Online Theft Breaches: Causes, Consequences, And Preventive Measures Essay.

Critical review of applicable research methodologies, which discusses available methodologies with regards to the research question, issues of data collection and analysis. Choice of methodology should be clearly justified

Types of online theft breaches

The research is about the online theft breaches that the recent business industry is facing globally. All the business owners were oblique to verify the identity of all the employees who work in the United Kingdom to protect their confidential information. The background of the research methodology provides all possible result of identity theft and data breaches. The Immigration Reform and Control Act of 1986 forbid employers from getting hire through illegal hiring process by verifying the individual identity. It helps government to identify the risk and develop an internal control to reduce the risk. The research study is about the cause, preventive measures, and the consequences of the identity theft and data security breaches. When an individual have no legal opportunities to get an income in such case unemployment affects the individual and led to commit such crime. In one of the study in the Los Angelas area, even with high immigration the crime rates were low in this area. One of the estimation indicated that the cost of identity theft have exceeded to £56 billion in a year. The main problem was in the businesses that have a high risk of identity theft and data breaches. It is necessary for the business manager and the owners to control the risk of online theft and their breaches.

What are the types of online theft breaches?

What are the main cause of online theft and related consequences?

What are the preventive measures to detect online theft breach?

What are the effects of online theft breach in real scenario?

1. a) Data Security Breach- Data breach is considered as the most widespread theft that is done online. Data security breach is an incident on security through which confidential, sensitive and protected data are copied, viewed, stolen, used or transmitted by an unauthorized user. Data breach occurs in all types of businesses which deals with digital data, workforce mobility, and cloud computing (Panth, Mehta and Shelgaonkar, 2014). In most of the small and medium sized company, sensitive data are mainly stored on local machines and for large companies, data are stored in cloud. With such an advantage of the technologies, data breach of a company has become very simple. The networks of the businesses are less restricted. When the individuals or users started to store the data for their use, then the security of data breach occurred (Koyame-Marsh and Marsh, 2014). Data breach refers to viewing the files of other without having authorization to access the files.

Occurrence of Data Breach- The customers are mostly impacted by the data breaches that occurs companies or in personal systems. There are chronology of security breach and data breach that are reported in the year of 2005 (Udoh and Adebayo, 2014). As the volumes of data are increasing day by day, there becomes a higher chance of having a data breach in the system. It is estimated by 2020, almost over one-third of the data will be stored on cloud (Carruth, 2014). The production of data is considered to have increased to about 44 times than the previous years. 80 percent of the data that are created are mostly created by organizations and enterprises (Parahina et al. 2014). There are many experts who have studied that the studied that the security of the data breach is increasing day by day.

Main causes of online theft and related consequences

Causes of Data Breach- With the development of technology, to access the information in a digital way have become much easier and simple for the attackers to attack the system. There is an increase of data breach day by day reporting all over world. There are many causes of data breach that occurs on the user machine or in an organization. With the increase in cost of the data breach, the companies and organization are to be more careful and they need to educate all their staffs and employees about the occurrence of data security breach and also have a backup plan for all the data that are used in the company (Arlitsch and Edelman, 2014). There are many causes of data breaches that occur in a company.

Weak and Stolen Passwords- The data security breach can occur if the password that is used in the system is weak or the password might be stolen. Most of the websites have a gauge of password strength which helps to determine if the password is strong or not. The password of the website or the system should be kept strong so that the hacker does not get the access of the password. The data breach which has authentication problem mainly occurs when an attacker guesses the password or uses some particular tool so that they can get the access of the password (Florêncio, Herley and Van Oorschot, 2014). Most of the cyber-attacks which suffer from data security breach are due to authentication problem. This means most of the attacks that are authentication based cannot be stopped from attacking because even though the password is strongly protected, then also there is a risk of occurring a data breach (Bonneau et al. 2015). The websites that has many authentication securities like providing a security question is less prone to data breach. Those organizations or websites may have less chance of getting hacked. The fastest way to mitigate the data breach suggests creating a strong password which includes uppercase, lower case, special characters, and symbols (Ur et al. 2015). There should be different password for all the websites of the same user’s accounts. If the user wants to store all the passwords in a document, then the user should not save the document in their system.

Malware- There is another cause of data breach that can occur in the organizations which may have the risk to have data breach. Malicious software is known as malware which is type of intrusive software that the hackers can use so that they can get the access of the personal information of the user, also can get the information of business and financial sectors. There are many types of malwares which includes Trojan, worms, and spyware. There are many types of viruses which are accidentally installed by the user himself without the knowledge of the user (Vaciago and Ramalho, 2016). User can install viruses from many websites links such as emails, download links, or some bad links that come which going through the internet.

Preventive measures to detect online theft breach

Email- Email is most probably the common way by the attackers sends viruses to the user. And the user unknowingly installs the application or clicks on the links that are send through email. An email which has links or attachments most probably has some virus attached with them that might infect the computer system immediately (Wang et al. 2014). An intruder can acts as a known contact to the user and can send emails and links through email. User should always be aware of the fact that they should not click on any of the links that are provided in an email.

Download Links- Many software links and files might have malicious viruses attached with them. The file or the software might seem to be safe and also can be legitimate. It is suggested to the user to do proper scanning to all the files and software that are hidden by the use of antivirus installed in the system of the user (Tahboub and Saleh, 2014). The choice of the antivirus is also to be done properly because if the antivirus is not good, it will not be able to detect the virus in the software.

Bad links- While working on a computer system, there are some notification or some pop ups coming continuously on the screen. If the user clicks on such links or ads, there might be a risk of inviting a malicious virus in the system (Wibowo and Wang, 2015). Many message shows that the system has to be updated or might give suggestion to install the latest application, are not be clicked by the user. These links are considered as a bad link which appears on the websites in the form of advertisements that the user have visited previously (Pujol, Hohlfeld and Feldmann, 2015).

Preventive measures to mitigate Data Breach- There are many reasons for the occurrence of data breach in a company. The hackers gain access to the data in the user system and the user losses the data that has the unencrypted information (Hutchings and Holt, 2014). There is always a need to accept some preventive measures to save the systems from being hacked. Some of the preventive measures to prevent the breaches of data security are described in this section.

Protect the information- All the sensitive data are to be protected when they are stored in the system. The personal identification information should not be share with anyone inadvertently (Van Kleek and OHara, 2014).

Effects of online theft breach in real scenario

There should be less transferring of data in an organization. The process of shifting data from a device to another external device should be banned by all the organizations. The removable media will usually put the data in risk.

There should be some restriction for the download process in all the organizations and personally also. Any of the media which serves as allegiance to hackers should also be restricted for the user (Kizza and Yang, 2014). The download link should be restricted by the user which mainly reduces the risks of data transferring to external source.

All the file should be shred in the organization and the folder also should be shred by the organization before the disposition of storage equipment (Fernandes et al. 2014). After formatting also, there are applications which can be retrieved.

The organization should have a restriction on devices that are mainly encrypted. There should be a strict ban on the unencrypted device. Unencrypted device includes devices such as laptops and other portable devices which are prone to the attack that are made by the attackers (Genkin et al. 2016).

There should always be a secure transfer in the organization system. For the transferring bulk amount of data, the organization may use packaging that are tamper proof and also services of courier that are secured.

The organization should always us a good and strong password for all the websites that are accessible in the organization. The password that is use to prevent access should always have an unpredictable and a hard version of pass word to crack. It is also recommended to change the password from time to time.

The systems that are automated should be kept on checking regularly and the setting of the password should be checked. The firewall and the server of the system should also be checked and updated regularly so that the sensitive information can be protected in the organization (Alcaraz and Zeadally, 2015).

The team of security has to identify all the activity of suspicious network and the team of an organization should always be prepared if an attack occurs in the organization from the system.

The organizations should always monitor their data leakage in their network. There should be a security control on all the network of the organization. There should be a regular checking on the contents of internet so that they can locate any of the private data that are on the network is available publicly to the monitor of the attacker.

Occurrence of Data Breach

There should always be a tracking of data in an organization. There should be prevention to the organizational network that will prevent the use of any unintentional sensitive information.

The accessibility of the data should be given to some particular people only who are associated with the organization. The sensitive data are to be shared only with the people who are working for the organization. This may lessen the risk of fake users.

The organizations should give proper security training and provide privacy to all the employees and the clients that are associated with the organization. The training should be given so that the employees get to know about the data breach in the company and get aware of the data breach that can come to the organization (Koyame-Marsh and Marsh, 2014).

The warehouse of the company should be shut down so that they can prevent the incursions that are done by the hacker. The targeted attacks can be prevented by managing the security solutions, production, and security solutions in the organization (Arlitsch and Edelman, 2014).

All organizations should have a breach response plan that will help the organization to trigger a quick response when there is a need of response at the time of data breach. This can reduce the amount of risk that can happen at the time of data breach. An organization should have series of plan that are to be involved to fight with the data breach that comes in an organization.

Real life example of data breach- There are many real life examples of data breach that had occurred in the history of cyber security. The largest data breach that took place was the Experian, which is one of the main agencies of credit reporting (Ball et al. 2014). Experian attacked a company known as Court Ventures that aggregates and gathers the information from the public records in the year 2012. When the attack was held, the company of Court Ventures was in contract with a U.S. company known as U.S. Info Search so that they can get the access of data of the Info Search (Graef, Wahyuningtyas and Valcke, 2015). This lead to access the information of the individuals, their addresses, by which they can determine the court record so that they can review.

The information was then sold to many third parties by Court Ventures which includes a Vietnamese Fraudster Service. They provided theirs customers with opportunity so that they can look into their personal information in America which included the financial information and also the SSN (Social Security Numbers). After the acquisition of the Court Ventures, the Secret Service notified that the Court Ventures was reselling the data from the database of the U.S. Info Search that was an illegal activity. Over 50 million records were compromised by Experian in the year 2013 (Cohen, J.E., 2017).

Weak and Stolen Passwords

b) Identity theft- Identity theft is a crime in which an unauthorized user obtains all the personal information through fraud and deception to impersonate the other person.

Causes - In United Kingdom, Identity theft increasingly discovered fraudsters to steal the victims personal information and used them for an unauthorized personal gain. The criminal uses some harmless information like date of birth as an identity theft as in UK, many companies ask date of birth as verification process. Once the criminal able to hold the victims personal information they are able to do financial fraud such as bank fraud, telecommunication fraud credit card fraud, tax rebate fraud and benefit fraud. Identity fraud also includes crimes like trafficking drugs, committing cybercrime, entering country illegally and many more.

Consequences to victims identity theft- The criminal when uses the personal identity of the victims to commit any crime put the victim into police suspicion and in that case, the victim finds it difficult to prove them innocence and without any reason becomes a part of criminal investigation. Those victims who faced the financial fraud usually have issue with monetary transaction, which has end up saddled with debts. It became hard for the victim to prove that they are not responsible for the debts and even if they are absolving of the debt, it will be difficult to remove incorrect information from their credit score. It is very important to identify the identity theft as early as possible as the victims might be rejected from various credit opportunities. It would then become difficult for them to purchase a loan or renew credit card or to get a mortgage or even getting a new phone, as their credit rating would be marked black which are noticed by most of the credit agencies.

Effects of identity theft in Real life- Ethical issues of identity theft have its effect on every society. Federal laws have considered the identity theft as a committed crime. The identity theft is happening online because no physical interaction is pursued to make this happen. The offenders do not require any physical contact rather can attack virtually or with some special device. It is an ethical issue which manipulates the victims mind in some or the other way to get all personal information. On 8 September 2017, in a massive cyber-attack on Equifax, which is a US credit rating firm, has 44 million consumers personal data stolen by the hackers. The stolen information contains the names, numbers, social security, addresses date of birth and driving license details. The Equifax had no idea on the

Malware

Check of statement- It is better to check regularly the statement as whether any payment have made or not or whether the correct amount has debited or not.

Be secure- Most of the online payment links are not secure , so to make a secure payment the link to check whether the payment is secure through web address ‘https://’ where s indicates the link is secure.

To avoid all cold calls- It is better to avoid cold call regarding money or personal details over phone.

Keeping details close- For the ATM’s pin, the safest place is the mind instead of writing down in phone.

Report on fraud actions- If an individual is being a victim of fraud then they can report to the UK’s national fraud reporting center by visiting Action Fraud or through call.

Destroy personal document- it is necessary to ensure that personal information are shred before binning them.

The UK law covers three distinct acts of identity theft.

• The Fraud Act 2006 has two types of legislation related to the identity theft. The first is making false representation for self-gain or to cause loss to another. These section offences include false information, benefit fraud, mortgage fraud, road accident fraud, and other identity theft related crimes (Agwu, M.E., 2014). The second is the possession articles use in frauds. These sections include cloned credit cards.
• Identity Documents Act 2010 was formerly supplanted through Identity Cards Act 2006 has offence for obtaining false ID cards. In this act, the individuals are likely to use spurious forms of identity fake document (Bouklis and Chatzopoulos, 2015).
• Forgery and Counterfeiting Act 1981 has two offences for identity theft legislation. The first is the use of false instrument with respect to drugs scheduled. The act has related to documentation of forged identity for NHS and Pharmacies. The second is the copy of the false instrument that is a less prosecuted offence (Aliverti 2017).
• Identity Theft and Assumption Deterrence Act of 1998: according to Federal law anybody who commit identity theft need 2 years of infraction. Also the law has a 5 years charge for terrorism (Koyame-Marsh and Marsh, 2014).

The methodology deals with the type of techniques one may use to conduct the research. The research allows understanding of various qualitative and quantitative data with regard to the identity theft and data breach.

• Exploratory
• Descriptive

In the exploratory research investigation, there is no clear idea of the research topic. In that case, a scientific point of view has taken into consideration to get the idea of the research.

In the descriptive research investigation, the researcher will conduct and develop relevant theory and concept.

Justification of the type of Investigation chosen

The relevant theories related to the online theft breaches will be developed and the research will be conducted considering the descriptive research.

The research process is conducted with the help of two types of data:

• Primary data
• Secondary data

In this research, the primary data has conducted from the survey, interview and experiments for the research and in the secondary data; it will identify the identity theft and the data security breach collected from the books, journals or an article that contains researched information. The FTC’s Consumer Sentinel Network collects data security breach and identity theft data from the consumers complain that has filed with the FTC (Solove and Hartzog, 2014).

For this research, the researcher collected primary data from the employees and unemployed person from the business industry.

During the entire research process, researcher has to consider the ethical and social issue. The researcher has to maintain privacy of the data not to publish. As a researcher if anything done will be considered illegal. Hence, it is the responsibility of the researcher to maintain the privacy of the respondent before conducting the online survey.

Email

Data analysis will be done in two ways:

• Quantitative data analysis
• Qualitative data analysis

The researchers rely on the qualitative and quantitative data analysis as the research topic and the surveys conducted has analyzed in qualitative manner and books, article and journals has analyzed in quantitative manner.

While conducting the research, limitations were faced with the safety issue of the personal information and preventive measure as there was no complete or exact solution to avoid becoming a victim nor to prevent by taking measures.

WBS	Task Name	Duration	Start	Finish
1	Research Activities	15 days	Mon 2/5/18	Fri 2/23/18
2	Selection of research topic	7 days	Mon 2/26/18	Tue 3/6/18
3	Literature review	12 days	Wed 3/7/18	Thu 3/22/18
4	Data Collection	20 days	Fri 3/23/18	Thu 4/19/18
5	Data Analysis	30 days	Fri 4/20/18	Thu 5/31/18
6	Submitting the final report	5 days	Fri 6/1/18	Thu 6/7/18

Identity theft has its impact on individuals, business, society and government to store information and conduct a transaction. Due to the risk associated with the identity theft, the necessity to prevent the risk for the government entities, individuals and businesses has increased. The research has identified two of the risk factors, identity theft and data security breach. Although it is not possible to completely remove the online theft breach but it is possible to be aware of the risk factors through some preventive measures. In this way, it can help the business managers and owners to control and reduce the risk of online theft breach.

References

Agwu, M.E., 2014. Reputational risk impact of internal frauds on bank customers in Nigeria. International Journal of Development and Management Review, 9(1), pp.175-192.

Alcaraz, C. and Zeadally, S., 2015. Critical infrastructure protection: requirements and challenges for the 21st century. International journal of critical infrastructure protection, 8, pp.53-66.

Aliverti, A., 2017. The wrongs of unlawful immigration. Criminal Law and Philosophy, 11(2), pp.375-391.

Arlitsch, K. and Edelman, A., 2014. Staying safe: Cyber security for people and organizations. Journal of Library Administration, 54(1), pp.46-56.

Ball, K., Spiller, K., Dahm, S., Friedewald, M., Galetta, A., Goos, K., Jones, R., Lastic, E., Norris, C., Raab, C.D. and Bergersen, S., 2014, June. IRISS (Increasing Resilience in Surveillance Societies) FP7 European Research Project, Deliverable 3.2: Surveillance Impact Report. IRISS.

Bonneau, J., Herley, C., Van Oorschot, P.C. and Stajano, F., 2015. Passwords and the evolution of imperfect authentication. Communications of the ACM, 58(7), pp.78-87.

Bouklis, P.S. and Chatzopoulos, G., 2015. Imaginary counter-trafficking penalties: A comparative analysis of Greece and the United Kingdom. Journal of Trafficking, Organized Crime and Security, 1(2), pp.pp-76.

Carruth, A., 2014. The digital cloud and the micropolitics of energy. Public Culture, 26(2 73), pp.339-364.

Chaudhry, J.A., Chaudhry, S.A. and Rittenhouse, R.G., 2016. Phishing attacks and defenses. International Journal of Security and Its Applications, 10(1), pp.247-256.

Cohen, J.E., 2017. Law for the platform economy. UCDL Rev., 51, p.133.

Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M. and Inácio, P.R., 2014. Security issues in cloud environments: a survey. International Journal of Information Security, 13(2), pp.113-170.

Download Links

Florêncio, D., Herley, C. and Van Oorschot, P.C., 2014, August. Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. In USENIX Security Symposium (pp. 575-590).

Genkin, D., Pachmanov, L., Pipman, I., Shamir, A. and Tromer, E., 2016. Physical key extraction attacks on PCs. Communications of the ACM, 59(6), pp.70-79.

Graef, I., Wahyuningtyas, S.Y. and Valcke, P., 2015. Assessing data access issues in online platforms. Telecommunications Policy, 39(5), pp.375-387.

Hutchings, A. and Holt, T.J., 2014. A crime script analysis of the online stolen data market. British Journal of Criminology, 55(3), pp.596-614.

Kizza, J.M. and Yang, L., 2014. Social History of Computing and Online Social Communities. In Encyclopedia of Social Network Analysis and Mining (pp. 1790-1800). Springer New York.

Koyame-Marsh, R.O. and Marsh, J.L., 2014. Data Breaches and Identity Theft: Costs and Responses. IOSR Journal of Economics and Finance, 5(6), pp.36-45.

Koyame-Marsh, R.O. and Marsh, J.L., 2014. Data Breaches and Identity Theft: Costs and Responses. IOSR Journal of Economics and Finance, 5(6), pp.36-45.

Panth, D., Mehta, D. and Shelgaonkar, R., 2014. A survey on security mechanisms of leading cloud service providers. International Journal of Computer Applications, 98(1).

Parahina, V., Boris, O., Bezrukova, T., Bezrukov, B. and Kirillova, C., 2014. Assessment of social and innovational orientation of enterprises and companies. Review of Applied Socio-Economic Research, 8(2), p.132.

Pujol, E., Hohlfeld, O. and Feldmann, A., 2015, October. Annoyed users: Ads and ad-block usage in the wild. In Proceedings of the 2015 ACM Conference on Internet Measurement Conference (pp. 93-106). ACM.

Solove, D.J. and Hartzog, W., 2014. The FTC and the new common law of privacy. Colum. L. Rev., 114, p.583.

Tahboub, R. and Saleh, Y., 2014, January. Data leakage/loss prevention systems (DLP). In Computer Applications and Information Systems (WCCAIS), 2014 World Congress on (pp. 1-6). IEEE.

Udoh, I. and Adebayo, A., 2014. Breach Data Feedback towards Apt Security Measures. In Information and Knowledge Management (Vol. 3, No. 4, pp. 83-91).

Ur, B., Segreti, S.M., Bauer, L., Christin, N., Cranor, L.F., Komanduri, S., Kurilova, D., Mazurek, M.L., Melicher, W. and Shay, R., 2015, August. Measuring Real-World Accuracies and Biases in Modeling Password Guessability. In USENIX Security Symposium (pp. 463-481).

Vaciago, G. and Ramalho, D.S., 2016. Online searches and online surveillance: the use of trojans and other types of malware as means of obtaining evidence in criminal proceedings. Digital Evidence & Elec. Signature L. Rev., 13, p.88.

Van Kleek, M. and OHara, K., 2014. The future of social is personal: The potential of the personal data store. In Social Collective Intelligence (pp. 125-158). Springer International Publishing.

Wang, Y., Wen, S., Xiang, Y. and Zhou, W., 2014. Modeling the propagation of worms in networks: A survey. IEEE Communications Surveys & Tutorials, 16(2), pp.942-960.

Wibowo, K. and Wang, J., 2015. MOBILE SECURITY: BEST SECURITY PRACTICES FOR MALWARE THREATS. Northeastern Association of Business, Economics and Technology, p.304.