Information systems have made many businesses successful today. Some companies, such as Google, Facebook, EBay, etc., would not exist without information technology. However, the misuse of information technology can create problems for the organization and employees.
Criminals who gain access to credit card information can result in financial losses for cardholders or a financial institution. Using an organization's information systems, i.e., posting inappropriate content on Facebook or Twitter using a company account, can lead to lawsuits and loss of business.
This guide will look at the challenges that arise with information systems and what can be done to minimize or eliminate the risks.
Cybercrime
Cybercrime refers to the use of information technology to commit crimes. Cybercrimes can range from simply annoying computer users to huge financial losses and even human lives. Rising sales of smartphones and other high-end mobile phone devices that have access to the internet have also contributed to the rise in cybercrime.
Types of Cybercrime
Identity theft
Identity theft occurs when a cybercriminal impersonates someone else's identity to commit a malfunction. This is usually done by accessing someone else's .tails account. Details used in such crimes include social security numbers, date of birth, credit and debit card numbers, overseas passport numbers, etc.
Once the information is obtained by a cybercriminal, it can be used to make online purchases by pretending to be someone else. One of the ways cybercriminals get such personal data is through phishing. Phishing involves creating fake websites that look like legitimate business websites or emails.
For example, an email that appears to originate from YAHOO may ask the user to verify their personal tails address, including the contact numbers and email password. If the user falls for the trick and updates the details and provides the password, the attacker will gain access to the victim's personal data and emails.
If the victim uses services such as PayPal, then the attacker can use the account to make online purchases or transfer funds.
Other phishing methods include using fake Wi-Fi hotspots that look like the real thing. It is common in public places such as restaurants and airports. If an unsuspecting user enters the network, cybercriminals may try to access sensitive information such as usernames, passwords, credit card details. numbers, etc.
According to the U.S. Department of Justice, a former State Department employee used email phishing to gain access to the emails and social media accounts of hundreds of women and gained access to explicit photos. He was able to use the photos to extort women and threatened to release the photos if they did not comply with his demands.
Copyright Infringement
Piracy is one of the biggest problems with digital products. Websites such as the Pirate Bay are used to distribute copyrighted material such as audio, video, software, etc. Copyright infringement means the unauthorized use of copyrighted material.
Fast internet access and lower storage costs have also contributed to the rise in copyright infringement crimes.
Click fraud
Advertising companies like Google AdSense offer pay-per-click advertising services. Click fraud occurs when a person clicks on such a link without the intention of learning more about the click, but to make more money. This can also be achieved with automated click-making software.
Advance Fee Fraud
An email is sent to the targeted victim, who promises them a lot of money in favor of helping them claim money for an inheritance.
In such cases, the perpetrator usually pretends to be a close relative of the deceased, a very wealthy, famous person. He/she claims to have inherited the wealth of a deceased rich person and needs help to claim the inheritance. He/she will ask for financial assistance and promise to reward. later. If the victim sends money to the scammer, the scammer disappears and the victim loses the money.
break-in
Hacking is used to circumvent security measures and gain unauthorized access to the system. Once an attacker gains access to the system, they can do whatever they want. Some of the common actions taken when a system is compromised are:
Install programs that allow attackers to spy on a user or remotely control their system.
Website defacement
Steal confidential information. This can be done through techniques such as SQL injection, exploiting vulnerabilities in database software to gain access, social engineering techniques that trick users into sending IDs and passwords, etc.
Computer virus
Viruses are unauthorized programs that can annoy users, steal sensitive data, or be used to control equipment managed by computers.
Security Information System
MIS security refers to measures taken to protect information system resources from unauthorized access or compromise. Security vulnerabilities are weaknesses in a computer system, software, or hardware that can be exploited by an attacker to gain unauthorized access or compromise the system.
People as part of the components of the information system can also be used using social engineering methods. The goal of social engineering is to gain the trust of the system's users.
Let's now take a look at some of the threats that information systems face and what can be done to eliminate or minimize the damage if the threat materializes.
Computer viruses are malicious programs described in the section above. The threats posed by viruses can be eliminated or minimized by using antivirus software that outlines an organization's security best practices.
Unauthorized access – The standard convention is to use a username and password combination. Hackers have learned how to circumvent these controls if the user doesn't follow security best practices. Most organizations have added the use of mobile devices, such as phones, to provide an extra layer of security.
Let's take Gmail for example, if Google is suspicious of logging into an account, they will ask the person about to log in to verify their identity using their android powered mobile devices or send an SMS with a PIN code that should complement the username and password.
If a company doesn't have the resources to implement additional security like Google, it can use other methods. These methods may include asking users questions during registration, such as what city they grew up in, what is the name of their first pet, etc. If the person gives accurate answers to these questions, they are given access to the system.
Data loss – If a data center catches fire or is flooded, the data equipment can be damaged and the data on it will be lost. As a standard security best practice, most organizations store data backups in remote locations. Backups are created periodically and are usually located in more than one remote location.
Biometric identification – This is now becoming very common, especially with mobile devices such as smartphones. The phone can record the user's fingerprint and use it for authentication. This makes it more difficult for attackers to gain unauthorized access to a mobile device. Similar technology can also be used to prevent unauthorized persons from accessing your devices.
Ethics Information System
Ethics refers to the rules of good and evil that people use to make choices and determine their behavior. Ethics at MIS aims to protect and protect individuals and society through the responsible use of information systems. Most professions usually have some kind of code of ethics or rules of conduct that all professionals associated with the profession must adhere to.
In short, a code of ethics places responsibility and accountability on people acting of their own free will for their actions. An example of the MIS Code of Ethics can be found on the website of the British Computer Society (BCS).
Information and Communication Technology (ICT) Policy
An ICT policy is a set of guiding principles that define how an organization should use information technology and information systems responsibly. ICT policies usually include guidelines on:
Purchase and use of hardware and how to dispose of it safely.
Use only licensed software and ensure that all software is up-to-date with the latest security patches.
Rules for creating passwords (complex, security controls), changing passwords, etc.
Acceptable Use of Information Technologies and Information Systems
Training of all users involved in the use of ICT and IMS.
Findings
With great power comes great responsibility. Information systems open up new opportunities and advantages in the way we do business, but they also create problems that can negatively affect society (cybercrime). The organization needs to address these issues and develop a framework (ICS security, ICT policies, etc.) that will address them.