3 Securing my digital information
What issues arise in doing everyday activities online? As we’ve already discussed, most of us rely on the internet for everyday tasks such as shopping, working, banking or social networking. We often do this without stopping to think about the security issues that might be involved.
Activity _unit2.3.1 Activity 4 Securing your information
Choose one of the following activities and think about the main security issues that might threaten your chosen activity.
- Online banking – for example, to check the balance in your account or make a payment.
- Online shopping – think particularly about buying something from a new store that you don’t recognise and haven’t shopped from before.
- Social networking – think about whether you would add someone as a ‘friend’ if you hadn’t met them in person.
- Working from home – consider the need to transfer documents that contain confidential information between members of your team.
The following case study provides an example for the fourth option above, working from home.
Case study _unit2.3.1 Case study: working from home
When working from home you may need to share a confidential file with a colleague in another location. You could email it to them, but this is not a secure method of transmitting information – email is easily intercepted en route to its destination and there is always the risk that you send it to the wrong person!
You could use an online cloud service such as Dropbox, Google Drive or Microsoft OneDrive to store the file, but you will have to make sure that your colleague can access the uploaded file. You might also be worried about the security of the cloud services against hackers.
You could put the file on a USB flash memory drive and post it to your colleague. But the drive could be lost, stolen or intercepted by an attacker who adds malware to the drive as a way of infecting your organisation’s computers.
Or, you could use encryption to lock the file against intruders. You could email the encrypted file safe in the knowledge that no one else could read the document. However, you would have to be sure that your colleague knows how to use encryption software so that they can decrypt the document when it arrives.
Questions to consider
Remember that earlier this week we classified security issues under three headings. We want our information to:
- be read by only the right people (confidentiality)
- only be changed by authorised people or processes (integrity)
- be available to read and use whenever we want (availability).