• Unit 1:Data Protection

    Key Unit Competency: By the end of this unit, you should be able to: 

    Use computers safely and securely to ensure that data is protected. 

    Introduction 

    Data is the plural form of the word datum. In modern usage, the word data is accepted when expressed either in singular and plural form. Data refers to a collection of numbers, characters, and symbols which are held in computer. Data are usually represented in units of eight bits, which are called bytes

    Data protection is defined as the process of safeguarding data from corruption, loss, or unauthorised access. All forms of data are considered assets for an organisation or an institution.  

    1.1 Protect the Computer

     In any organisation or institution, it is always necessary to think about the security of computers, as well as the data and information stored in  them. Security should be ensured for both computer software and hardware.  

    It is essential to take measures to protect the computer from threats such as unauthorised access. Persons who gain unauthorised access to a computer system pose a great threat to any institution.

    A computer system can be protected from security threats by assigning every authorised person user privileges or passwords in order to access it. In this case, every authorised user would have to log into the system. Every user’s history of activities can be tracked if the system is carefully inspected. 

    1.1.1 User Privilege 

    A computer requires the configuration of certain control measures to  ensure that privacy is maintained. This also ensures that personal data or information in the computer is secured.

    Every user of the computer can have an account created for their use, each account with different privileges. User privilege is the permission given to a user to perform an action. It is used to regulate who can view or use the resources in a computer. 

    In order to access a computer, the user requires some form of identification and authentication. Identification refers to the process of a proving one’s identity. Authentication refers to the process of verifying the identity of a user.

    For the identification process, the computer system first verifies that the user has a valid user account. The process then requires a confirmation of the validity by use of a password if one had been set. The computer maintains an internal list of valid user accounts and a corresponding set of access privileges for each account.

    An account can either be an Administrator or Standard user (Guest) in Windows operating system.

    • Administrator: This is a user that has superior privileges. Administrators  can make changes to the accounts of other users such as changing the security settings, installing software and hardware, as well as accessing and modifying all files on the computer.
    • Standard user (Guest): This is a user account that allows people to have temporary or limited access to a computer. People with this type of account can use most of the software installed. They can also change the system settings that do not affect other users or the security of the computer. Standard users cannot, however, install software or hardware, or create passwords. 

     Procedure for creating a user account

    Practice Activity 1.1: Creating a user account 

    (i) Click the Start button

    (ii) Select All Apps from the Start menu. 

    (iii) Click on Settings then select Accounts icon.  A dialog box appears. 

    (iv) Click on Family & other users in the left pane. 

    (v) Select Add someone else to this PC in the right pane as shown in Figure. 1.1. 

    (vi) Type the details of the user in the window displayed then click the Next button as shown in Figure 1.2. 

    (vii) The account is automatically created. The account is given a default account type of Standard. To change to Administrator account type do the following: 

    (viii) Click on the account in the right pane of the Accounts window. A dialog box is displayed as shown in Figure 1.3.


    Figure 1.1: Accounts window


    Figure 1.2: User Accounts window 


    Figure 1.3: The Manage Account dialog box 

    (ix) Select Change account type button. The dialog box in Figure 1.4 appears. 


    Figure 1.4: The Change account type dialog box 

    (x) Click on the box written Standard User. Select Administrator. Click OK. 

    Switch between users without logging off

    If a computer has more than one user account, it is possible to change from one user account to another without logging off the Active user account. To switch between users, do the following:

     Method 1: Using the Start Menu 

    (i) Click the Start Menu and then click on Switch User command

    (ii) Select the desired user account.

     Method 2: Using the Keyboard Shortcut 

    (i) Press Ctrl+Alt+Delete and then click on Switch User command. 

    (ii) Select the desired user account.

    Method 3: Using the Shut Down dialogue box 

    (i) Open the Shut Down Windows dialogue by pressing Alt+F4

    (ii) Click the down arrow. Choose Switch user in the list and click OK. 

    Note: You can also use a shortcut to switch user through the Ctrl+Alt+Delete options.  

    Press Ctrl+Alt+Delete othe keyboard, and then select Switch user in the options.

    Figure 1.5: Switching user dialog box

    Method 4: Using the User Icon 

    (i) Click the Start button on the desktop. 

    (ii) Click the User icon on the top-left corner in the Start Menu. 

    (iii) Select the desired user account such as Guest from the menu displayed.

    Figure 1.6: Switching the user account icon

    Practice Activity 1.2: Switching the user account

    Practice how to switch accounts using various methods. 

    1.1.2 Passwords 

    The most common method of protecting a computer against any intruder is to set up user accounts with usernames and passwords. Access to the computer is, therefore, denied to anyone who not have the username and the password. 

    A password is a secret code used to prevent unauthorised access to a computer hardware, software, as well as the data and information stored in the computer. A password provides the user with authority to  access information in a computer.

    A good password should be strong and easy to remember; but it should be difficult for a hacker to guess. A hacker tries to access an account in a computer without permission. The following are characteristics of a strong password:
    (i) It should have at least eight (8) characters.
    (ii) It should contain a combination of uppercase and lowercase letters. It should also have numbers and symbols if they are allowed. An example of a strong password is: Nkosi%88# 

    (i) It should be changed frequently, for example, after every one month.

    Tips for creating a strong password  
    A good and easy method of creating a strong password is as follows:
    (i) Think of a phrase that you can easily remember. To create a strong password, the phrase should have at least eight words.  For example: I Am Smart And I Work Very Hard. 

    Practice Activity 1.3(a) 

    Write down a phrase that you can easily remember. The phrase should have at least eight words. 

    (ii) Take the first letter of each word. In our example (I Am Smart And I Work Very Hard) the letters are IASAIWVH. 

    Practice Activity 1.3(b)

     Now write down the first letters of each of the words in the phrase you wrote down in Part (i) above. 

    (iii) Choose some letters and change them to numbers that match in shape. For example, you could change the letter I to number 1, and the letter S to number 5. In our example, this change will result in: 1A5A1WVH.

    Practice Activity 1.3(c) 

    Now change some letters to numbers that you consider to be similar in shape as we have done in Part (iii) above. 

    (iv) Change some letters to lowercase. For example, the letters that are the same, and the last letter. In our example it is letters A and H. The resulting password is: 1a5a1WVh

    Practice Activity 1.3(d) 

    Now change some letters to lower case and write down your resulting password.

    Procedure for creating a password using windows 

    (i) Click the Start button. Select All Apps from the Start menu. 

    (ii) Click on Settings then select Accounts icon.  A dialog box appears. 

    (iii) Click on Sign-in options in the left pane. 

    (iv) Click on Change button in the right pane under Password as shown below.

     

    Figure 1.7: Managing sign-in options 

    Note that not every computer user has privileges for creating accounts and passwords. 

    Procedure for changing the password

    (i) Type the current password in the window provided as shown in Figure 1.8, then click Next.

    Figure 1.8: The dialog box used for changing the user’s password.

    (ii) Type the new password and re-type it again in the window provided as shown in Figure 1.9, then click Next.


    Figure 1.9: Make changes to your password. 

    (iii) Enter a new password in the New Password box. Re-type the password in the Reenter password box. 

    (iv) Type a hint in the Password hint box. The hint is displayed when you cannot remember the password. 

    (v) Click the Next command. A final dialog box is displayed. Click on Finish as shown in Figure 1.10.

    Figure 1.10: The final step in changing the password 

    Why do you need to change your password? 

    • It is advisable to change one’s password every few months for security reasons. Sometimes you may forget to log out of your account in a computer that is used by several people. In this case, someone may find your account open and gain access to your data.

    • If someone gets to know your username and password, he or she could log into your computer and change, delete, or corrupt your files.
    • If someone gets to know your username and password, he or she could log into your computer and share your files with other users.

    Practice Activity 1.4: Creating and changing passwords 

    Practice to do the following on your PC: 
    (i) Create three possible strong passwords.
    (ii) Change the passwords.

    Setting user privileges

    (i) Click the Start Menu. Select Settings. Click Accounts. 

    (ii) Select Family & other users. Click “Add someone else to this PC.” 

    (iii) Select “I don’t have this person’s sign-in information.” Select “Add a user without a Microsoft account.” Enter a username. 

    (iv) Type the account’s password twice, enter a clue, and select Next.


    Figure 1.11: Setting user privileges 

     Allow and block specific programs in Windows 10 

    When an account is created in Windows 10, the user privileges are automatically defined with the type of account that has been created. It could either be a standard or an administrator’s account.


    The administrator account has more privileges than the standard account. The administrator is able to allow and block specific programs.

    To do this, follow these steps: 

    (i) Double click on This PC icon on the desktop. 

    (ii) Open the drive where the application files are located, for example, C: 

    (iii) Open the Program files folder. 

    (iv) Right-click on the specific application file and select Properties

    (v) Click on the Security tab of the window. 

    (vi) Click on the User profile name to allow or deny access to the user under Group or User names. 

    (vii) Click on the Edit button and give permissions to the user profile accordingly.

    (viii) Click Apply then OK. 

    (ix) Close the window and check if the changes are effective.

    Figure 1.12: Allowing and blocking users from accessing specific programs

    Practice Activity 1.5: Setting user privilege accounts

    Practice to allow and block users from using specific programs in Windows10.

    Revision Activity 1.1

    Part A: Fill in the missing words with the correct answers 

    1.  A computer is protected by setting up user accounts with................................................ and....................

     2.............................................................. is the permission given to a computer user to perform an action. 

    3..............................................................  is a secret code used to prevent unauthorised access to a computer, data, and software. 

    4.One who gains unauthorised access to a computer system is a ................................................................. 

    5.  A strong password should have at least ............................................. characters................................

    Part B: Answer these questions

    1.  Define the term “data protection”. 

    2.  Explain the meaning of these terms: (a) User privileges (b) Password 

    3. Identify the two types of password accounts. 

    4.Outline the procedure for setting up any one of the password accounts named in Question 3 above.

    Part C: Do the following: 

    (i) Create two new user accounts on your computer; one for the Administrator and another for a Standard User. 

    (ii) For both accounts, set strong passwords. 

    1.2 Harmful Programs

    1.2.1 Definition 

    The term harmful program refers to software that interferes or poses security problems to the computer hardware, software, data, and information. 

    1.2.2. Categories of Harmful Programs 

    Another name for harmful programs is malware (malicious software), which refers to software which is specifically designed to gain access or damage a computer without the user’s knowledge.  Malware (harmful programs) affect the smooth running of  a computer system or carry out illegal activities such as collecting information from unknown users. 


    Figure 1.13: Categories of harmful programs 

    Malware can take the form of forced advertising (adware), stealing sensitive data (spyware), facilitating illegal activities (crimeware), or spreading e-mail (spam).

    among others. The categories of harmful programs include the following: viruses, worms, Trojan horses, rootkits, spyware, crimeware, and adware. The discussions that follow explain the various types of harmful programs: 

    Viruses 

    A virus is a program that makes a copy of itself over and over again in a computer. This is called replicating. Some examples of computer viruses are program viruses, file viruses, boot sector viruses, and hoax viruses. 

    • A virus is loaded into a computer without the user’s knowledge. It  can spread from one computer to another. 

    • It inserts copies of itself into other computer programs, data files, or the boot sector of the hard disk thereby erasing or altering computer files, filling computer memory, or making the computer fail to function.

    Worms 

    • A worm is a malicious program that replicates itself and finally occupies the system memory of the storage media. Worms use the network to duplicate. 

    • A worm does not alter files. It resides in the active memory and duplicates itself. 

    • Worms are only noticed when they occupy a lot of space in memory, thereby slowing or halting tasks during processing. 

    Trojan Horses 

    • A Trojan horse is a harmful program that disguises itself as genuine software. An unsuspecting user is tricked into downloading and running it on his or her computer system.

    • After it is activated, it can irritate the user by popping up windows or changing the desktop, deleting files, stealing data, or activating and spreading other malware.

    • Trojan horses are also known for creating back doors to give malicious users access to the computer system.

    •Trojan horses do not replicate like worms and viruses; instead they spread through user interaction such as opening an e-mail attachment or downloading and running file from the Internet.

    •Trojan horses can be used to gain access to computer system. For example, a user can be tricked to download what he or she thinks is a game. Once it is downloaded and runs on the computer, it deletes files in the hard disk. It can also copy and send the saved password to another person through an email.

    Rootkit 

    • A rootkit is a collection of malicious programs designed to a computer or areas of its software and hide there. It may also hide the existence of other malicious programs. rootkit hides the fact that an operating system of computer has been compromised. It does so sometimes by replacing important executable files in the system.

    •A rootkit is activated even before an operating system boots up therefore it is difficult to detect.

    •Rootkits themselves are not harmful. They are used to hide viruses, worms and other harmful programs by disguising them as necessary files that your anti-virus will overlook. 

    Spyware 

    • Spyware is program that monitors or tracks personal information or Internet activity and sends such information to someone else.

    • Spyware can also gather information about e-mail  addresses and even passwords or credit card numbers by recording the key strokes entered into a web form. 

    •Since spyware exists as an independent program, it has the ability to do the following:

     ® monitor keystrokes;

     ® scan files on the hard disk;  

    ® spy on other applications such as chat programs or word processors;  

    ® install other spyware;  

    ® read cookies; and

    ® change the default home page on the web browser.

     •Spyware then relays the collected information to the author who uses it for marketing or advertising purposes. Some malicious authors sell the gathered information to another party.

    •Sometimes spyware is included along with genuine software. Sometimes it may come from malicious website. 

    Crimeware

     •Crimeware is type of harmful software that is designed to carry out or facilitate illegal online activities. 

    Adware 

    •Adware is software that automatically displays or downloads advertising material (often unwanted) when the user is browsing the Internet. 

    Revision Activity 1.2

    Research on examples of names of malware. You could present the examples in table as shown below. Some examples are given.


    1.3 Sources of Viruses 

    There are many sources of computer viruses. They include the Internet and storage devices or media

    1.3.1 Internet 

    The following are some sources of computer malware:

    E-mail attachments: A virus can come as a file attached to an e-mail message. This type of virus is known as a hoax. When the file is opened, the virus is activated. This causes damage such as destroying on the hard disk. It may also get forwarded to every contact listed in the address book.

    File sharing: Internet users are able to share or exchange files that are in their individual computers. This, therefore, makes it possible for such computers to be vulnerable to virus infection risks. This is because viruses can be transmitted along with the file to be  shared. 

    Malicious websites: These are sites that trick the user into giving away information or downloading a virus. They may have a code that finds and exploits weak security points in a computer. If such a site finds a security weakness, it downloads a virus to the computer and installs it without the user knowing. Malicious websites may be associated with malware, viruses, and misleading applications such as antivirus, computer games, or fake codes. 

    1.3.2 Storage Devices or Media 

    A common way of spreading viruses among computers is the use of removable storage media. These devices are connected to a computer system through a port or drive. Examples of such devices are flash disks and external hard drives.

     Windows Autorun in a computer is a feature that runs automatically when Windows starts. Windows Autorun triggers the virus to run and get transferred to the computer system when a storage device is inserted.

    When copying data, the data together with the malware are transferred to the storage medium, for example, a flash disk. When the medium is connected to another computer, the malware is automatically copied to the next computer.

    Symptoms of a computer infected by viruses 

    (i) A computer system takes longer than usual to load programs and carry out other operations.
    (ii) Unfamiliar graphics appear on a computer file.
    (iii) The drive light of a non-referenced drive comes on without a reason.
    (iv) The computer unexpectedly restarts without instruction.
    (v) The file size in the computer becomes unusually large.
    (vi) The size of Random Access Memory (RAM) may become smaller. 

    Revision Activity 1.3 

    Part A: Fill in the missing words to complete the sentences

    1.Rootkit are harmful programs. They are used to hide.............................................. , and .........................................................
    2. ............................................... refers to viruses whose source is e-mail attachments.
    3  .....................................................are sites that trick one into giving  away information or downloading viruses.
    4. A Trojan is a harmful program that disguises itself as.........................................  software.
    5.  Drive light of a non-referenced drive coming on without a reason is an indication of..............................

    Part B: Study these questions carefully and give the correct answers 

    1.  What is the meaning of the term harmful program? 

    2. Apart from viruses, identify other categories of harmful programs. 

    3.  A lab technician found out that some of the computers in a school were infected with a computer virus.

     (a)Give the symptoms of a virus-infected computer.

    (b)What are the measures to protect a computer system from virus attacks? 

    1.4 Measures to Prevent Harmful Programs 

    The following measures can be used to prevent harmful programs:

    1. Install an antivirus program 

    An antivirus refers to computer software that is used to prevent, detect, and remove malicious software. Antivirus software is sometimes abbreviated as AV. It is also known as anti-malware software. In a computer installed with an antivirus program, always do the following: 

    Keep the antivirus up-to-date at all times. This ensures that the antivirus is able to detect and remove any emerging viruses.

    • Scan and detect viruses. To scan means to go through all the parts of the computer system carefully in order to detect the presence of viruses.

    Quarantine infected files and programs to prevent the virus from spreading. To quarantine means to separate the infected files on a computer’s hard disk. Quarantined files are no longer capable of infecting the computer system. 

    • Delete or remove the files infected with viruses. 

    • Notify the user in case a virus is detected.

    Antivirus programs can be purchased from seller outlets directly or downloaded from the Internet.
    It is advisable to install the latest antivirus software in the computers and regularly have it upgraded so that it is able to deal with any new viruses.

    Examples of antivirus programs include Microsoft Essentials, Kaspersky, Norton, Bitdefender, WindowsDefender, Avast, Panda, Macfee, and Rising among others. Figure

    1.10 shows examples of antivirus programs.
    Figure 1.14: Some antivirus programs

    Practice Activity 1.6: Installing an antivirus program in a computer 

    Do the following:
    (i) Access the Internet. 
    (ii) Search for an antivirus software you are familiar with.
    (iii) Download the installer of the latest version of the antivirus software by clicking the Free Download button. The installer icon will be displayed.
    (iv) Right-click the installer and click Run as Administrator.
     (v) Click Install.
    (vi) The progress bar will indicate when the installation is complete.
    (vii) You can now run the antivirus program to protect your computer.


    Figure 1.15: Scanning the computer for malicious software 

    Steps for scanning a flash disk for viruses

    A flash disk is an example of a secondary storage medium. Viruses can easily be spread across computers through the use of secondary storage media such as flash disks. It is advisable to always scan a flash disk or any other secondary storage medium for viruses before use. Most antivirus programs automatically run when a medium, for example, the flash disk is inserted in the USB port in the computer.

    Practice Activity 1.7: Scanning a flash disk for viruses 

    To scan a flash disk  for viruses, do the following: 

    (i) Insert the flash disk into the USB port.

     (ii) Run the antivirus program installed in the computer. 

    (iii) If  there are any security threats, the antivirus displays their details.

    Figure 1.16: Scanning the computer for malicious software

    Practice Activity 1.8: Scanning a flash disk for viruses

    Do the following: 

    • Identify the antivirus program installed in your computer. 

    • Use it to  scan a flash disk for  viruses. 

    Note: The use of cloud-based storage service to store and share files and folders is a safe way to avoid the spread of computer viruses through secondary storage devices. Cloud-based services refer to data storage services where data are stored, maintained, managed, and backed up over the Internet.

    Examples of cloud-based storage services are Onedrive by Microsoft, Dropbox, and Google Drive by Google. Documents stored in the cloud service can be retrieved from a computer located anywhere in the world as long as there is Internet connectivity.


    Figure 1.17: Cloud-based storage services 

    2. Keep the antivirus software updated 

    Companies that sell antivirus programs keep updating them. It is important to always keep the antivirus program installed updated at all times. Microsoft always releases security updates that can help protect one’s computer. Always ensure that your operating system is always updated by turning on Windows Automatic update.

    3. Install anti-spyware software 

    This is a type of program designed to prevent and detect unwanted spyware program installations. It also  removes those programs that have been installed. 

    4. Scan emails for viruses 

    Do not open email attachments unless you are sure of the source. Since computer viruses are often contained in email attachments, scan the attachments for viruses before opening them. Most email services, for example, Google and Yahoo automatically scan emails for viruses before downloading any attachments. 

    5. Avoiding non-secure sites

    The following are some control measures to be observed when dealing with nonsecure websites:

    • Avoid visiting sites you are not familiar with. These may be unsecured sites. Such sites promise to have free downloads of games and books.

    • Block sites that you do not want the computer to connect to through the browser. Examples are sites that may contain indecent information and graphics.

    • Google Chrome tells you if the site you’re trying to visit is dangerous or deceptive. 

    Figure 1.18: Warning on dangerous sites

    This is how you turn on warnings about dangerous sites: On your computer, open Chrome. At the top right, click the Chrome button and then Settings.


    Figure 1.19: Settings in Chrome

    At the bottom, click Show advanced settings. 

    Figure 1.20: Advanced settings in Chromed

    Under “Privacy,” check the box next to “Protect you and your device from dangerous sites.” It is recommended that you ensure that the alerts are  turned ON at all times.

    Figure 1.21: Settings for protecting the computer from harmful sites

    Use Windows firewall to block unsecured sites. A firewall is a software program or a piece of hardware that helps to detect and keep out hackers, viruses, and worms that try to reach your computer over the Internet. 

    • Always avoid sites that have warning of certification. A site’s certificate allows your browser to establish a connection with the site. If your browser warns you of a certification error, it is likely that the website could pose threat to your computer system. 

    • Avoid clicking on pop-up sites that appear on the Internet. 

    6. Other precautionary measures 

    Other ways of ensuring safety of the data are as follows: 

    • Use proper cleaning agents to clean the computer hardware including the screen and the keyboard, for example, soft cotton cloth and cleaning solvents available in the market. 

    • Prepare backups for all the data and documents held on the computer.  A back up is a copy of  file or any other item of data made in case the original is lost or damaged. 

    • Compressing files, folders, and programs decreases their size. This then reduces the amount of space they use on the computer drive or removable storage devices. Files that have been stored in a zipped compressed folder can be protected with a password.

    Revision Activity 1.4 

    Part A: Fill in the missing words to complete the sentences: 

    1. An antivirus software...................................................................  infected files to prevent virus spread.

     2. Computer viruses are mainly spread through secondary storage devices.......................................... and ................................................. are examples of secondary storage devices. 

    3. A............................................................  is a set of hardware and or software equipment that is used to prevent hackers from invading private networks. 

    4. List some examples of antivirus programs:  

    (a)......................................................

    (b)......................................................

    (c)...................................................... 

    Part B: Do this exercise 

    Viruses are a major problem for a computer user. Explain the possible measures to protect computer systems from virus attacks.

    Part C: Do the following: 

    • Install an antivirus in the computer system. 

    • Use the antivirus software installed in the computer to scan the computer and a flash  disk for viruses.

    1.5 Definition of Key Words in this Unit

    Revision Activity 1.5 

    Find out the meaning of the words given below. Share your findings with the rest of the students in a class presentation. Check the meanings you find against those provided in the glossary at the end of this course book:

    • Data Protection             
    • User privileges             
    •  Passwords                
    •  Viruses                       
    • Worm          
    •  Spyware 
    • Trojan                          
    •  Rootkit                         
    •  Malware                    
    •  Internet Antivirus  Scan       
    •  Restore
    • Firewall                          
    • Piracy Cleaning agent  Antispyware             
    •  Backup                
    • Compressing files

    Revision Exercise 1

    1. State two reasons why data protection is necessary in an organisation. 

    2. Differentiate between standard and administrator accounts. 

    3. State three ways in which an antivirus software can protect a computer system from virus attacks. 

    4. Differentiate between spyware and adware. 

    5. Give two sources of computer viruses. 

    6. State two characteristics of a strong password. 

    7. State three preventive measures that could be taken to avoid infection from a virus through a secondary storage medium. 

    8. State one function of a password. 

    9. While using your e-mail, a pop-up menu could be displayed that could contain a virus. State one method of preventing pop-ups in your web browser.



Unit 2:ICT in Financial Transactions