Cybercrime has been requested by you as our topic – hence the change in the original schedule! That is also why your readings are linked in this post (and not available as Google Docs).
Cybercrime and hacking has been in the news a lot lately…
But it takes many forms. Let’s start with a definition:
What is Cybercrime?
A crime committed or facilitated via the Internet is a cybercrime. Cybercrime is any criminal activity involving computers and networks.
It can range from fraud to unsolicited emails (spam). It can include the distant theft of government or corporate secrets through criminal trespass into remote systems around the globe.
Cybercrime incorporates anything from downloading illegal music files to stealing millions of dollars from online bank accounts.
Cybercrime also includes non-money offenses, such as creating viruses on other computers or posting confidential business information on the Internet.
Many scholars have also mapped different types of Cybercrime:
Below are a couple of cases about how cybercrimes related to macro, meso, and micro-levels of media governance.
Macro: Quest for Privacy Has Created the Deep Web – and the Dark Web
Like any technology, from pencils to cellphones, anonymity can be used for both good and bad. Users who fear economic or political retribution for their actions turn to the dark Web for protection. But there are also those who take advantage of this online anonymity to use the dark Web for illegal activities such as controlled substance trading, illegal financial transactions, identity theft and so on.
We have studied surveillance and its various forms. One of the overall outcomes of the quest for privacy is the emergence of a part of the Internet structure that is NOT accessible and visible to all. It’s “deep” and sometimes even “dark”. Take a look at the short video and written explanation on this PC news website – what is the deep and what is the dark web?
I highly recommend the documentary Deep Web (get a Hulu account trial and you can watch it for free) to get an understand the role of the deep web and the challenges in catching and prosecuting cyber criminals.
How to deal with the problem in the societal, national level? The Centre for International Governance Innovation and the Royal Institute for International Affairs (2015) have written an extensive analysis on the impact of the deep web and consider it a major global security risk, one that should be discussed in conjunction with Internet Governance at large. You can find the report here.
There exists an international Convention on Cybercrime — but it addresses the crime, not the infrastructure for crime.
Meso: Cybersecurity is a Part of Corporate Reputation Governance
Financial Times this week:
It [cyber security] is not something you can delegate, it’s about the security and the reputation of the company,” says Javier Zamora, a senior lecturer in information systems at Iese. Even the most secure networks are vulnerable to cyber attacks, as data breaches at Yahoo and Sony showed. Attacks by hackers cost global businesses $280bn in 2016, according to consultancy Grant Thornton, which cites reputational damage as the major risk corporations face.
As Week 8 showed us, protecting data is an essential part of a company’s media governance plan:
And as last week pointed out, security is also big business.
Top Ten Cybersecurity Tips
- Protect against viruses, spyware, and other malicious code
Make sure each of your business’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
- Secure your networks
Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
- Establish security practices and policies to protect sensitive information
Establish policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies.
- Educate employees about cyberthreats and hold them accountable
Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites. Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Hold employees accountable to the business’s Internet security policies and procedures.
- Require employees to use strong passwords and to change them often
Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
- Employ best practices on payment cards
Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.
- Make backup copies of important business data and information
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
- Control physical access to computers and network components
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
- Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages
Micro: Theft and Bullying
[T]he Internet has made bullying both harder to escape and harder to identify. It has also, perhaps, made bullies out of some of us who would otherwise not be. We are immersed in an online world in which consequences often go unseen—and that has made it easier to deceive ourselves about what we are doing.
Identity theft is perhaps one of the most obvious cybercrimes that comes to mind when thinking about cybercrimes at the individual level. Blatant hate speech is another (btw: Germany just made it illegal online). But a truly devastating issue is cyberbullying that may take so many forms.
International agreements are very good at addressing crimes that relate to commercial activities; harassment of individuals is less covered:
You have surely heard of cyberbullying of teens that have had severe consequences.
Approximately 43% of the students report experiencing cyberbullying during their lifetime and 15% of students admitted to cyberbullying others during their lifetime
Or, that cyberbullying of (often female) journalists is an everyday occurrence.
The cyber world is not a safe haven. On the contrary, it is a dangerous and violent labyrinth for both men and women, and for female journalists in particular. The nature of their work, the vulnerability of their positions and fragile job security make them easy targets for those who do not comprehend that freedom and equality cannot survive if the half of the world population live and work in a fear and danger.
UPDATE: No assignment due to my mishap!
Please just answer this quick poll: