Security of systemsSecurity risks come from two areas: employees (who introduce accidental

and intentional risks) and external computer crime. Unfortunately for organisations, the greatest security

threat is from its employees.

Accidental employee errors

• Losses from accidental employee errors stem from ignorance and carelessness.

• Some of the dangers to information refrom accidents include:

■ failure to keep dust out of computers■ failure to consistently backup information from

portable devices■ accidental dropping of equipment■ loss or theft of equipment■ liquid spillage■ non-adherence to handling procedures for storage

devices■ carelessness when inputting data

Email security

QuestionQuestion

• You have no doubt heard the term ‘email scam’, or perhaps even experienced it. What do you think this means? Why would businesses feel threatened by email scams?

• In small groups, brainstorm a list of all the email scams you have heard or read about. See if you can identify at least five different scams. Search the internet to find more and discuss the different types found.

Email security

Steps that employers can undertake to ensure risks are kept to a minimum are

outlined below.1 Develop an email policy that is signed (and

followed) by every employee.2 Train employees to recognise possible

threats, as many employees open emails through ignorance of the types of fraud that exist.

3 Provide continual reminders and updates on the types of new scams.

Some different categories of scam email are malware, phishing, vishing,

pharming and mule recruitment.

• Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent.

• Phishing refers to the use of spam emails purporting to be from a financial institution in the hope of luring unsuspecting, innocent people into providing their personal information, such as credit card numbers, passwords, account data or other banking details.

• Pharming differs from phishing in that it operates through real URL addresses. When a user types in a web address, such as their bank’s, they are immediately taken to a copycat website, without having any idea that the site is bogus. Hackers then use spyware, Trojan horses or a virus to get past a computer’s defences and lodge itself into the background of the user’s computer.

• Vishing is voice phishing. Instead of posing as a bank, phishing for financial details on the internet, victims are lured into calling a number and providing details over

the phone.

• Mule recruitment is when criminals attempt to get a person to receive stolen funds using his or her bank account, and then transfer those funds to criminals overseas

QuestionQuestion

• Type a paragraph in which you compare the difference between malware, phishing, vishing, pharming and mule recruitment.

• Why do you think email security is so important to any organisation?