Lesson 2: Network and Computer Safety

The internet allows us to communicate, share information and access a vast amount of data and online services. However, connecting to the Internet also comes with some dangers, such as the possibility of encountering computer threats such as viruses, spyware, fraud and hacker attacks.

Knowing the network means understanding:

  • how the Internet works;
  • how the information is transmitted;
  • how to best use its features.

Knowing about the existence of cyber threats and how to protect your computer and your data will help you avoid any problems. For this reason, it is useful to know antivirus and antimalware software, choose strong passwords and perform online safety practices such as backing up your data.  It’s also important to be aware of online fraud and scams and know how to avoid falling victim to these threats.

The internet has become an integral part of our daily lives, giving us unlimited access to information, services and entertainment. However, being online can be dangerous if you don’t know the right precautions to take.

Before going deeply into what cybersecurity is and on how to protect yourself from cyber threats, it is important to determine why cyber attacks are so dangerous. Most of the times, cyber attacks happen because cyber criminals want your or your clients’ personal data. But what is to be considered personal data?

Following the General Data Protection Regulation (2016/679, “GDPR”), which is a Regulation in EU law on data protection and privacy in the EU and the European Economic Area (EEA), “Personal data means any information relating to an identified or identifiable natural person (‘data subject’)”

In general terms, personal data can be any information that is clearly about a particular person. The GDPR further clarifies that information is considered personal data whenever an individual can be identified, directly or indirectly, “by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

In certain circumstances IP addresses or a person’s political views can be defined as personal data.

Thus, what can be considered as personal data?

  • Biographical information or current living situation, including dates of birth, Social Security numbers, phone numbers and email addresses;
  • Looks, appearance and behaviour, including eye colour, weight and character traits;
  • Workplace data and information about education, including salary, tax information and student numbers;
  • Private and subjective data, including religion, political opinions and geo-tracking data;
  • Health, sickness and genetics, including medical history, genetic data and information about sick leave.

GDPR provides that:

  • “5(1) Personal data shall be:
  • (a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes”.

It also requires you to tell data subjects who you share the personal data with (the recipients or categories of recipients of the personal data).

GDPR describes different situations where a company or an organisation is allowed to collect or reuse your personal information:

  • they have a contract with you – for example, a contract to supply goods or services (i.e. when you buy something online), or an employee contract
  • they are complying with a legal obligation – for example, when processing your data is a legal requirement, for example when your employer gives information on your monthly salary to the social security authority, so that you have social security cover
  • when data processing is in your vital interests – for example, when this might protect your life
  • to complete a public task – mostly relating to the tasks of public administrations such as schools, hospitals, and municipalities
  • when there are legitimate interests – for example, if your bank uses your personal data to check whether you’d be eligible for a savings account with a higher interest rate

In all other situations, the company or organisation must ask for your agreement (known as “consent”) before they can collect or reuse your personal data.

With the term cybersecurity (or computer safety) we mean The efforts to design, implement, and maintain security for an organization’s network, which is connected to the Internet. It is a combination of logical/technical-, physical- and personnel-focused countermeasures, safeguards and security controls. An organization’s cybersecurity should be defined in a security policy, verified through evaluation techniques (such as vulnerability assessment and penetration testing) and revised, updated and improved over time as the organization evolves and as new threats are discovered.

The main threats to your online security can be:

  • any code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system;
  • an attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment. A social engineering attack may be used to gain access to a facility by tricking a worker into assisting by holding the door when making a delivery, gaining access into a network by tricking a user into revealing their account credentials to the false technical support staff or gaining copies of data files by encouraging a worker to cut-and-paste confidential materials into an e-mail or social networking post;
  • A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities or zero day attacks, which allow the attacker to maintain access to the target even as some attack vectors are blocked.
  • An attack which attempts to block access to and use of a resource. It is a violation of availability. DDOS (or DDoS) is a variation of the DoS attack (see DOS) and can include flooding attacks, connection exhaustion, and resource demand. The purpose of a DDoS attack is to significantly amplify the level of the attack beyond that which can be generated by a single attack system in order to overload larger and more protected victims. DDoS attacks are often waged using botnets;
  • The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. Generally, a data breach results in internal data being made accessible to external entities without authorization.

In relation to computer safety, you need to be able to:

  • identify simple ways to protect your devices and digital content, and
  • differentiate simple risks and threats in digital environments,
  • follow simple safety and security measures,
  • identify simple ways to have due regard to reliability and privacy.

Regarding personal data and privacy protection, you need to be able to:

  • select simple ways to protect your personal data and privacy in digital environments, and
  • identify simple ways to use and share personally identifiable information while protecting yourself and others from damages,
  • identify simple privacy policy statements of how personal data is used in digital services.

These are few, simple precautions, but they are worth following:

one of the most important cyber security tips to mitigate ransomware is patching outdated software, both operating system, and applications. This helps remove critical vulnerabilities that hackers use to access your devices;

this will help protect your computer from any computer threats such as viruses, spyware and malware. A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device;

create strong passwords that combine letters, numbers and symbols. Avoid using personal information or easily guessed words. Remember that your password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols;

Web browsers like Google Chrome, Mozilla Firefox, and Microsoft Edge offer advanced security features to keep your data and computer safe;

this is a service that adds additional layers of security to the standard password method of online identification. With two (or multi) factor authentication, you will enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint;

you should be very cautious about the information you include online. It is recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook.

Suspicious links can be used to spread viruses and malware. Before clicking on a link, make sure it’s from a reliable source.

The European Commission support for the production of this publication does not constitute an endorsement of the contents which reflects the views only of the authors, and the National Agency and Commission cannot be held responsible for any use which may be made of the information contained therein.