Chapter 8

Safety & Security

Physical Safety
1. Electrocution:
ICT devices require electrical power to charge or run; the electrical device can cause
electrocution, caused by the electric current moving through a body, causing fatal injuries
and/or death.
There are multiple causes for electrocution, including:
• Contact between liquid substances and electronic devices: Keep liquids away from
electrical equipment.
• Open cables: Ensure that cables are entirely insulated and packed, and use circuit
breakers or fuses to prevent electrical overload.
2. Fire:
ICT devices require electricity to charge or run; too many devices using a single socket can
cause the plug socket to overload, and heat is generated by too much electricity, causing the
wiring to degrade and ignite a fire.
The causes and reduction tactics for fire include:
• Socket overload: Ensure enough plug sockets in the room, don’t plug too many devices
into the same socket, and don’t leave devices plugged in and unattended.
• Overheated equipment: Ensure that equipment is properly ventilated and not
obstructed, keep flammable materials away from heat sources, regularly check
equipment for signs of wear or damage, use fire extinguishers in case of emergencies,
turn off or unplug devices when away from the location, do not cover any air vents on
devices.
3. Trailing cables:
Devices can be plugged in using cables. Cables that are protruding can cause an accident; you
can trip over a cable left out in a location, and body damage can occur during a fall, for
example, breaking bones, ligament damage, bruising, sprains, etc. depending on the area fell
on
Trailing cables causes and prevention strategies:
• Unorganized/insecure cables: use cable ties to secure cables, keep cables packed
correctly in, let’s say, a table, therefore not coming in the way of walking paths, use
wireless devices where possible, and regularly inspect cables for signs of wear or
damage.
4. Heavy falling equipment:
Devices have varying levels of weight, and if a device falls on you, it could cause injury; any
device should be placed in a secure location, like a PC on a solid desk and not near the edge.
Causes and reduction tactics for falling equipment:
• Improperly secured equipment: Ensure that equipment is properly secured and stable.
Regularly check the stability of locations containing devices.
• Equipment on unstable surfaces: Keep equipment away from edges and other potential
hazards, and regularly inspect equipment and locations containing devices for signs of
wear or damage.

eSafety
Data Protection
The Data Protection Act (DPA) controls personal data collection, storage and processing.
• In the UK, the European Union’s General Data Protection Regulation (GDPR)
• Protects personal data, whether stored on paper or a computer system
Principles of the Data Protection Act
• Data must be processed lawfully, fairly, and transparently, with clear consent from the
individual.
• Data should only be collected for specific, explicit, and legitimate purposes.
• Organizations should only collect and retain the minimum personal data necessary for
their stated purpose.
• Data should be accurate and up-to-date, and reasonable steps must be taken to rectify
or erase inaccurate information.
• Personal data should not be kept longer than necessary and should be securely deleted
when no longer needed.
• Organizations must protect personal data against unauthorized or unlawful
processing, accidental loss, destruction, or damage.

Why is data protection legislation required?

• Protecting Individual Rights: Data protection legislation safeguards individuals' right
to privacy and control over their personal information.
• Preventing Misuse of Personal Data: It helps prevent unauthorized access, identity
theft, fraud, and other forms of data misuse.
• Promoting Trust: Data protection laws build trust between individuals and
organizations by ensuring their personal information is handled responsibly.
• Encouraging Responsible Data Handling: Legislation promotes responsible data
collection, storage, and processing practices among organizations.
• Enabling Data Subject Rights: Legislation grants individuals rights such as access to
their data, right to rectification, erasure, and objection to processing.

Personal Data
• Refers to information that can be used to identify an individual
Examples
• Personal Name
• Address
• Date of birth
• A photograph in school uniform
• Medical history
Threats that can be avoided by protecting personal data:
• Identity theft
• Privacy breaches
• Misuse of the information
• Data be sold to third-party companies
• Individuals could be held to ransom over personal data gathered
• could be used to commit a physical crime

How to avoid inappropriate data disclosure:

• Personal data must be kept confidential and protected through privacy settings
on websites such as social media or strong passwords on websites where
personal data is held or used
• Access to personal data should be limited to authorized individuals
• Think before you post - consider what information could be gathered from your
image or content
• Check website details about the collection, storage, and use of personal data
 • Only access websites where personal data is used or viewed when on a secure,
encrypted connection

eSafety
• E-safety is about knowing about and using the internet safely and responsibly.
• It refers to when an individual is using the internet, email, social media, online gaming.
• E-safety refers to the individual knowing how to protect themselves from potential
dangers and threats

The need for eSafety

• Awareness that personal information should not be shared freely
• Awareness of how to act online and avoid falling victim creates a safe and respectful
environment.
• Identify and avoid online scams, phishing attempts, and fraudulent websites that may
try to trick them into sharing personal or financial information.
• Mindful of online behaviour and interactions, protecting your digital reputation, which
can have long-term consequences in your personal and professional life.
• Control privacy settings on social media platforms, limiting who can access/view
personal information and posts.
• Avoid encountering explicit or harmful content online, reducing the risk of exposure to
inappropriate material or online predators.
• Engage in online gaming responsibly, avoid sharing personal details, and behave
respectfully towards other players.
• Protecting devices from malware, viruses, and other online threats, preventing data
loss, privacy breaches, or device damage.
• Develop responsible online behaviours, promoting respectful conduct while
interacting with others online.
• Maintain a healthy balance between online and offline lives, reducing the risk of
addiction, mental health issues, or negative impacts on relationships and self-esteem.

Safety Suggestions
The internet:
• Use trusted websites recommended by teachers or reputable sources
• Utilize search engines that only allow access to age-appropriate websites and
use filters to ensure inappropriate content is not seen
• Never reveal personal information
Email:
• Be aware of the potential dangers of opening or replying to emails from
unknown people, including attachments; potential dangers include phishing,
spam
• Ensure you know who the email is for when considering sending personal data
or images via email, only with people you know and not with identifiable
content like school photos
Social media:
• Know how to block and report people who send content or messages that are
unwanted
• Know where the privacy settings are to reduce the number of people who can
see your posts or images
• Be aware of the potential dangers of meeting online contacts face to face, do not
meet anyone you do not know; if you do, take an adult and meet publicly.
 • Do not distribute inappropriate images and inappropriate language
• Respect the confidentiality of personal data belonging to other people
• Only accept friend requests from people you know
• Parents should be aware of what you are doing online, discuss what you are
doing online
• Do not post images or details that can be used to locate you
Online gaming:
• Do not use real names as usernames
• Never share personal or financial details with other players
• Know how to block and report players for inappropriate messages or comments

Sensitive Data — is data that might result in loss of an advantage or level of security if
disclosed to others. Ie, ethnicity, religion, criminal record, etc. At the same time, personal data
can be used to identify the user, i.e., passport number, name, age, etc.

Security of Data
Threats
There are multiple methods by which data can be threatened, including:
• Hacking: Unauthorized access to computer systems or networks to gain control, steal
information, or cause damage, thus leading to identity theft, privacy breaches, and
misuse of data
• Phishing: Deceptive emails or messages that are received from trusted sources to trick
individuals into revealing personal data
• Pharming: Manipulation of DNS (Domain Name System) to redirect users to fraudulent
websites, often to steal personal data
• Smishing: Phishing attacks carried out through SMS or text messages
• Vishing: (aka voicemail phishing) Phishing attacks carried out through voice messages
to trick users into calling the telephone number contained in the message
• Viruses and malware: Viruses are program codes that can replicate/copy themselves
to cause data loss or corruption. Malicious software designed to disrupt, damage, or
gain unauthorized access to computer systems or networks
• Card fraud: Unauthorized use of credit or debit card information for fraudulent
purposes caused by shoulder surfing, card cloning, or keylogging.

Protection of Data
Multiple techniques are implied for the protection of data, inclusive:
1. Biometrics:
• Individuals' distinctive physical or behavioural traits, such as fingerprints, faces, or
irises, can be used for access control and verification. Since biometric data is hard to
fake or duplicate, it offers a more secure form of identification.

2. Digital certificate:
• A digital record that attests to a website's reliability and integrity. A digital certificate
is used to provide safe communication and to build confidence between parties.
Identifier data, the entity's public key, and a third party's digital signature are
frequently found in digital certificates.
3. Secure Socket Layer (SSL):
• a protocol that creates a secure connection between a client computer and a server.
SSL ensures that information communicated between a server and client stays private
and cannot be intercepted or changed by unauthorized parties. A website's
identification for it is the S at the end of HTTP.

4. Encryption:
• Creating data in a format that cannot be read without a decryption key Data on hard
drives, emails, cloud storage, and secure websites (HTTPS) are all protected by
encryption. Without a decryption key, it assures that even if unauthorized people
obtain data, it cannot be decoded.

5. Firewall:
• A firewall is a network security device that monitors and manages incoming and
outgoing network traffic. Its goal is to separate an internal network from other
networks by filtering data according to established criteria. It assists in preventing
malware, unauthorized access, and other network risks.

6. Two-factor authentication:
• A security mechanism that requests two different kinds of identification from users to
confirm their identity. To provide additional protection outside of just a username and
password, 2FA was created. Typically, it combines something that uniquely identifies a
user, like biometric data, with something the user has, like a smartphone and a token
or something they know, like a password.

7. User ID and password:

• A typical authentication technique uses a password plus a secret code (user ID) to
identify. To strengthen data security, user IDs and passwords restrict access to only
authorized users. Using secure passwords and changing them frequently is critical to
ensure security. When creating passwords, it is advised to utilize a mix of uppercase,
lowercase, digits, and special characters.