Frequently Asked Questions

  • Home
  • /
  • Frequently Asked Questions

Got Questions?  We’ve Got Answers!  We offer an array of Frequently Asked Questions (and Answers) in response to inquiries on security and information management topics.  Bookmark this page for future reference and watch for updates.

This is a short list of our most frequently asked questions. For more information about information security, or if you need support, please contact us by writing an email.

What is a Virus

A virus is a program or piece of code that is loaded onto a computer without the user’s knowledge and runs against the user’s wishes. Most viruses can also replicate themselves and, in many cases, redistribute themselves. Virus activity can be as simple and benign as a prank, or so destructive that valuable data is lost. Viruses, or malware, can be distributed by hard media, by accessing maliciously configured web pages, across network shares or through attachments in electronic mail.

How can I best protect my laptop ?

Keep your operating system, critical applications (like your browser) and antivirus patched and up-to-date, and use a personal firewall. That way, you’ll avoid becoming vulnerable to hackers and others looking to steal information. You’re also required to do this before you can connect to your company network since it definitely has critical data.

Are these internet threats really that big of a problem?

In a word, yes. More and more all of our information is accessible online. This gives hackers more options and more incentive. Many viruses and malware is being developed by financially motivated criminals. It is quite common for these viruses and malware to be so sophisticated that many organisations will not even know they have been attacked. It is imperative that organisations take online security seriously to avoid being a victim.

What is hacking ?

Long-time computer users and technology professionals consider “hacking” as pushing a computer system to its extreme and beyond, attempting to improve the operation, functionality and/or security by finding what causes it to fail or what allows the “hacker” to take control of the system. Lately, though, mainstream media have begun using the term to mean hacking for criminal intent, or “cracking”. “Crackers” are considered hackers who have gone over to the dark side and intrude into systems with the intent to damage, defraud, or destroy the system or its data. Cracker motives range from personal entertainment to monetary to political, or any combination of factors. Many times, crackers get the bad press, but the true hackers are the ones who help catch them.

Is information security only about computers ?

Protecting your digital data is important. But paper and the human voice remain important elements of the security mix. Keep confidential printed information in locked file cabinets and shred it when it’s no longer required. If you’re talking about confidential information on the phone, take appropriate steps to ensure you’re not overheard. Remember the old saying “loose lips sink ships”.

Is it possible to be 100% secure ?

The short answer is no. Security is a process not a destination. The threat landscape continuously evolves so controls and mitigation methods must evolve with it. There is also the question of balance. Organisations need to find an acceptable balance between security and availability. A system that is completely locked down may be safe but may impede the business if people can’t access the required information.

Do I have a Virus ?

Another question to ask is “If I have a virus, where did it come from?” If your antivirus software is active and up-to-date, you haven’t opened any unknown email attachments, visited an untrustworthy website, don’t have any open shares on your system or haven’t accessed files from another user’s computer, you probably aren’t infected. The best way to be sure is to make sure your antivirus software is running and current and run a full scan of your system, all drives, all files.

We don’t have a security system in place – what is the first thing I should do ?

Information Security systems vary greatly depending on the size and type of organisation you are. At a fundamental level your first step should be to identify and protect your most valuable information assets. Securing this information may not be the easiest job in creating a security system but it is the most important.

What is a good password ?

Most simply put, a good password is easy for the user to remember but extremely difficult for an intruder to guess. As a general rule, the longer the password, the better and passwords that are both long  and more complex are the safest option. Making a password complex involves combining both upper and lowercase letters, numbers and special characters in such a way that the user can easily remember it. Pick passwords that are obscure (your mother-in-law’s maiden name and birthday) or acronyms (Wdwgfh? = Where do we go from here?) or parts of words (GeoCatJoh3! = the first three letters of George, Cathy and John, along with something extra at the end), but never anything from the dictionary (local or foreign) or popular culture. Currently, the university requires all passwords to be at least eight characters in length and they must include at least three of the following: upper case letters, lower case letters, special characters and numbers.

What is encryption ?

For digital data, encryption is a technique whereby data is encoded when it is stored so that it cannot be read without use of a password (also known as the encryption key). This helps to protect the data from unauthorized malicious or accidental access. The encoding technique and complexity of password help determine how easy it might be for another person to decode the data, therefore it is advisable to use tools that meet international standards, such as FIPS 140-2, along with complex passwords.

What happens if I don’t comply to the PCI DSS ?

There are big risks for non-compliance. The financial consequences of non-compliance are kept confidential between merchants and their acquiring banks. Sanctions placed on non-compliant organisations may include higher transaction fees, on-off fines, monthly fines or even termination of the ability to process payment cards. In the event of a breach organisations also face the potential loss of reputation, loss of customers and litigation.

What is Phishing ?

Phishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.