Safety & Security

Physical Safety

1. Electrocution: ICT devices require electrical power to charge or run; the electrical
device can cause electrocution, caused by the electric current moving through a body,
causing fatal injuries and/or death.

There are multiple causes for electrocution, including:

• Contact between liquid substances and electronic devices: Keep liquids

away from electrical equipment.

• Open cables: Ensure that cables are entirely insulated and packed, and use
circuit breakers or fuses to prevent electrical overload.

2. Fire: ICT devices require electricity to charge or run; too many devices using a single
socket can cause the plug socket to overload, and heat is generated by too much
electricity, causing the wiring to degrade and ignite a fire.

The causes and reduction tactics for fire include:

• Socket overload: Ensure enough plug sockets in the room, don’t plug too many
devices into the same socket, and don’t leave devices plugged in and
unattended.

• Overheated equipment: Ensure that equipment is properly ventilated and not

obstructed, keep flammable materials away from heat sources, regularly check
equipment for signs of wear or damage, use fire extinguishers in case of
emergencies, turn off or unplug devices when away from the location, do not
cover any air vents on devices.

3. Trailing cables: Devices can be plugged in using cables. Cables that are protruding
can cause an accident; you can trip over a cable left out in a location, and body damage
can occur during a fall, for example, breaking bones, ligament damage, bruising,
sprains, etc. depending on the area fell on

Trailing cables causes and prevention strategies:

• Unorganized/insecure cables: use cable ties to secure cables, keep cables

packed correctly in, let’s say, a table, therefore not coming in the way of walking
paths, use wireless devices where possible, and regularly inspect cables for
signs of wear or damage.
4. Heavy falling equipment: Devices have varying levels of weight, and if a device falls
on you, it could cause injury; any device should be placed in a secure location, like a PC
on a solid desk and not near the edge.

Causes and reduction tactics for falling equipment:

• Improperly secured equipment: Ensure that equipment is properly secured

and stable. Regularly check the stability of locations containing devices.

• Equipment on unstable surfaces: Keep equipment away from edges and other
potential hazards, and regularly inspect equipment and locations containing
devices for signs of wear or damage.

eSafety

Data Protection

The Data Protection Act (DPA) controls personal data collection, storage and
processing.

• In the UK, the European Union’s General Data Protection Regulation (GDPR)

• Protects personal data, whether stored on paper or a computer system

Principles of the Data Protection Act

• Data must be processed lawfully, fairly, and transparently, with clear consent
from the individual.

• Data should only be collected for specific, explicit, and legitimate purposes.

• Organizations should only collect and retain the minimum personal data
necessary for their stated purpose.

• Data should be accurate and up-to-date, and reasonable steps must be taken to
rectify or erase inaccurate information.

• Personal data should not be kept longer than necessary and should be securely
deleted when no longer needed.

• Organizations must protect personal data against unauthorized or unlawful

processing, accidental loss, destruction, or damage.

Why is data protection legislation required?

• Protecting Individual Rights: Data protection legislation safeguards individuals'

right to privacy and control over their personal information.

• Preventing Misuse of Personal Data: It helps prevent unauthorized access,

identity theft, fraud, and other forms of data misuse.
 • Promoting Trust: Data protection laws build trust between individuals and
organizations by ensuring their personal information is handled responsibly.

• Encouraging Responsible Data Handling: Legislation promotes responsible

data collection, storage, and processing practices among organizations.

• Enabling Data Subject Rights: Legislation grants individuals rights such as

access to their data, right to rectification, erasure, and objection to processing.

Personal Data

• Refers to information that can be used to identify an individual

• Examples

o Personal Name

o Address

o Date of birth

o A photograph in school uniform

o Medical history

• Threats that can be avoided by protecting personal data:

o Identity theft

o Privacy breaches

o Misuse of the information

o Data be sold to third-party companies

o Individuals could be held to ransom over personal data gathered

o could be used to commit a physical crime

• How to avoid inappropriate data disclosure:

o Personal data must be kept confidential and protected through privacy

settings on websites such as social media or strong passwords on
websites where personal data is held or used

o Access to personal data should be limited to authorized individuals

o Think before you post - consider what information could be gathered from
your image or content

o Check website details about the collection, storage, and use of personal
data
 o Only access websites where personal data is used or viewed when on a
secure, encrypted connection

eSafety

• E-safety is knowing about and using the internet safely and responsibly.

• It refers to when an individual is using the internet, email, social media, or online
gaming.

• E-safety refers to the individual knowing how to protect themselves from

potential dangers and threats.

The Need for eSafety

• Awareness that personal information should not be shared freely

• Awareness of how to act online and avoid falling victim creates a safe and
respectful environment.

• Identify and avoid online scams, phishing attempts, and fraudulent websites that
may try to trick them into sharing personal or financial information.

• Mindful of online behaviour and interactions, protecting your digital reputation,

which can have long-term consequences in your personal and professional life.

• Control privacy settings on social media platforms, limiting who can access/view
personal information and posts.

• Avoid encountering explicit or harmful content online, reducing the risk of

exposure to inappropriate material or online predators.

• Engage in online gaming responsibly, avoid sharing personal details, and behave
respectfully towards other players.

• Protecting devices from malware, viruses, and other online threats, preventing
data loss, privacy breaches, or device damage.

• Develop responsible online behaviours, promoting respectful conduct while

interacting with others online.

• Maintain a healthy balance between online and offline lives, reducing the risk of
addiction, mental health issues, or negative impacts on relationships and self-
esteem.

Safety Suggestions

• The internet:

o Use trusted websites recommended by teachers or reputable sources

 o Utilize search engines that only allow access to age-appropriate websites
and use filters to ensure inappropriate content is not seen

o Never reveal personal information

• Email:

o Be aware of the potential dangers of opening or replying to emails from

unknown people, including attachments; potential dangers include
phishing, spam

o Ensure you know who the email is for when considering sending personal
data or images via email, only with people you know and not with
identifiable content like school photos

• Social media:

o Know how to block and report people who send content or messages that
are unwanted

o Know where the privacy settings are to reduce the number of people who
can see your posts or images

o Be aware of the potential dangers of meeting online contacts face to face;

do not meet anyone you do not know; if you do, take an adult and meet
publicly.

o Do not distribute inappropriate images and inappropriate language

o Respect the confidentiality of personal data belonging to other people

o Only accept friend requests from people you know

o Parents should be aware of what you are doing online, discuss what you
are doing online

o Do not post images or details that can be used to locate you

• Online gaming:

o Do not use real names as usernames

o Never share personal or financial details with other players

o Know how to block and report players for inappropriate messages or

comments

• Sensitive Data is data that might result in loss of an advantage or level of

security if disclosed to others. I.e., ethnicity, religion, criminal record, etc. At the
 same time, personal data can be used to identify the user, i.e., passport number,
name, age, etc.

Security of Data

Threats

There are multiple methods by which data can be threatened, including:

• Hacking: Unauthorized access to computer systems or networks to gain control,

steal information, or cause damage, thus leading to identity theft, privacy
breaches, and misuse of data

• Phishing: Deceptive emails or messages that are received from trusted sources
to trick individuals into revealing personal data

• Pharming: Manipulation of DNS (Domain Name System) to redirect users to

fraudulent websites, often to steal personal data

• Smishing: Phishing attacks carried out through SMS or text messages

• Vishing: (aka voicemail phishing) Phishing attacks carried out through voice
messages to trick users into calling the telephone number contained in the
message

• Viruses and malware: Viruses are program codes that can replicate/copy
themselves to cause data loss or corruption. Malicious software designed to
disrupt, damage, or gain unauthorised access to computer systems or networks

• Card fraud: Unauthorized use of credit or debit card information for fraudulent
purposes caused by shoulder surfing, card cloning, or keylogging.

Protection of Data

Multiple techniques are implied for the protection of data, inclusive:

1. Biometrics:

• Individuals' distinctive physical or behavioural traits, such as fingerprints, faces,

or irises, can be used for access control and verification. Since biometric data is
hard to fake or duplicate, it offers a more secure form of identification.

2. Digital certificate:

• A digital record that attests to a website's reliability and integrity. A digital

certificate is used to provide safe communication and to build confidence
between parties. Identifier data, the entity's public key, and a third party's digital
signature are frequently found in digital certificates.

3. Secure Socket Layer (SSL):

 • A protocol that creates a secure connection between a client computer and a
server. SSL ensures that information communicated between a server and client
stays private and cannot be intercepted or changed by unauthorized parties. A
website's identification for it is the S at the end of HTTP.

4. Encryption:

• It is creating data in a format that cannot be read without a decryption key. Data
on hard drives, emails, cloud storage, and secure websites (HTTPS) are all
protected by encryption. Without a decryption key, it assures that even if
unauthorized people obtain data, it cannot be decoded.

5. Firewall:

• A firewall is a network security device that monitors and manages incoming and
outgoing network traffic. Its goal is to separate an internal network from other
networks by filtering data according to established criteria. It assists in
preventing malware, unauthorized access, and other network risks.

6. Two-factor authentication:

• A security mechanism that requests two different kinds of identification from

users to confirm their identity. To provide additional protection outside of just a
username and password, 2FA was created. Typically, it combines something that
uniquely identifies a user, like biometric data, with something the user has, like a
smartphone and a token or something they know, like a password.

7. User ID and password:

• A typical authentication technique uses a password plus a secret code (user ID)
to identify. To strengthen data security, user IDs and passwords restrict access to
only authorized users. Using secure passwords and changing them frequently is
critical to ensure security. When creating passwords, it is advised to utilize a mix
of uppercase, lowercase, digits, and special characters.