Why Protect Our Electronic Information?
Protection of electronic information is a security measure for preventing identity theft and unauthorized access to personal or business information. Stealing information can help individuals get knowledge about a company and use the information for self-gain. Stolen information that contains sensitive data is valuable to competitors and investors. The biggest motivation for protecting electronic information is to prevent the exposure of an individual or a business to harm that can arise when other people know personal and business secrets that can allow them to gain access to other personal or business resources.
The ability to collect, store, and analyze data continues to expand. As a result, it is possible to collect fragments of information from different sources and create a profile of an individual, which is useful for companies that sell goods and services to the person or a target market with the same characteristics. The demand for customer intelligence continues to create the need for personal information, which increases the odds of individuals and companies going out of their way to breach security measures for organizations to access personal and business data (Woods, 2013).
Who wants our information and why?
A number of companies and individuals are interested in private information for selfish gains. Employees within a company need information to perform their duties well. However, those who intend to perform malicious activities also require information and can resort to stealing when they do not have legal ways of obtaining the information they need. Individuals who run scandalous activities that are aimed at collecting sensitive financial information for use or sale to criminal organizations are also a threat to personal and corporate information. Employees who are disgruntled with their employer can decide to steal information and sell it to competitors when the stolen information contains trade secrets or when it can jeopardize business deals.
Former employees may also require information to use in their new companies, especially when they leave a company to start their own. Their motivation is to use classified information to create rival products and services that increase their business’ competitiveness. In international scenes, fictitious individuals and companies faking interest in an organization can request sensitive information to facilitate business deals and then use the information collected for other purposes that are not beneficial to the organization giving out the information.
What can they do with gathered information?
Companies and individuals collecting information use it as an asset for sale to other companies. Many companies provide free services to people, but they collect personal and institutional data about the users of their services and then sell the data to advertisers or other companies that may need to use the information for research. Intruders into organizations’ information systems use their access to collect data that can help them make intrusion into other systems. The intruders may cause harm to a network, harm to an individual, or expose the hidden information to the public, depending on the motivation of the intrusion and theft of information (Casey, 2011).
With email addresses, hackers and malicious people can send spam messages or sell the emails to other parties that are interested in spamming people. Stolen emails can also be fed into malware programs that infect the email accounts and automatically replicate in all addresses contained in the contacts saved in an email account. The malware can collect additional information from the email account and send the information automatically to the creators, who may use the information to steal money from online businesses and personal accounts (O’Farrell, 2014).
It is possible to send malware programs to email addresses to compromise the functionality of the recipients’ computers. This tactic is useful for a business that wants to destroy its rivals. Disgruntled current and former employees of an organization who are seeking revenge can also use it. The destruction of systems ends up causing time and financial losses to the affected organization.
Methods of Transmitting
Emails
An Email is useful for sending information and receiving information. It is a widespread communication tool for organizations. Emails exist in secure and non-secure forms, with the former requiring informed usage and providing limitations for usage. Many people rely on web-based email services that are free, but these are easy to intercept and steal information. Companies and public institutions like hospitals have to use secure email solutions because they deal with sensitive client information and have to comply with regulations for handling user data (Hruska, 2013).
Safety Precautions (Do’s and Don’ts)
Many individuals make the mistake of only having one account. However, unlike a home address, it is good to have many email accounts. The best practice is to have an email account for every nature of business and personal relations that one has. It is good to have a dedicated email for social networking and another email address for work, as well as a separate email for non-classified uses. Whenever an email account is spammed, the user should be alert to the potential of the email address being in the hands of the wrong people. It is best to stop using the email address altogether when there is a flood of incoming spam. The user should pick out the most important email conversations and create a filter automatically and forward them to a new address (Mir & Banday, 2010).
It is important to log out of the email provider’s website when accessing email from a computer or a phone, even if it is a company intranet. Leaving emails without logging out allows other people easy access to conversations in the email account and its address book. The intruders can use the information to blackmail other people or the owner of the account. They can even use the email address to do illegal activities. Such actions will put the owner of the email address in trouble, as it is a form of identity theft. Another good practice for email use is to wipe out any data that a browser or computer collects about a person’s activities regarding an email.
Therefore, it is good to clear history after using a public computer so that other users of the same computer are not able to access personal information that can jeopardize the security of personal or an organization’s information. Moreover, it is important to delete cookies and browser cache because they can provide malware programs with sufficient data to advance their attacks to a user’s email account and addresses contained in it. Public computers refer to any computer that the user has no control over who can access the computer and the ability to create passwords for access (Mir & Banday, 2010).
One should always use secured and company-approved accounts for handling company information and emails when sending and receiving corporate sensitive information. When using an email, one should always check the recipients to ensure that all addresses attached as part of the “send-to” email are relevant. Many people make a mistake of “replying-to-all” when they need to reply to one or two people in an email conversation. It is also important for the members of an organization to understand the uses of the three fields of an email, named the TO, BCC, and CC when sending emails to more than one person. Lastly, it is crucial to back up emails in a separate system in organizations so that when there is a security breach, wiping out the system to prevent unauthorized access will not result in permanent information losses.
Texts/Phones
Phone calls can provide additional security over emails when there is no need to have a written record of the conversation. However, phones are also prone to access by the wrong parties, who can access text messages and call records. Individuals and companies can send information via texts as a way of stealing it from other individuals or companies. For example, a recipient of a message can forward it to other parties that are not authorized to get the message. The forwarded message can include sensitive information, such as passwords, transit times and schedules, user names, email addresses, and phone numbers. Even without sending, it is possible to use malware on smartphones to fetch messages and transmit them remotely to other devices for unethical uses.
Most text messages are not private. As a result, using text messaging as a channel for corporate communication should only be considered as a last option. Although networks do not collect text message records and store them, they sometimes monitor text message traffic to find out whether users are abusing their networks. They may also monitor text messages on behalf of security agencies that want to gather evidence for cases they are investigating. Either way, going with a secure system for sending text messages should solve the problem, as illustrated in the ‘good practices’ options presented in the following section. Stored messages are useful for record keeping and audits, but they are potential sources of information that can facilitate unauthorized access to personal or corporate information. Therefore, if messages are to linger for a while on a person’s phone or corporate system, the concerned people should encrypt the messages to secure them from being accessed by the wrong parties.
In addition to the message, there is a trail of information about who sent the message and who received it at a given time, which is valuable information for people trying to monitor the conversations and movements of a person for selfish and unauthorized activities. Therefore, in addition to encrypting and protecting the actual messages, the trail used in conversations should also remain covered (Hoopes, 2014).
Safety Precautions (Do’s and Don’ts)
When using phones, users should ensure that they keep a passcode for accessing the phone and only reveal the passcode to trusted persons. They should also change the passcode regularly. In addition, phones should have the SIM pin enabled as a security measure. The best way to secure a phone is to provide physical security that prevents anyone else from handling and accessing information on the phone (Hoopes, 2014).
Physical security also requires the user to avoid using the phone in insecure networks when the phone contains sensitive information. For example, it is better to use a cellular network that is secured than to use open Wi-Fi networks available in public places (Hoopes, 2014). Lost phones should be reported to the organization as soon as possible so that their numbers are erased from the organization’s database used to send secure texts to staffs.
Helpful Security Measures for Securing Data
A problem exists with the uncontrolled use of portable electronic devices like tablets and smartphones or flash storage devices. Many companies assume that they are secure because they have firewalls and other perimeter security installations, such as anti-virus programs. However, individual access through trusted devices to the central system of a corporate network creates enough loopholes for intruders to use when seeking information from a company. They can compromise the trusted devices and gain easy access to the secured systems in the company. An organization can prevent abuses and neglect practices that contribute to the unauthorized access of sensitive information using a corporate policy on the use of devices to access and send emails or texts (Casey, 2011).
Sending/Receiving Emails
Companies and individuals should ensure that the sending and receiving of emails happens through secured devices only. Employees should send emails using computers or gadgets that pass the requirements of the security policy of their company. Employees should not allow an email to render non-text features, unless they have scrutinized the message and its intention and ascertained its origin as secure. Emails should be sent in plain text form and attachments included in the zipped form. Institutions should encourage the employees to use local POP3 and IMAP clients, instead of web-based email services for receiving and sending important emails. Organizations have to ensure that the email authentication process relies on high standard encryption to prevent unauthorized access to emails sent within the system.
Sending/Receiving Texts
When organizations have to send and receive a text containing valuable information, they need to implement protocols of formatting the message and channels to use for sending and receiving. Messages should not contain more than one important identifier that can allow intruders to access the organization. Companies need a text-messaging platform that authenticates the origin of messages and confirms whether recipients have received messages.
Organizations can ensure that only intended recipients have access to company sensitive information by using encrypted services for texting and use of authorized devices. At the same time, they can monitor the usage of the communication channel to determine its effectiveness as a security measure. Companies may advise the workers to install mobile apps that help to secure sent and received text messages to prevent other people who do not have secure login information from accessing the company’s important messages (Hoopes, 2014).
Organizations may have to use Unstructured Supplementary Service Data (USSD) protocols that provide live access to the corporate’s stored information using the phone. The platform allows users to send details securely as compared to texting (Mayes & Markantonakis, 2008). They can then receive a final response of their query as a text message that does not contain their login information to the system. Controlling physical access to systems, in addition to limiting electronic access can help to keep information secure within an organization.
References
Casey, E. (2011). Investigating computer intrusions. In E. Casey, Digital evidence and computer crime: Forensic science computers and the internet (pp. 369-419). London, UK: Academic Press. Web.
Hoopes, H. (2014). Apps to easily encrypt your text messaging and mobile calls. Gizmag. Web.
Hruska, J. (2013). Encrypted email isn’t secure, but if you must use it, here are some Lavabit alternatives. Extreme Tech. Web.
Mayes, K. E., & Markantonakis, K. (2008). Smart cards, tokens, security and applications. New York, NY: Springer. Web.
Mir, F. A., & Banday, M. T. (2010). Control of spam: a comparative approach with special reference to India. Information & Communications Technology Law, 19(1), 27-59. Web.
O’Farrell, N. (2014). How hackers use stolen information to steal your identity and more. Credit Sesame. Web.
Woods, B. (2013). What’s the true value of your personal data? Meet the people who want to help you sell it. TNW. Web.