1. Define the term cyber security.
The processes / practices / technologies designed) to protect networks / computers / programs / data; from attack / damage / unauthorised access; (2)
2. In recent years, there has been a large growth in the use of cloud storage. Discuss the advantages and disadvantages of using cloud storage. In your answer you should include an explanation of the reasons for the large growth in recent years and consider any legal, ethical and environmental issues related to the use of cloud storage.
Advantages of Cloud Storage
Cloud storage offers users the ability to access their data from multiple devices and locations, making it highly convenient for remote work and collaboration. Users can also easily share files with others, which is particularly useful for businesses and personal projects. Another key advantage is the ability to store large amounts of data without needing expensive local hardware, reducing the cost of devices for users.
Disadvantages of Cloud Storage
Despite these benefits, cloud storage comes with several drawbacks. There are increased security risks, as sensitive data is stored online and can be vulnerable to breaches. Users also rely on a stable and high-bandwidth network connection to access their data, which can be problematic in areas with poor connectivity. Additionally, there are potential long-term costs for cloud services, especially as data storage needs increase. The reliance on third-party providers raises concerns about data privacy, as personal information could be accessed by unauthorised individuals or misused by the cloud provider.
Legal, Ethical, and Environmental Issues
From a legal perspective, cloud storage poses challenges regarding data privacy and compliance with regulations like the General Data Protection Regulation (GDPR), especially when data is stored in different jurisdictions. Ethically, there are concerns about who controls user data and how it is used, particularly by companies that may sell user information for profit. Environmentally, cloud storage has a significant carbon footprint due to the large energy consumption of data centers, raising concerns about the sustainability of widespread cloud use. (9)
3. Most schools have a computer network. Some schools allow teachers to access the school network from their home computers. Give one reason why some schools allow this and one reason why some schools do not allow this.
Some schools allow teachers to access the school network from home so that they can plan lessons or access resources remotely. This allows teachers to prepare more effectively by accessing teaching materials, student records, or other resources without needing to be physically present at school. It also allows them to review and mark student work electronically, reducing the need to transport physical copies.
However, some schools may not allow this due to data protection concerns. Schools handle sensitive information about students, and allowing remote access could increase the risk of data breaches if the teacher's home computer is not adequately protected, potentially exposing confidential information. Additionally, schools may want to help teachers maintain a better work-life balance by limiting access to work-related tasks outside of school hours. (4)
4. Barnes Pest Control is a small business with four employees. Each of their employees has a standalone desktop computer. They have decided to use a network instead of standalone machines. Two security measures that Barnes Pest Control could use are authentication and encryption. Explain each of these security measures and how Barnes Pest Control could use them.
Authentication is a security measure that ensures a user is who they claim to be. Barnes Pest Control could implement this by giving each employee their own unique username and password to log in to the network. This would ensure that only authorized employees can access the system, improving security and accountability.
Encryption is another security measure that changes data into an unreadable format, which can only be accessed by those with the correct decryption key. Barnes Pest Control could use encryption to protect sensitive data, such as personnel records, ensuring that if any data is intercepted, unauthorized individuals will not be able to read it. (4)
5. AQATravel is a tour operator that sells holidays to places all around the world. They hold all of their customer and business data electronically. Following recent news articles about the effects of malware attacks on businesses, the management of AQATravel have been investigating how they could protect themselves against malware attacks. Discuss four methods that AQATravel could use to prevent infections from malware and/or to minimise the damage that could be caused by malware.
1. Regularly Back Up Data and Test Backups
One critical method to reduce the damage caused by malware, such as ransomware, is regularly backing up important data and testing those backups. Backing up data ensures that, in case of malware attacks, AQATravel can restore its systems without significant data loss. Testing backups regularly ensures that the backup process is effective, and data can be restored when needed. AQATravel should also secure these backups by storing them off-site or in air-gapped systems, ensuring that the backups are not affected by the same malware that infects the primary system.
This approach would prevent major data loss or business disruptions if malware successfully infiltrates AQATravel’s systems, allowing the business to resume operations quickly and efficiently.
2. Ensure Software is Up to Date
Another vital method of malware prevention is keeping all software up to date. Malware often exploits vulnerabilities in outdated software. AQATravel must implement regular updates and patches for all its systems, including operating systems, applications, and antivirus software, to address security loopholes. This measure would close any known vulnerabilities that could be exploited by malware, preventing attacks such as zero-day exploits.
For example, outdated systems like older versions of Windows have been known to be targets of malware attacks like WannaCry. Regular updates ensure that the business stays ahead of potential vulnerabilities, significantly reducing the risk of infection.
3. Use a Firewall and Network Filtering
Firewalls and network filtering are essential in controlling the flow of traffic into and out of AQATravel’s network. A firewall monitors traffic and can block unauthorized access or harmful data packets, while network filtering ensures that suspicious traffic is flagged and blocked. This helps prevent malware from entering the network through malicious links, email attachments, or compromised websites.
Implementing a robust firewall and network filtering system will block many potential infection vectors, reducing the likelihood of malware infiltrating the company’s systems. Additionally, these measures can prevent malware from communicating with command-and-control servers, limiting its spread within the network.
4. User Training on Security Best Practices
A crucial yet often overlooked defense against malware is staff training. Many malware infections occur because employees are tricked into opening phishing emails, clicking on malicious links, or downloading infected attachments. AQATravel should provide regular training to its employees to help them identify potential threats and practice safe online behaviors. Training employees on the dangers of social engineering attacks and how to recognize malicious emails or websites will reduce the risk of human error contributing to malware infections.
This method addresses the human element of cybersecurity, which is often the weakest link. By educating employees, AQATravel can significantly lower the chance of malware entering the system due to accidental actions by staff members. (12)