1. Security of systems
Security risks come from two areas: employees (who introduce
accidental and intentional risks) and external computer crime.
Unfortunately for organisations, the greatest security threat is
from its employees.
2. Accidental employee errors
• Losses from accidental employee errors stem from ignorance
and carelessness.
• Some of the dangers to information refrom accidents include:
■ failure to keep dust out of computers
■ failure to consistently backup information from portable devices
■ accidental dropping of equipment
■ loss or theft of equipment
■ liquid spillage
■ non-adherence to handling procedures for storage devices
■ carelessness when inputting data
3. Email security
Question
• You have no doubt heard the term ‘email scam’, or
perhaps even experienced it. What do you think this
means? Why would businesses feel threatened by email
scams?
• In small groups, brainstorm a list of all the email scams
you have heard or read about. See if you can identify at
least five different scams. Search the internet to find
more and discuss the different types found.
4. Email security
Steps that employers can undertake to ensure risks are
kept to a minimum are
outlined below.
1 Develop an email policy that is signed (and followed) by
every employee.
2 Train employees to recognise possible threats, as many
employees open emails through ignorance of the types
of fraud that exist.
3 Provide continual reminders and updates on the types
of new scams.
5. Some different categories of scam email are malware, phishing, vishing,
pharming and mule recruitment.
• Malware is software designed to infiltrate or damage a
computer system without the owner’s informed
consent.
• Phishing refers to the use of spam emails purporting to
be from a financial institution in the hope of luring
unsuspecting, innocent people into providing their
personal information, such as credit card numbers,
passwords, account data or other banking details.
6. • Pharming differs from phishing in that it operates through real
URL addresses. When a user types in a web address, such as
their bank’s, they are immediately taken to a copycat website,
without having any idea that the site is bogus. Hackers then use
spyware, Trojan horses or a virus to get past a computer’s
defences and lodge itself into the background of the user’s
computer.
• Vishing is voice phishing. Instead of posing as a bank, phishing
for financial details on the internet, victims are lured into calling
a number and providing details over
the phone.
• Mule recruitment is when criminals attempt to get a person to
receive stolen funds using his or her bank account, and then
transfer those funds to criminals overseas
7. Question
• Type a paragraph in which you compare the difference
between malware, phishing, vishing, pharming and mule
recruitment.
• Why do you think email security is so important to any
organisation?