: Produce counterfeit checks or debit cards and then remove all money from the bank account. Establish phone or wireless service in the victim's name. File for bankruptcy under the person's name to avoid eviction. Go on spending sprees using fraudulently obtained credit and debit card account numbers. Open a bank account in the person's name and write bad checks on that account. Open a new credit card account, using the name, date of birth, and Social Security number of the victim. When the thief does not pay the bills, the delinquent account is reported on the victim's credit report. Obtain loans for expensive items such as cars and motorcycles. One of the growing areas of identity theft involves identity thieves filing fictitious income tax returns with the U.S. Internal Revenue Service (IRS). Identity thieves steal a filer's Social Security number then file a fake income tax return claiming a large refund—often larger than the victim is entitled to—that is sent to the attacker. Because the IRS has been sending refunds more quickly than in the past, thieves can receive the refund and disappear before the victim files a legitimate return and the fraud is detected. According to the IRS, it delivered over $5.8 billion in refund checks to identity thieves who filed fraudulent tax returns in one year, even though it stopped about 3 million fraudulent returns for that year.

Explain the Benefits of Encryption

If you were the only one who had your information, it would be a much easier job to keep it safe. However, our personal information is transmitted and stored on remote servers many times each day. Think about the last time you made an online purchase: your credit card number was transmitted from you to the online retailer to your credit card provider to your bank to your smartphone—and that's just part of the journey. Yet despite the risks to our data there is a technology that we can use to significantly strengthen the security of our information, whether it is sitting on our computer or being transmitted around the world. Imagine that an attorney had a set of documents that needed to be kept safe. The attorney could hire guards and add outside lighting to deter a thief. But what if the thief were still able to avoid these protections and break into the attorney's office? Now suppose that the attorney had also placed the documents in a safe that required a key to open it. This extra level of protection would thwart even the most sophisticated thief because it would require a very specialized set of skills to even attempt to open a locked safe. This is the idea behind encryption. Encryption is the process of "scrambling" information in such a way that it cannot be read unless the user possesses the "key" to unlock it back to a readable format (decryption). This provides an extra level of protection: if an attacker were somehow able to get to the information on your computer, she still could not read the scrambled (encrypted) information because she would not have the key to unlock it. And encryption can be applied to data on your hard drive (data-at-rest) just as it can be used to protect data being transmitted across the Internet (data-in-transit). A company employee traveling to another country carrying a laptop that contains sensitive company information would encrypt that data to protect it in case the laptop was lost or stolen. The employee also would encrypt a signed contract to send over the Internet back to the home office so that nobody else could intercept and read the contract. It is essential that the key for encryption/decryption be kept secure. If someone were able to access your key they could then read any encrypted documents sent to you. They could also impersonate you by encrypting a false document with your key and sending it in your name. The receiver of the document would assume that you were the sender since they were able to decrypt the document using your key. A digital certificate is a technology used to verify a user's identity and key that has been "signed" by a trusted third party. This third party verifies the owner and that the key belongs to that owner. Digital certificates make it possible to verify the identity of a user and the user's key to prevent an attack from someone impersonating the user.

virus

In Computer Concepts, malicious computer code that reproduces itself on the same computer. Almost all viruses "infect" by inserting themselves into a computer file. When the file is opened, the virus is activated.

Authenticating with Biometrics

In addition to using passwords for authentication based on what you know, another category rests on the features and characteristics of you as an individual. This type of authentication, something you are, is called biometric security. Biometric security uses the unique characteristics of your face, hands, or eyes to authenticate you. Some of the different types of biometrics that are used today for authentication include: Retina. The retina is a layer at the back of the eye. Each person's retina is unique, even if you have an identical twin. A retinal scanner maps the unique patterns of a retina as you look into the scanner's eyepiece. Fingerprint. Your fingerprint consists of a unique pattern of ridges and valleys. A static fingerprint scanner requires you to place your entire thumb or finger on a small oval window on the scanner, which takes an optical "picture" of the fingerprint and compares it with the fingerprint image on file. Another type of scanner is a dynamic fingerprint that requires you to move your finger across a small slit or opening. Voice. Voice recognition, using a standard computer microphone, can be used to authenticate users based on the unique characteristics of a person's voice. Face. A biometric authentication that is becoming increasingly popular on smartphones is facial recognition. Every person's face has several distinguishable "landmarks" called nodal points. Using a standard computer webcam, facial recognition software can measure the nodal points and create a numerical code (faceprint) that represents the face. Iris. Your iris is a thin, circular structure in the eye. An iris scanner, which can use a standard computer webcam, uses the unique characteristics of the iris for identification.

Risks to Behavioral Health

Just as there are hazards to physical health from using digital devices, there also are behavioral health hazards. These hazards are sometimes more difficult to observe but are every bit as serious as RSI and other physical hazards. One behavioral hazard is technology addiction. This occurs when a user is obsessed with using a technology device and cannot walk away from it without feeling extreme anxiety. Because near-constant use of technology has become the norm, whether it is a toddler playing a game on a tablet, a teenager locked away in her room tied to her laptop, or an adult buried in his phone at a party, technology addiction can be difficult to identify in a friend or companion, much less in yourself. In addition to technology addiction, there are other behavioral risks associated with using technology, including: Sedentary lifestyle. Too much time spent using a technology device often results in too little time for physical activity and can contribute to an overall sedentary lifestyle. Psychological development. Excessive use of technology has been associated with several psychological mental health concerns such as poor self-confidence, anxiety, depression, lower emotional stability, and even lower life satisfaction. Social interaction. Users who spend excessive amounts of time using technology often resist face-to-face interaction with others, and this may hinder social skill development or even cause social withdrawal.

How does discarding computers in a landfill affect the environment?

Lead and mercury in computer parts are seeping into the ground and water supply.

Protect Yourself While Online

Like most users, you probably spend most of your time online when you are on your computer or smartphone. Because we spend so much time online, it is good to consider ways you can protect yourself while online. This also includes protecting your online profile while using social media.

Attacks Using Malware

Malware is malicious software that can delete or corrupt files and gather personal information. Malware refers to a wide variety of software programs that attackers use to enter a computer system without the user's knowledge or consent and then perform an unwanted and harmful action. A computer virus is malicious computer code that, like its biological counterpart, reproduces itself on the same computer. Almost all viruses "infect" by inserting themselves into a computer file. When the file is opened, the virus is activated. Another type of malware that attempts to spread is a worm. A worm is a malicious program that uses a computer network to replicate (worms are sometimes called network viruses). A worm enters a computer through the network and then takes advantage of a vulnerability on the host computer. Once the worm has exploited that vulnerability on one system, it immediately searches for another computer on the network that has the same vulnerability. According to ancient legend, the Greeks won the Trojan War by hiding soldiers in a large hollow wooden horse that was presented as a gift to the city of Troy. Once the horse was wheeled into the fortified city, the soldiers crept out of the horse during the night and attacked. A computer Trojan is malware that hides inside another program, often one downloaded from the web. It "masquerades" as performing a safe activity but also does something malicious. For example, a user might download what is advertised as a calendar program, yet when it is installed, in addition to installing the calendar it also installs malware that scans the system for credit card numbers and passwords, connects through the network to a remote system, and then transmits that information to the attacker. One of the fastest-growing types of malware is ransomware. Ransomware prevents a user's device from properly and fully functioning until a fee is paid. The ransomware embeds itself onto the computer in such a way that it cannot be bypassed, even by rebooting. Early ransomware, called blocker ransomware, prevented the user from accessing the computer's resources and displayed a special screen pretending to be from a reputable third-party, such as law enforcement. The screen provided a "valid" reason for blocking the user's computer such as performing some illegal action, along with instructions for lifting the block. Today, ransomware has evolved so that instead of just blocking the user from accessing the computer, it encrypts all the files on the device so that none of them can be opened. A screen appears telling the victim that his or her files are now encrypted, and a fee must be paid to receive a key to unlock them. In addition, attackers increase the urgency for payment: the cost for the key to unlock the crypto-malware increases every few hours, or a number of the encrypted user files are deleted every few hours, with the number continually increasing. If the ransom is not paid promptly (often within 36 to 96 hours) the key can never be retrieved On a computer network each computer has a unique address so that data destined for that computer can be delivered to the correct device. Some attacks will change that address so that the data is instead sent to the attacker's computer, where the attacker can then read the victim's credit card number or password. An attack that changes the device's address is called address spoofing.

Trojan

Malware that hides inside another program, often one downloaded from the web.

Perform Data Backups

One of the most important steps to protecting computer equipment is frequently overlooked: to create data backups on a regular basis. Creating a data backup means copying files from a computer's hard drive that are then stored in a remote location. Data backups can protect against hardware malfunctions, user error, software corruption, and natural disasters. They can also protect against cyberattacks because they can restore infected computers to their properly functioning state. Online backup services like Carbonite, iDrive, Acronis, or BackBlaze use special software on the computer to monitor what files have changed or have been created; these are then automatically uploaded to a cloud server. Because these backups are performed automatically and stored at a remote location these online backup services provide the highest degree of protection to most users. However, there are sometimes situations when an online backup service may not be the right choice, such as when only a slow Internet connection is available. In that case you can perform your own backup from the hard drive to another medium and then store that medium in a remote location. Modern operating systems can perform these backups, and third-party software is also available, such as Aoemi Backupper, Acronis True Image, and EaseUS ToDo Backup.

Protect Your Privacy

Privacy is defined as the state or condition of being free from public attention to the degree that you determine. That is, privacy is freedom from attention, observation, or interference, based on your decision. Privacy is the right to be left alone to the level that you choose. Prior to the current age of technology many individuals generally were able to choose the level of privacy that they desired. Those who wanted to have very open and public lives in which anyone and everyone knew everything about them were able to freely provide that information to others. Those who wanted to live a very quiet or even unknown life could limit what information was disseminated. However, today that is no longer possible. Data is collected on almost all actions and transactions that individuals perform. This includes data collected through web surfing, purchases (online and in stores), user surveys and questionnaires, and a wide array of other sources. It also is collected on benign activities such as the choice of movies streamed through the Internet, the location signals emitted by a cell phone, and even the path of walking as recorded by a surveillance camera. This data is then aggregated by data brokers. Data brokers hold thousands of pieces of information on hundreds of millions of consumers worldwide. These brokers then sell the data to interested third parties such as marketers or even governments. To protect important information, consider the following privacy best practices: Shred financial documents and paperwork that contains personal information before discarding it. Do not carry a Social Security number in a wallet or write it on a check. Do not provide personal information either over the phone or through an email message. Keep personal information in a secure location in a home or apartment. Be cautious about what information is posted on social-networking sites and who can view your information. Show "limited friends" a reduced version of a profile, such as casual acquaintances or business associates. Keep only the last three months of the most recent financial statements and then shred older documents instead of tossing them in the trash or a recycling bin. For paper documents that must be retained, use a scanner to create a PDF of the document and then add a strong password to the PDF file that must be entered before it can be read. Give cautious consideration before giving permission to a website or app request to collect data. Use common sense. Websites that request more personal information than would normally be expected, such as a user name and password to another account, should be avoided.

Steps to Protect Computer Equipment

Protecting a computer from a cyberattack is important. But all that effort is useless if the computer has been damaged by dropping it, by a lightning strike, if the hard drive has failed, or the computer itself is stolen. This means that an overall protection scheme involves the necessary steps to protect the computer equipment.

Harmful Features of Cyberbullying

Seems to never end A child may be bullied at school but once the child goes home the bullying ceases. Because cyberbullying comments posted online are visible all the time, to the victim the bullying never ends. Everyone knows about it Mean-spirited words spoken to a victim may only be heard by those who are nearby. A cyberbully can post comments online that can be read by everyone. May follow for a lifetime Bullying usually stops when the person or victim leave. Posted cyberbullying comments may remain visible online for years and even follow the victim through life, impacting college admissions and employment.

Protecting Your Online Profile

Social-networking sites contain a treasure trove of information for attackers. An attacker might view your Facebook page to find answers to security questions that are used for resetting passwords (such as, What is your mother's maiden name?). With so much valuable information available, social-networking sites should be at the forefront of security today; sadly, that is not always the case. Social-networking sites have a history of providing lax security, of not giving users a clear understanding of how security features work, and of changing security options with little or no warning. Several general defenses can be used for any social-networking site. First and foremost, you should be cautious about what information you post. Posting I'm going to Florida on Friday for two weeks could be a tempting invitation for a burglar. Other information posted could later prove embarrassing. Asking yourself questions such as Would my boss approve? Or What would my mother think of this? before posting may provide an incentive to rethink the material before posting. Second, be cautious regarding who can view your information. Certain types of information could prove to be embarrassing if read by certain parties, such as a prospective employer. Other information should be kept confidential. You should consider carefully who is accepted as a friend on a social network. Once a person has been accepted as a friend, that person will be able to access any personal information or photographs. Instead, it may be preferable to show "limited friends" a reduced version of a profile, such as casual acquaintances or business associates. Finally, because security settings in social-networking sites are often updated frequently by the site with little warning, pay close attention to information about new or updated security settings. New settings often provide a much higher level of security by allowing you to fine-tune your account profile options.

Protect Computers from Theft

The primary advantage of a mobile device like a laptop computer, tablet, or smartphone is that it can be easily transported from one location to another. However, this mobility is also one of its greatest weaknesses: a thief can easily grab an unattended device. This means that you should always be aware of the risk of theft with your mobile devices. To prevent laptops from being stolen you can use a cable lock. Most portable devices (as well as many expensive computer monitors) have a special security slot built into the case. A cable lock can be inserted into the security slot and rotated so that the cable lock is secured to the device. The cable can then be connected to an immovable object. To reduce the risk of theft or loss: Keep mobile devices out of sight when traveling in a high-risk area. Avoid becoming distracted by what is on the device so that you can maintain an awareness of your surroundings. When holding a device, use both hands to make it more difficult for a thief to snatch. Do not use the device on escalators or near transit train doors. White or red headphone cords may indicate they are connected to an expensive device; consider changing the cord to a less conspicuous color. If a theft does occur, do not resist or chase the thief. Instead, take note of the suspect's description, including any identifying characteristics and clothing, and then call the authorities. Also contact the wireless carrier and change all passwords for accounts accessed on the device. If a mobile device is lost or stolen, several security features can be used to locate the device to recover it If a lost or stolen device cannot be recovered, it might be necessary to perform remote wiping, which erases the sensitive data stored on the mobile device. This ensures that even if a thief is able to access the device, no sensitive data will be compromised.

data mining

The process of sifting through big data to find the important questions that will yield fruitful results.

Risks to Social Health

The scientific study of how people's thoughts, feelings, and social behaviors are influenced by other people is called social psychology. While there are many positive factors that influence your social behavior and resulting social health, there are negative impacts that can cause serious harm to your social health. One negative impact that can result in serious emotional harm is cyberbullying. Bullying is one person using his or her strength or influence to intimidate someone else. Cyberbullying is bullying that takes place on technology devices like cell phones, computers, and tablets using online social media platforms, public online forums, gaming sites, text messaging, or email. Cyberbullying includes sending, posting, or sharing negative, harmful, mean-spirited, and usually false content about another person. It can even include sharing personal or private information to cause embarrassment or humiliation to that person before others. Cyberbullying is considered more harmful than general bullying for several reasons. Another social health risk is cyberstalking. In the animal kingdom stalking is often used to describe an animal hunting its prey. Among humans stalking is unwanted and obsessive attention or harassment directed towards another person. Cyberstalking involves the use of technology to stalk another person through email, text messages, phone calls, and other forms of communication. Cyberbullying and cyberstalking are serious intrusions into a person's life. If you suspect that someone you know may be a victim or if you are yourself, you should contact local law enforcement agencies.

Protect Mobile Devices

There are several types of attacks directed toward mobile devices. Several of the most common attacks are directed toward wireless networks that support these devices. Wi-Fi is a wireless data network technology that provides high-speed data connections for mobile devices. This type of network is technically known as a wireless local area network (WLAN). Devices such as tablets, laptop computers, smartphones, and wireless printers that are within range of a centrally located connection device can send and receive information using radio frequency (RF) transmissions at high speeds. This central connection device needed for a home-based Wi-Fi network combines several networking technologies. These are usually called wireless routers. The wireless router acts as the "base station" for the wireless devices, sending and receiving wireless signals between all devices as well as providing the "gateway" to the external Internet (it typically is connected to the user's modem that is in turn connected to an Internet connection). There are several risks from attacks on Wi-Fi networks, such as: Reading wireless transmissions. Usernames, passwords, credit card numbers, and other information sent over the Wi-Fi network could be easily seen by an attacker. Viewing or stealing computer data. An attacker who can connect to a home Wi-Fi network could access any folder that has file sharing enabled on any computer on the network. This essentially provides an attacker full access to view or steal sensitive data from all computers on the network. Injecting malware. Attackers could inject Trojans, viruses, and other malware onto the user's computer. Downloading harmful content. In several instances, attackers have accessed a home computer through an unprotected Wi-Fi network, downloaded child pornography to the computer, and then turned that computer into a file server to distribute the content. When authorities traced the files back to that computer, the unsuspecting owner was arrested and his equipment confiscated. When using a public Wi-Fi network in a coffee shop, airport, or school campus there are also security concerns. First, these networks are rarely protected (to allow easy access by users), so attackers can read any wireless transmissions sent to and from the user's device. In addition, an attacker may set up an evil twin, another computer designed to mimic an authorized Wi-Fi device. A user's mobile device may unknowingly connect to this evil twin instead of the authorized device so that attackers can receive the user's transmissions or directly send malware to the user's computer. When using any public Wi-Fi, be sure you are connecting to the approved wireless network. Also limit the type of activity you do on public networks to simple web surfing or watching online videos. Accessing online banking sites or sending confidential information that could be intercepted is not a good idea. Configuring your own Wi-Fi wireless router to provide the highest level of security is an important step.

Configuring Your Browser's Security

Today all web browsers support dynamic content that can change, such as animated images or customized information. This can be done through web browser additions called extensions, plug-ins, and add-ons. However, these web browser additions introduce a new means for attackers to exploit security weaknesses and gain access to the user's computer through the web browser. For example, an add-on might allow your computer to download a "script" or series of instructions that commands the browser to perform specific actions. An attacker could exploit a security weakness in the add-on to download and execute malware on the user's computer. Another weakness of a web browser is cookies. A cookie is a file created by a website that stores information on your computer, such as your website preferences or the contents of an electronic shopping cart. When you visit the website in the future, the web server can retrieve this stored information. Cookies can pose both security and privacy risks. Some can be stolen and used to impersonate you, while others can be used to track your browsing or buying habits. Although all web browsers are different, each can be configured for stronger security through different settings. Some of the important security settings include: Cookies. You can accept or deny cookies. Also, you can specify that cookies be deleted once the browser is closed. In addition, exceptions can be made for specific websites, and all existing cookies can be viewed and selectively removed. Scripting. Sites can be allowed to run scripting languages or blocked from running them, and exceptions can be made for specific websites. Plug-ins. You can block all plug-ins or selective plug-ins. Another option prompts the user when a plug-in requests to run. Pop-ups. You can also block all pop-up messages, permit all pop-ups, or selectively choose which sites to run pop-ups. Clear browsing data. All accumulated history of web browsing can be cleared from the computer's hard drive. Plug-in validation. A plug-in validation will examine the plug-ins that are being used and alert the user to any out-of-date or known vulnerable plug-ins.

Computer Safety and Health Risks

Warning: Using This Device Could Be Hazardous to Your Safety and Health is a warning label you would never see on a computer. But that doesn't mean that using a computer is entirely safe. There are hazards to using a computer that you might not even be aware of. The first type of hazard relates to the threat to your data and programs (apps), and comes from attackers who want to steal your information. Hazards to our environment come from the toxic electronic components of computers and other digital devices that are exposed when the devices are discarded. Hazards to our physical bodies include eye strain from viewing the computer screen in poor light, poor posture when using devices, or muscle fatigue that comes from typing on a keyboard. The more you know about these hazards, the better you can protect your data, the environment, and your own health.

Environmental Risks

What happens to computers and other digital devices when they have reached the end of their lives and are no longer needed? Too often they are simply thrown away and end up in a landfill, resulting in large amounts of e-waste (electronic waste). According to the Environmental Protection Agency (EPA), Americans generate over 9.4 million tons of e-waste each year. Not only does this increase the need for more and larger landfill sites, but also discarded computer equipment can harm the environment. Not only does this increase the need for more and larger landfill sites, but also discarded computer equipment can harm the environment. Computer parts contain valuable materials such as gold, palladium, platinum, and copper. However, they also contain other metals that are toxic, such as lead and mercury. These toxic metals may eventually contaminate the ground and water supply, causing harm to the environment. An initiative called Sustainable Electronics Management (SEM) promotes the reduction of e-waste.

After Penny broke up with her boyfriend, he texted some teammates from the track team about some private and intimate moments he and Penny had shared while they were dating. He even lied about their breakup, creating rumors about her behavior. Penny started getting inappropriate looks and advances from the team whenever she was at practice and felt completely humiliated. Penny is a victim of ________.

cyberbullying

biometric security

A way to verify your identity based on physical characteristics.


Ensembles d'études connexes

MB105 Ch14 Understanding Financial Statements

View Set

*****TEST ONE: Cognition and Coping review questions*****

View Set

Life Insurance: Individual Life Insurance Contract - Provisions and Options

View Set