Security Measures

Using Antivirus/Spyware Programs

It is vital that you install antivirus and anti-spyware software and use it regularly to scan your computer for threats and viruses. It is important that virus detection software is updated regularly because new viruses are created every day. Use antivirus software to scan files that are downloaded from the Internet or received through email.

There are several versions of anti-spyware and virus protection software available. Anti-spyware software is designed to block and remove any threats and some versions are free for non-commercial customers (e.g. Defender software with Windows Vista). Antivirus software scans a computer system for existing viruses. The two most common packages are Norton Antivirus and McAfee VirusScan. These protection software programs will quarantine or delete any worm, virus or Trojan horse that it locates, before they can damage your computer. Most major antivirus software also includes anti-spyware in the package. Be aware that fake anti-spyware software exists. Be very careful about responding to pop-up ads that claim that spyware has been detected on your computer. Do not respond to requests to click a button or link to fix the problem, as this may result in spyware being downloaded on your computer!

Virus protection software can remove viruses and attempt to repair any damage – this procedure is called disinfecting. If the antivirus software detects a virus that it does not recognise, it will quarantine it.

You can then delete the infected file or request information from the antivirus software support team (access the antivirus website and look for details).

The best virus protection software is one that will check email before it has been processed by your computer.

You can set the software so that it scans your computer system on a regular basis at a certain time, or run it manually. The software can be installed as an icon on the desktop, as a menu command within the Start menu or as a button on the taskbar. Open the software and then choose which drives, folders and files to scan, and select the option to start scanning. The virus-scanning process will take place and the selected drives/files/folders will be scanned for any known viruses. If a virus is detected it will request what action should be taken. Virus protection software can also be set to run continuously to guard a

If you want to change your antivirus software and install a new program, you will need to uninstall the current antivirus software that exists on your computer before installing the new one. Problems can occur if you try to install two different antivirus programs.

Good practice… points to remember!

 Install antivirus and anti-spyware software.

 Regularly update antivirus software.

 Scan the system regularly for threats.

 Scan any removable storage device for viruses before opening files.

 Only download from Internet sites that you know and trust.

Updating Antivirus Software

Virus protection software can usually be updated by downloading the current virus list from the Internet.

It is important to continuously update your version of virus protection software because it will only find and disinfect known viruses.

There are several antivirus programs on the market, some free (such as AVG) or at varying prices (e.g.

Norton, McAfee). Software should be kept updated as new viruses are being created and discovered on a regular basis.

For best results you should set up automatic scanning of incoming and outgoing email and arrange for a full system weekly virus scan. A good antivirus program will identify threats and either delete them (this is called disinfecting) or quarantine them for later deletion.

Symptoms of a virus are:

 Unfamiliar messages appearing

 The computer working slowly

 Programs freezing

 The screen may look odd with parts of the screen obscured

 Eventually the computer may grind to a complete halt and the only solution may be to format your hard drive

Firewalls

A firewall blocks unauthorised access from a private network and prevents leakage of information through theft or hackers and malicious

information gaining access to your system through viruses, worms, etc. A firewall can also be installed to block an IP address (an IP address

identifies your computer).

Secure Websites and Encryption

Data, such as personal or financial details, that is transmitted via a network, particularly a wireless, public or unsecured network, is prone to security threats. With the ever-increasing threat of sensitive information being intercepted, such as during financial transactions over the Internet, it is vital to secure data. To ensure security, you can

the receiver. This is worked by using a key which is known only to the sender and receiver. Text that has been encrypted is called cipher text. There are many encryption data security software products on the market. Text files, email messages or any computerised data can be encrypted to protect the contents from intruders. Many offer data security consultations, which is important to every organisation in today's global marketplace. Text files, e-mail messages or any computerised data can be encrypted to protect the contents from intruders. Encryption only ensures security of data in transit – systems should also be protected using a Firewall to prevent leakage of information through theft or hackers and malicious information gaining access to your system through viruses, worms etc. A Firewall is a particularly important measure if you have an always-on connection (Broadband) to safeguard your computer against unauthorised access.

When purchasing goods over the Internet, you should ensure that the site offers protection and security before giving account details. Look for the padlock symbol on the address bar that denotes a secure server, or URLs that start with https. A reputable company that deals with customer financial transactions should encrypt (code) these details before allowing transmission over the Internet. Protected sites will request a username and password before access is allowed – most large online supermarkets use protected websites.

Authorisation

Sensitive and confidential information is at risk of unauthorised access if the correct security procedures are not followed. The best way to ensure security of data is to use a login and password to access a computer system. Types of information that can be at risk of unauthorised access are financial

information, personal details, health records and social security details.

Using default (existing passwords supplied by the product) passwords and settings on computers, networks or programs increases the risk of security threats. It is important to change default passwords to a password that cannot be easily guessed or cracked by a hacker.

A router/modem has a default password / network key which should be changed to prevent unauthorised access.

Logging On

It is important that you understand how to start and shut down an ICT system correctly. Computers which are part of a network, such as in a bank or in schools and colleges, have a login procedure which includes entering a username and password to access the system. Some logins only give access to specific parts of an ICT system. Gaining access to sensitive or confidential information may require a different login which is only available to certain personnel.

It is important to ensure that an ICT-based system is shut down correctly, ensuring that you have logged off any sites and that all programs and windows are closed. Exiting an ICT system correctly can help to prevent hardware damage.

It is vital that organisations use identification to verify authorisation or access to a computer system. A user ID, usually referred to as a username or login, and password are essential to ensuring the security of private and sensitive information. Most organisations need passwords to gain access to systems and to enable editing rights. A company or educational establishment that uses a network would require users to be allocated a login name (username) and password to be able to access the network drives and resources.

Access rights are the levels of access provided by user IDs – these must be monitored and controlled to ensure that only certain personnel have access to particular areas on the system. For instance, a network

Passwords/PINs

Most ICT systems require a password or PIN before access is granted. To prevent unauthorised access, you should use a password to log onto the system. A password should be strong, e.g. contain a random mix of letters and numbers that have no personal significance (e.g. does not include personal dates or names) and cannot be easily guessed. For example, do not use dates of birth or other significant dates, or mother's maiden name or pets' names. Not only does this make it easier for an

unauthorised user to enter your ICT system, but it also provides

them with your personal details which can be used in identity theft and fraud. Passwords should be changed regularly and never shared with anyone else. Most passwords are case sensitive which means that you can also mix upper- and lower-case letters (e.g. TkLMn).

An example of a strong password: TnJKL18$*@

A weak password is one that can be easily guessed or 'cracked' by a fraudster.

Examples of weak passwords are:

 Mother's maiden name

 Your date of birth

 Your birthplace

 Your name

 The word 'password'

 Using the top line on the keyboard (e.g. QWERTY or 123456)

Never divulge your password to anyone else and be careful not to leave written evidence of passwords for others to find. Don't be tempted to share your password with friends, relatives or colleagues or allow them to access your system with your password as your details could be passed on, perhaps mistakenly or carelessly, without your knowledge.

Be cautious about providing personal details via email and never provide your password over email in response to a request from an organisation, such as a bank or mobile phone provider – they will never request you to do this, so any such messages should be viewed with caution. To keep passwords secure, they should be changed regularly.

To change a computer password, you may need to go through the system administrator or change it yourself in Windows at the Command Prompt if you have administrator rights. You will be requested to confirm your old password and then requested to enter your new password (and then confirm it). The new password must be markedly different from the previous password before it will be accepted.

A PIN (personal identification number) is used to access debit and credit cards when using cash machines to withdraw money or view balances, or to make a card

purchase in a shop. The latter requires the customer to insert their card into a chip and PIN machine (or swipe card reader) and enter their four-digit PIN. The chip refers to the microchip on the card which is read by the machine and used to verify the card as authentic. Transactions by credit or debit card via the Internet, telephone or