Protecting Data Online

Eric Marquette

Right, so let’s kick things off by talking about online data threats. Now, when most people hear ‘threats to data’, it’s easy to jump to thoughts of hackers in hoodies tapping away in dark rooms — but honestly, it’s not always that dramatic. Sometimes, the damage is downright accidental. I’ve actually seen both sides play out—malicious attacks and missteps. Malicious damage is what you’d expect: viruses, ransomware, hacking, the works. But accidental damage? That can be as simple as someone clicking the wrong button and poof! Files gone. I remember back when I was working in a busy newsroom, one of the new staffers was trying to clear up the desktop...and, er, managed to delete an entire week’s worth of audio files we’d not yet edited. Talk about panic. In that moment, we realised that cyber threats aren’t always some master criminal; sometimes it’s, well, just us humans making mistakes. You might’ve heard of the 2017 Equifax breach. That’s when personal data for millions was exposed because of a vulnerability that hadn’t been patched. Real-world data breaches like that, they’re good reminders that whether it’s a nasty bug or someone just forgetting to double-check, threats are everywhere if you’re not careful.

Eric Marquette

So, if you’re sitting an ICT exam, you might get a question like: “Explain the difference between malicious and accidental threats to data, giving an example of each.” Your answer could go: “Malicious threats are intentional attacks on data, such as hacking or viruses designed to damage or steal information—for example, a ransomware attack that encrypts files until a payment is made. Accidental threats occur due to human error, like mistakenly deleting important files or sending sensitive information to the wrong recipient.” Simple as that.

Eric Marquette

Now, let’s talk about what we can do to keep our data safe from these threats. It’s not just about one magic solution. It’s a mix, really. First off, there’s the classics: encryption, firewalls, anti-virus tools, good passwords, and strict access controls. Encryption’s like putting your data in a locked box — only people with the right key can open it. Firewalls act like bouncers, stopping unwanted traffic from getting into the network. Anti-virus? That’s your guard dog, sniffing out dodgy files. But, honestly, even with all that, things can go wrong. That’s why backups are crucial. And here’s the debate: cloud or physical backup? Like Dropbox—there was that incident a few years back where accounts were compromised and files were exposed. If all your eggs are in the cloud basket, you’re at the mercy of someone else keeping things secure. But with physical backups, you’ve got control – just, you know, don’t spill coffee on your external hard drive.

Eric Marquette

Let’s say someone falls victim to a ransomware attack—files get encrypted, and a demand pops up: pay or lose everything. Disaster recovery plans come into play here. Ideally, you restore from your backups, and you don’t pay a penny to criminals. Test your backup and recovery process before you have to rely on them—that’s key. For your exam, you might face a question like: “Describe methods used to protect data and explain the importance of regular backups.” For your answer, you could say: “Data can be protected using encryption, firewalls, anti-virus software, strong passwords, and access controls. Regular backups are important because they provide a way to recover data after loss or attack, ensuring business continuity and minimising downtime.”

Eric Marquette

Let’s flow into something that touches almost everyone: social media and e-reputation. Using instant messaging and networking apps is pretty much unavoidable these days, but they’re not risk-free. Identity theft, privacy invasion, and viruses can all spread via social networks. Remember those news stories about Facebook leaking user data, or big lists containing passwords and personal info popping up online? Those are real consequences. But beyond the obvious techy stuff, there’s the matter of your reputation. What you share online stays online, and that can affect your future — jobs, college, even relationships. I mean, I always tell young creators to Google themselves now and then, just to see what turns up. It’s worth managing your personal brand.

Eric Marquette

Legally, in the UK we’ve got the GDPR and Data Protection Act. Basically, these set clear rules for how organisations can use our personal data, with strict penalties if they misuse it. It’s all about putting the control back in the individual’s hands and making sure everyone’s playing fair. So if you get an exam question like: “Outline the main risks associated with social networking and explain how data protection laws help reduce these risks,” your answer might be: “Social networking risks include privacy invasion, identity theft, and the spread of malware. Data protection laws like the UK GDPR require organisations to obtain consent, use data responsibly, and secure personal information, helping to protect user privacy and limit misuse of data.”

Eric Marquette

Alright, now let’s look at what individuals and organisations should do to keep data safe every day. First off, whatever software you’re using, always keep it updated. Seriously, those update reminders can be a pain, but most of the time, they plug up holes hackers could sneak through. Next up: people are the weakest link—always. That’s why it’s so important to teach users about phishing—those dodgy emails that try to trick you into giving away info—and broader social engineering stuff. If someone’s offering free “gift cards” or a fake warning about bank problems…99% of the time, it’s a scam.

Eric Marquette

I always say, don’t just stick to a single password. Use multi-factor authentication – that’s when you need more than just a password to get in. And limit who can access what. Not everyone needs access to everything; it’s about minimising exposure. For your ICT exam, you may get: “Explain two best practices for safeguarding data” or “How does multi-factor authentication enhance security?” For the first one, try: “Regularly updating software and educating users about phishing are key ways to safeguard data.” For the second: “Multi-factor authentication enhances security by requiring two or more verification methods, making unauthorised access much harder.”

Eric Marquette

Last one for today—how do we make data security something everyone cares about, not just IT folks? Ongoing training is a big part of it. Threats change, so knowledge has to as well. Having clear rules—data handling policies—and proper audits makes sure everyone’s on the same page and mistakes or holes get spotted before they become a problem.

Eric Marquette

Plus, you wanna give people a reason to be proactive, not just reactive. That’s why we see companies running mock security drills. Like, “Hey team, let’s see how we’d respond if this happened.” Incident response teams aren’t just for show—they can make all the difference if a breach pops up at 2am on a Saturday. And for your exam, here’s what you might face: “Discuss the importance of user training and incident response teams in maintaining data security.” Your answer could be: “User training keeps staff aware of emerging threats and best practices, reducing the risk of mistakes. Incident response teams ensure a rapid, coordinated approach to data breaches, minimising impact and helping recover quickly.”

Eric Marquette

Alright, that’s it from me today! Remember, keeping data safe is an ongoing challenge, and there’s always something new out there to be aware of. We’ll dig even deeper into these topics in upcoming episodes, so stick around and keep your questions — and your data — safe.