Mitigating Computer Fraud in the Online Environment Essay

Crime on the Internet is creating stunning losses for people as well as organizations of all kinds (Internet Crime heraldic bearing Center, 2009 Mensch & Wilkie, 2011). The necessary to inform and educate faculty, staff, and students of the diversity of threats and methods to protect and mitigate organizations and individuals from these threats is practically a moral imperative. People who lack the fundamental skills and knowledge to safeguard themselves and the institutions they attend or work for, cost those institutions and themselves billions of dollars every year, and the cost is rising (Custer, 2010 Internet Crime Complaint Center, 2009).This lack of fundamental skills and knowledge paired with the overall lack of educational activity and information tribute by a preponderance of educational institutions and handicraft makes it progressively more probable that cybercrime damages and costs provide continue to grow (Guy & Lownes-Jackson, 2011 Khansa & Liginlal, 2009). In 2 011, the fiscal cost of cybercrime was valued at 114 billion dollars (Ivan, Milodin, & Sbora, 2012). Responding to the escalated danger to educational organizations from cybercrime, a numerate of schools have been assigned to create programs for training students in Information credential Management (Kuzma, Kenney, & Philippe, 2009). Consistent with the necessity for instruction is the subsequent discussion of cyber threats and responses to them.Threats in an Online surroundings netmail is the sending of unsolicited emails to unsuspecting victims. Spam is responsible for many of the threats that will be discussed (Burgunder, 2011). Spam sufferingfully effects computer systems because its sheer volume, with eighty percent or more of e-mail shown to be spam. Spam affords the method of deploying numerous kinds of threats. These threats can be divided into application based threats and human based threats. According to two international studies, businesses do not put sufficient emp hasis on information technology security (Labodi & Michelberger, 2010).Human-based ThreatsViruses, spyware, zombies, bots, and worms are all computer programs that are applied to destroy, corrupt, or collect entropy (Burgunder, 2011 Ivan et al., 2012). These are examples of human-based threats since systems are affected as a consequence of something that a human does. A virus is a computer program that typically contaminates systems through a spam e-mail or by clicking of a random advertisement, and then replicates itself over and over again. Trojan horses are a nonreplicating lineament of virus that appears useful, but is intended to corrupt or destroy files and programs. Spyware is designed to facilitate identify theft by delivering personal identifying data to cybercriminals. Zombies and bots can effect helpful purposes, but are used to collect data concerning the utilization of a system or computer. Worms are similar to viruses but do not need to piggyback on a file to be de livered from one system to another.Federal laws enacted make it a crime to deliberately generate harm to any computer system (Burgunder, 2011). Phishing is when someone poses as a legitimate company to collect personal information from unknowing victims. Phishing typically begins with an authoritative aspect and sounding e-mail that directs the victim to a website that appears to be a legitimate business but is utilized to collect personal data (Burgunder, 2011 Custer, 2010). Phishing is currently the near widespread and well-known technique of fraud by electronic measures (Ivan et al., 2012). Software programs that either utilize a rainbow table or endeavor to deduce a password to get into a database or network is exacted password sniffing (Kara & Atalay, 2012). After an administrators password is deduced it is probable that further accounts will be breached (Custer, 2010 such(prenominal)(prenominal) too frequently transferable data with a persons identifiable data is kept by means that were not constructed for security and not counted in a data security strategy (Custer, 2010).The greatest percentage of thefts of private information is from incorrectly stored backup tapes, external hard drives, or laptops. exist laws order companies to alert affected individuals of a potential breach of their data. It is expected that the price tag of the typical breach of educational data will pair from $210,000 to as much as $4 million from the costs of notifying affected individuals alone (Custer, 2010). Still, another type of cybercrime concerning human flaw is scams. In 2011 more than 20,000 enter infringements involved four types of crime (Internet Crime Complaint Center, 2011). One of these types was FBI-related scams, in which someone impersonates a FBI agent to cheat victims, while another is personal identity theft, in which someone uses the victims personal identifying data to perpetrate a crime.The other two types are advanced fee fraud, in which a perp etrator persuades the victim to pay a fee to acquire something of value but without ever providing it and the non-delivery of products, in which the victim pays for merchandise that never arrives (Internet Crime Complaint Center, 2011 Ivan et al., 2012). Increasingly, information breaches happen because of resentful or dissatisfied employees (Custer, 2010). Presently, the main risk to datas confidentiality, availability, and integrity within a company is careless manipulation or purposeful destruction by in-house employees (Labodi & Michelberger, 2010). It is unusual for down(p) or medium companies to pay much time or attention to the harm that insufficiently educated or malicious employees can cause.Application-based ThreatsUsually when security is penetrated from outside it is because of vulnerabilities or configuration errors connected to applications installed on networks and computers (Custer, 2010). The Open Web Application Security Project (OWASP) enumerates 162 vulnerabili ties a standard software application may contain that could be manipulated. Two of the most often abused application vulnerabilities are dig flaws and cross-site scripting (Custer, 2010). Cross-site scripting incorporates extra code in a HTTP response message that gets implemented if the vulnerability is not detected and prevented. The implementation of this code could involve dispatching the session cooky to someone who could then utilize that cookie to do damage (Custer, 2010).Current scrutiny estimates that poorly written and protected web pages permit as much as forty percent of information breaches by means of cross-site scripting (Custer, 2010). A database language that permits the retrieval and manipulation of objects and data on a relational database centering system is the Structured Query Language (SQL). SQL injection attacks permits invaders to make several harmful changes. One possibility is to cause repudiation problems such as changing balances or voiding transacti ons. Another possibility is to meddle with data by allowing full disclosure of all information on the system or to slip by the information or make it unavailable.A disturbing possibility is to make the intruder the administrator of the database server. The vulnerability happens when no effort is made to authenticate the substance abuser information, this makes it possible for an experienced user to input data in such a way to displace the real function of the SQL, and implement code for iniquitous purposes (Custer, 2010). Between ten to twenty percent of information breaches happen because of web pages that vigorously generate statements against the database without authenticating the statements before proceeding to execution (Custer, 2010).Threat Responses in an Online EnvironmentThe necessity to develop, plan, and, most importantly, implement IT security awareness instruction is essential to guarantee the security of faculty, student, and institutional information (Mensch & Wilk ie, 2011). Todays systems have gravestone security components such as spam filters and intrusion detection systems (Ivan et al., 2012). These components can expose unauthorized admission and filter electronic communications that are deemed gamey risk. Some information breaches happen because of system invasion and extraordinary technical talents of criminals. However, the majority happen because of human error and are founded more on ingenuity and cleverness (Ivan et al., 2012). Needed are policies, awareness and technology, education and training to ensure data security for both organizations and individuals (Mensch & Wilkie, 2011).Responding to Human-based ThreatsThere are several actions that can be taken to eliminate or minimize the threats posed by viruses, spyware, zombies, bots, and worms. Installing a virus detecting software, then keeping it current, and confirming that it operates on a systematic schedule is the principal defense for these threats. Additionally, a brow ser add-in that verifies web site ratings prior to permitting routing to a site should be installed and it will also inform users when they may be making a questionable or unsafe Internet selection. Furthermore, browser pop-up blockers reduce the frequency of successful infringement of this kind (Mensch & Wilkie, 2011). Finally, a security information awareness program should teach faculty, staff, and students concerning the gravity of the danger and the potential cost of their actions. Phishing is so widespread and flourishing due to the inexperience of users. An fitting amount of education and training is the key to alleviating the success of a phishing tactic (Ivan et al., 2012).The way to mitigate or eliminate password sniffing is to teach all users on all systems to utilize hardened passwords. A hardened password is deemed to be a password that is changed at least every 90 days, with at least eight characters with one being a different case from the rest of the password, one is a special character, and at least one is a number (Custer, 2010). It is also essential that each user use a special hardened password for every system and that these hardened passwords not be put down in a manner that can be discovered. An even superior remedy for sensitive information is a two-factor authentication that requests something the user has, such as a random digit produced by a miniature hardware token and something the user knows, like a password (Custer, 2010).A suggestion for IT professionals is to consider how they would transport over $200,000, and use comparable common sense and caution in their treatment of private information and the vehicle on which it is stored (Custer 2010). Also, it is recommended that any movable device use whole disk encryption and consequently if it is misplaced or stolen then information is rendered unreadable. Another method for decreasing human error is to inform users of the most predominant scams so they are prepared and less lik ely to be fooled (Ivan et al., 2012). The Internet Crime Complaint Center issues guidelines for performing business online (2011). A curriculum to maintain and increase data security awareness among staff, faculty, and students has a considerably inconsequential cost when equated to the conceivable costs of a security breach, but does entail consistency in application (Labodi & Michelberger, 2010).Responding to Application-based ThreatsThe FBI reported that ninety percent of security infiltrations is from recognized problems. Assistive services have been designed that will permit companies to test their systems for these problems. Running these tests and then repairing any problems that are detected is vital to protect the system from the majority of security infiltrations (Custer, 2010). Also, creating a policy of regular system tests will most likely ensure that these types of system infiltrations will not occur. The most effective way to guard against SQL infiltration is centered on solid input validation (Ivan et al., 2012). Products exist that can be installed on systems to test a web sites security ratings. Cross-site scripting can be curtailed through the utilization of such products.ConclusionInformation technology security must be first and foremost for an organization. The protection of faculty, staff, and student personal data is critical to individual privacy and, furthermore, to the finances and reputation of the organization. Dangers to IT security come from weaknesses intrinsic to the use of compound software products and from human error. The educational organizations IT team is responsible for averting the occurrence of information breaches and implementing appropriate tactics to diminish the damage of a data breach if it occurs. Information Security plans abstract the security procedures that must be taken by an institution and should include both strategic and high level as well as usable and detailed. A key element in any information secu rity plan must be the education and training of the individuals who have access to information.ReferencesBurgunder, L. B. (2011). court-ordered aspects of managing technology (5th ed.). Mason, OH South-Western Cengage Learning.Custer, W. L. (2010). Information security issues in higher education and institutional research. New Directions for Institutional Research, 146, 23-49. doi10.1002/ir.341Guy, R., & Lownes-Jackson, M. (2011). Business continuity strategies An assessment of planning, preparedness, response and recovery activities for emergency disasters. Review of Management Innovation & Creativity, 4(9), 55-69. Retrieved from http//www.intellectbase.org/articles.php?journal=RMIC&volume=4&issue=9Internet Crime Complaint Center. (2011). Internet Crime Report. Washington, DC National White Collar Crime Center and the Federal Bureau of Investigation. Retrieved from http//www.ic3.gov/media/annualreport/2011_ic3report.pdfIvan, I., Milodin, D., & Sbora, C. (2012). Non security Prem ise of cybercrime. Theoretical and Applied Economics, 19(4), 59-78. Retrieved from http//www.ectap.ro/Khansa, L., & Liginlal, D. (2009). Quantifying the benefits of investing in information security. communications of the ACM, 52(11), 113-117. doi10.1145/1592761.1592789Kuzma, J. M., Kenney, S., & Philippe, T. (2010). Creating an information technology security program for educators. International Journal of Business Research, 10(1), 172-180. Retrieved from http//www.iabe.org/domains/iabe/journal.aspx?journalid=12Labodi, C., & Michelberger, P. (2010). Necessity or challenge information security for small and medium enterprises. Annals of the University of Petrosani Economics, 10(3), 207-216. Retrieved from http//www.upet.ro/anale/economie/pdf/20100322.pdfMensch, S., & Wilkie, L. (2011). Information security activities of college students An exploratory study. Academy of Information and Management Sciences Journal, 14(2), 91-116. Retrieved from http//www.alliedacademies.org/Publicati ons/Papers/AIMSJ_Vol_14_No_2_2011%20p%2091-116.pdf