{"id":663,"date":"2025-08-31T03:16:05","date_gmt":"2025-08-31T03:16:05","guid":{"rendered":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/chapter\/chapter-9-ethics-and-privacy-in-the-digital-age\/"},"modified":"2025-11-19T02:46:10","modified_gmt":"2025-11-19T02:46:10","slug":"chapter-9-ethics-and-privacy-in-the-digital-age","status":"publish","type":"chapter","link":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/chapter\/chapter-9-ethics-and-privacy-in-the-digital-age\/","title":{"raw":"Chapter 9: Ethics and Privacy in the Digital Age","rendered":"Chapter 9: Ethics and Privacy in the Digital Age"},"content":{"raw":"<div class=\"chapter-9:-ethics-and-privacy-in-the-digital-age\">\r\n<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<h2 class=\"textbox__title\">Learning Objectives<\/h2>\r\n<\/header>\r\n<div class=\"textbox__content\">\r\n<p class=\"import-Normal\">Welcome to Chapter 9! In this chapter, we will discuss how to use technology in a responsible and ethical way. After studying this chapter, you will be able to:<\/p>\r\n\r\n<ul>\r\n \t<li class=\"import-Normal\">Understand the importance of authorized use and access controls.<\/li>\r\n \t<li class=\"import-Normal\">Describe different methods of authentication, including biometrics and two-step verification.<\/li>\r\n \t<li class=\"import-Normal\">Define software theft and the safeguards used to prevent it.<\/li>\r\n \t<li class=\"import-Normal\">Explain how encryption and other technologies protect information.<\/li>\r\n \t<li class=\"import-Normal\">Recognise privacy, health, and environmental issues related to technology.<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<h2 style=\"text-align: justify;\">Introduction<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Imagine you are a new intern at a large company in Kuala Lumpur. On your first day, you are given a company laptop, a smartphone, and access to the company's internal network. You can access the company's client database, its financial reports, and its marketing plans. With a few clicks, you hold a huge amount of valuable and confidential information in your hands.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">This access comes with a great deal of responsibility. Should you use the high-speed office internet to download movies for yourself? Is it okay to use your work laptop to check your personal Facebook account? What would happen if you lost your company phone in a Grab car? What are the company's rules about sharing information, and what are your personal ethical obligations to protect that data?<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">As we use technology more and more in our daily lives and in business, it becomes very important to think about <em>how<\/em> we use it. Using technology is not just about being efficient; it is also about being responsible, professional, and ethical. This chapter talks about <strong>digital ethics<\/strong>, which means doing the right thing online and with digital tools. We will discuss the crucial methods businesses use to control who can access their valuable data. We will explore how to protect our personal information and respect the privacy of others, and we will look at the wider impact that our constant use of technology has on our health and the environment.<\/p>\r\n\r\n\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image12-1.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/> Figure 9.1: Keeping Our Information Safe Online. Protecting our personal information online. The digital symbols on the face represent our data, and the lock shows the importance of keeping that data private. (Image generated with AI assistance using Gemini Pro 2.5.)[\/caption]\r\n<h2 style=\"text-align: justify;\">Unauthorized Access and Use: Defining the Boundaries<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">At its core, the first rule of digital ethics in a business context is about permission. <strong>Unauthorized access<\/strong> is the use of a computer, server, or network without permission. <strong>Unauthorized use<\/strong> is the act of using a computer or network for activities that are not approved, even if you have permission to be on the system.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong>Scenario: A Day at the Office<\/strong><\/p>\r\n\r\n<ul style=\"text-align: justify;\">\r\n \t<li class=\"import-Normal\"><strong>Unauthorized Access:<\/strong> A person from another department who does not have permission to view payroll information tries to guess the password for the Human Resources server. This is unauthorized access.<\/li>\r\n \t<li class=\"import-Normal\"><strong>Unauthorized Use:<\/strong> An HR employee, who <em>does<\/em> have permission to access the payroll server, uses their computer during work hours to run a side business selling products on Shopee. This is unauthorized use.<\/li>\r\n<\/ul>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">To prevent confusion and set clear expectations for employees, many companies and organisations create an <strong>[pb_glossary id=\"675\"]Acceptable Use Policy (AUP)[\/pb_glossary]<\/strong>. An AUP is a formal document that outlines the specific rules and guidelines for using the company's computers, networks, internet connection, and other IT resources.<\/p>\r\n\r\n<ul style=\"text-align: justify;\">\r\n \t<li class=\"import-Normal\">An AUP is a critical document for any modern business. It typically answers questions like:<\/li>\r\n \t<li class=\"import-Normal\">Can employees use their work computers for personal emails?<\/li>\r\n \t<li class=\"import-Normal\">Are employees allowed to access social media sites like Instagram or TikTok on the company network?<\/li>\r\n \t<li class=\"import-Normal\">Is it okay to install personal software (like a video game) on a company laptop?<\/li>\r\n \t<li class=\"import-Normal\">What are the rules about sending confidential company information via email?<\/li>\r\n<\/ul>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">By signing an AUP, employees acknowledge that they understand the rules. If they break these rules, the AUP gives the company the right to take disciplinary action. This protects the company from both security risks and legal problems.<\/p>\r\n\r\n\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image7-4.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/> Figure 9.2: Unauthorized Access Attempt. An individual from another department attempting to guess the password to access the Human Resources server, highlighting a critical cybersecurity risk. (Image generated with AI assistance using Gemini Pro 2.5.)[\/caption]\r\n<h2 style=\"text-align: justify;\">Access Controls and Authentication: Who Are You?<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">To enforce the rules set out in an AUP, companies use <strong>access controls<\/strong>. These are technical security measures that define who can access a computer or network, when they can access it, and what specific actions they are allowed to take. For example, an access control policy might state that a marketing intern can only log in during business hours and can only view the marketing folders, but cannot delete any files.<\/p>\r\n\r\n<h3 style=\"text-align: justify;\">Identifying Yourself: The First Step<\/h3>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">The most basic access control is user identification. The system needs to know who you are.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong>User Names and Passwords:<\/strong> A <strong>user name<\/strong> (or User ID) is a unique name that identifies a specific user on a network, like siti.rahman. A <strong>password<\/strong> is a secret word, phrase, or combination of characters that, when combined with the user name, allows access. A common weakness is that people often choose simple, easy-to-guess passwords. To combat this, many systems now require more complex passwords or encourage the use of a <strong>passphrase<\/strong>, which is a longer password that is easier for a human to remember but much harder for a computer to guess (e.g., MyFirstCarWasABlueProton!).<\/p>\r\n\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>PIN (Personal Identification Number):<\/strong> A PIN is a numeric passcode. It is shorter and simpler than a password and is often used for systems that require quick access, such as unlocking your smartphone or using your Maybank ATM card.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>CAPTCHA:<\/strong> This stands for \"Completely Automated Public Turing test to tell Computers and Humans Apart.\" It is a simple challenge-response test designed to determine whether the user is a human or an automated computer program (a bot). You have likely encountered these when signing up for a new online account. You might be asked to type a series of distorted letters and numbers or to click on all the pictures that contain a traffic light. This is used to prevent bots from creating thousands of fake accounts or posting spam comments.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Audit Trail:<\/strong> For businesses, it's not enough to just control access; they also need to know what people are doing on the system. An <strong>audit trail<\/strong> is an electronic log file that records all the activity on a computer or network. It tracks who accessed the system, what files they opened, what changes they made, and when they did it. If a data breach occurs, the IT security team can use the audit trail to investigate what happened, much like a detective reviewing CCTV footage after a crime.<\/li>\r\n<\/ul>\r\n[caption id=\"\" align=\"aligncenter\" width=\"652\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image4-5.png\" alt=\"image\" width=\"652\" height=\"532\" \/> Figure 9.3: CAPTCHA Security Check. A common test used on websites to make sure the user is a real person and not a computer program (a bot). The person must type the hard-to-read text from the picture to proceed. Image Credit: \"CAPTCHA_test\" by Mover of molehills is licensed under CC BY-SA 4.0, via Wikimedia Commons.[\/caption]\r\n<h3 style=\"text-align: justify;\">Proving Your Identity: Authentication Methods<\/h3>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Knowing a username is not enough. The system needs to be sure that the person entering the username is the real owner of that account. <strong>[pb_glossary id=\"676\"]Authentication[\/pb_glossary]<\/strong> is the process of verifying a user's identity. There are three main categories of authentication methods, often described as: \"something you have,\" \"something you are,\" and \"something you know.\"<\/p>\r\n\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Possessed Objects (Something You Have):<\/strong> This is a physical item that an individual must carry and present to gain access to a secured area. A common local scenario can be observed at a secure office in a building like KL Sentral, where an employee is required to tap their employee badge or identity card on a reader. This form of security is widely implemented in modern office doors and even university hostels through the use of smart cards, which are plastic cards embedded with a microchip that contains the user's specific access permissions.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>[pb_glossary id=\"677\"]Biometric[\/pb_glossary] Devices (Something You Are):<\/strong> These devices authenticate a person's identity by translating a unique personal characteristic into a digital code. This is a very secure method because it is very difficult to fake a biological trait.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Fingerprint Readers:<\/strong> The most common biometric device, now built into most smartphones and many modern laptops.\r\n<ul>\r\n \t<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Face Recognition Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Used on many smartphones (like Apple's Face ID) and for automated gates at airports like KLIA.<\/span><\/li>\r\n \t<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Hand Geometry Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Measures the shape and size of a person's hand.<\/span><\/li>\r\n \t<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Voice Verification Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Analyzes a person's unique voice patterns.<\/span><\/li>\r\n \t<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Signature Verification Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Analyzes the shape, speed, and pressure of a person's signature.<\/span><\/li>\r\n \t<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Iris or Retinal Scanners:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> These are extremely secure systems that scan the unique patterns in a person's iris (the coloured part of the eye) or the pattern of blood vessels in their retina. These are often used for very high-security locations.<\/span><\/li>\r\n<\/ul>\r\n<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">[pb_glossary id=\"678\"]Two-Step Verification[\/pb_glossary] (Combining Methods):<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> This method, often called <\/span><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">two factor authentication<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> or <\/span><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">2FA<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">, provides significantly stronger security by requiring two distinct methods to verify an identity, typically combining \"something you know\" with \"something you have.\" A common global business scenario occurs when an employee of a multinational company attempts to log into their work email from a new device. They first provide their password, which qualifies as something they know. The system then sends a temporary, single use code to an authenticator app on their company issued smartphone, which represents something they have. The employee must enter this code to finalize the login. Consequently, even if a criminal steals the password, they cannot access the account without also physically possessing the employee\u2019s phone. This powerful security practice has become a standard for protecting important online services, including Google accounts and online banking platforms.<\/span><\/li>\r\n<\/ul>\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image8-4.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/> Figure 9.4: Biometric Screening at Airport Security. A traveler undergoes an iris scan at an airport security checkpoint. This form of biometric identification uses a high-resolution camera to capture the unique patterns of a person's iris, providing a quick and secure method for identity verification. The process is designed to enhance security and streamline passenger flow in modern airports. (Image generated with AI assistance using Gemini Pro 2.5.)[\/caption]\r\n\r\n[caption id=\"\" align=\"aligncenter\" width=\"634\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image3-3.png\" alt=\"image\" width=\"634\" height=\"514\" \/> Figure 9.5: Two-Factor Authentication (2FA). For extra security, after typing a password, Two-Factor Authentication requires a second step. The user must enter a special, one-time code (also called a 'token') from another device, like a phone, to complete the login. Image Credit: \"Logging_in_with_2FA_on_Wikipedia\" by Newslinger is licensed under CC0 1.0, via Wikimedia Commons.[\/caption]\r\n<h2 style=\"text-align: justify;\">Digital Forensics: The Detectives of the Digital World<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">What happens when an access control fails and a cybercrime is committed? That is where <strong>digital forensics<\/strong> comes in. Also called <strong>cyber forensics<\/strong>, this is the discovery, collection, and analysis of evidence found on computers and networks.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Digital forensics specialists function as high tech detectives, specializing in recovering deleted data, tracing the origins of network attacks, and analyzing digital artifacts to reconstruct the events of a security incident. Their expertise is critical in both law enforcement and corporate environments. For instance, the Polis Diraja Malaysia (PDRM) utilizes a dedicated digital forensics unit to investigate cybercrimes by examining evidence from seized devices like computers and phones for use in legal proceedings. Similarly, in the business world, a company that experiences a data breach will frequently enlist a digital forensics team to determine how the attackers infiltrated their systems, identify what information was compromised, and recommend strategies to prevent future occurrences.<\/p>\r\n\r\n\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image11-1.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/> Figure 9.6: Digital Forensics Analysis. A digital forensics investigator is shown analyzing complex data on an advanced, transparent interface. This process involves meticulously examining digital evidence from various sources to uncover the details of a cyber incident, identify perpetrators, and reconstruct the timeline of events for investigative and legal purposes. (Image generated with AI assistance using Gemini Pro 2.5.)[\/caption]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q1<\/span><\/h2>\r\n[h5p id=\"102\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q2<\/span><\/h2>\r\n[h5p id=\"103\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q3<\/span><\/h2>\r\n[h5p id=\"104\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q4<\/span><\/h2>\r\n[h5p id=\"105\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q5<\/span><\/h2>\r\n[h5p id=\"106\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q6<\/span><\/h2>\r\n[h5p id=\"107\"]\r\n<h2 style=\"text-align: justify;\">Software Theft and Its Safeguards<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong>Software theft<\/strong> occurs when someone steals software media, intentionally erases programs, or illegally copies a program. The most common form of software theft is <strong>[pb_glossary id=\"679\"]software piracy[\/pb_glossary]<\/strong>, which is the unauthorized and illegal duplication of copyrighted software.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">It might seem harmless to download a \"cracked\" version of an expensive program like Microsoft Office or Adobe Photoshop from an illegal website, but it is a crime. It is the digital equivalent of shoplifting. Another common tool used in software piracy is a <strong>keygen<\/strong> (key generator), which is a small program that generates fake registration numbers or activation codes to trick the software into thinking it was legally purchased.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">To protect themselves from software theft, software companies use several safeguards:<\/p>\r\n\r\n<ul style=\"text-align: justify;\">\r\n \t<li class=\"import-Normal\"><strong>Product Activation:<\/strong> This is a process that requires you to connect to the internet or enter a unique serial number (often called a product key) to verify that the software was legally purchased before it can be fully used. This helps to prevent a single copy of the software from being installed on hundreds of different computers.<\/li>\r\n \t<li class=\"import-Normal\"><strong>License Agreements:<\/strong> When you install a piece of software, you are asked to agree to a <strong>license agreement<\/strong>. This is a legal contract that specifies the rules for using the software.\r\n<ul>\r\n \t<li class=\"import-Normal\">A <strong>single-user license agreement<\/strong>, also known as an <strong>EULA (End-User License Agreement)<\/strong>, is the most common type. It typically allows the user to install the software on only one computer.<\/li>\r\n \t<li class=\"import-Normal\">A <strong>network license<\/strong> is for businesses and allows a specific number of computers on a company network to use the software at the same time.<\/li>\r\n \t<li class=\"import-Normal\">A <strong>site license<\/strong> is a more expensive option for large organizations, like a university. It provides a flat-fee permission for all users or all computers at a particular location to use the software.<\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n<h2 style=\"text-align: justify;\">Information Theft and Its Safeguards<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">While software theft is a problem for software companies, <strong>information theft<\/strong> is a risk for everyone. Information theft occurs when someone steals personal or confidential information. This is often the primary goal of a cyber attack. Businesses and individuals use many powerful safeguards to protect their information, with the most important being encryption.<\/p>\r\n\r\n<h3 style=\"text-align: justify;\">Encryption: The Art of Scrambling Data<\/h3>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong>[pb_glossary id=\"680\"]Encryption[\/pb_glossary]<\/strong> is the process of converting readable data into an unreadable, scrambled form to prevent anyone without the secret key from reading it. The readable data is called <strong>plaintext<\/strong>, and the unreadable, scrambled data is called <strong>ciphertext<\/strong>.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">To convert from plaintext to ciphertext, you use an <strong>encryption algorithm<\/strong> (or <strong>cypher<\/strong>) and an <strong>encryption key<\/strong>, which is a secret code or set of characters.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Imagine you have a secret message. You use a secret rule (the algorithm) and a secret keyword (the key) to change every letter in the message. The resulting scrambled message is the ciphertext. Only someone who knows both the rule and the keyword can unscramble it back into plaintext.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">There are two main types of encryption:<\/p>\r\n\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Private key encryption<\/strong>, also known as<strong> symmetric key encryption<\/strong>, is a method that uses a single, identical secret key to both encrypt and decrypt information, making it a very fast and efficient process. A practical scenario for its use would involve sending a confidential report to your manager. In this case, both parties would need to agree upon a secret password, which acts as the key, ahead of time. You would use this password to encrypt the file before emailing it, and your manager would then use the same password to decrypt it for reading. The primary challenge with this method is the initial secure distribution of the secret key itself, as any compromise during its exchange would undermine the entire encryption process.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Public key encryption<\/strong>, also known as<strong> asymmetric encryption<\/strong>, is a more complex system designed to solve the fundamental problem of securely sharing a key. It operates using a mathematically linked pair of keys: a <strong>public key<\/strong>, which can be freely distributed to anyone, and a <strong>private key<\/strong>, which must be kept secret by its owner. The core principle is that any data encrypted with the public key can only be decrypted by its corresponding private key. A practical scenario illustrates this effectively: to send a confidential report to your manager, you first request their public key. Using this key, you encrypt the sensitive file. Once encrypted, the report becomes scrambled and secure. The only way to decipher it is with your manager's unique private key, which they alone possess. This elegant solution for securing communication without a pre-shared secret is the foundational technology that protects modern internet activities, from emails to online banking.<\/li>\r\n<\/ul>\r\n[caption id=\"\" align=\"aligncenter\" width=\"796\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image1-4.png\" alt=\"image\" width=\"796\" height=\"755\" \/> Figure 9.7: The Digital Signature Process. This diagram shows how a digital signature is created and verified using public-key cryptography. Alice uses her private key to sign a message, which generates a unique signature. Bob then uses Alice's corresponding public key to verify that the message is authentic and has not been altered. Image Credit: \"Private_key_signing\" by FlippyFlink is licensed under CC BY-SA 4.0, via Wikimedia Commons.[\/caption]\r\n<h3 style=\"text-align: justify;\">Other Key Safeguards<\/h3>\r\n<ul>\r\n \t<li style=\"text-align: justify;\"><strong>[pb_glossary id=\"681\"]Virtual Private Network (VPN)[\/pb_glossary]:<\/strong> A VPN establishes a secure, encrypted connection over a public network such as the internet. For example, if you are working remotely from a public location like a ZUS Coffee in Labuan and using their unsecured Wi-Fi, your internet traffic could be vulnerable to eavesdropping by hackers. By connecting to your company\u2019s VPN, an encrypted tunnel is created from your device through the public network directly to your company\u2019s private network. This ensures that all transmitted data remains scrambled and unreadable to anyone who might intercept it, thereby safeguarding your online activities and sensitive information.<\/li>\r\n \t<li style=\"text-align: justify;\"><strong>Digital Signatures and Certificates:<\/strong>\r\n<ul>\r\n \t<li>A <strong>digital signature<\/strong> is an encrypted code that a person or company attaches to a file or email to verify their identity and to ensure the document has not been altered. It's like a tamper-proof digital seal.<\/li>\r\n \t<li>A <strong>digital certificate<\/strong> is an electronic notice that guarantees a user or, more commonly, a website is legitimate. It is issued by a trusted third party called a Certificate Authority (CA).<\/li>\r\n<\/ul>\r\n<\/li>\r\n \t<li style=\"text-align: justify;\"><strong>Secure Sites ([pb_glossary id=\"682\"]HTTPS[\/pb_glossary]):<\/strong> When you are browsing the web, especially on banking or e-commerce sites like Lazada or Shopee, always look at the web address in your browser. If it starts with <strong>https:\/\/<\/strong>, it means the website is secure. The 's' stands for \"secure\" and indicates that the site is using a digital certificate and encryption to protect the data you send to it, such as your password or credit card number. If a site that asks for personal information only uses http:\/\/ (without the 's'), you should not trust it.<\/li>\r\n<\/ul>\r\n[caption id=\"\" align=\"aligncenter\" width=\"1932\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image2-4.png\" alt=\"image\" width=\"1932\" height=\"698\" \/> Figure 9.8: How a VPN Secures an Internet Connection. This diagram illustrates the operation of a Virtual Private Network (VPN). The user's device connects to a VPN server through an encrypted tunnel, which protects their internet traffic from being monitored by the Internet Service Provider (ISP). The VPN server then communicates with the internet, masking the user's original IP address with its own, thereby enhancing online privacy and security. Image Credit: \"How_vpn_works\" by Shashikabir87 is licensed under CC BY-SA 4.0, via Wikimedia Commons.[\/caption]\r\n\r\n<\/div>\r\n<h2 style=\"text-align: justify;\">Wider Implications of Technology<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Using technology ethically and responsibly goes beyond just security. It also means we need to consider its effect on our personal privacy, our health, and the environment.<\/p>\r\n\r\n<h3 style=\"text-align: justify;\">Privacy Concerns in the Digital Age<\/h3>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">In the modern economy, data is incredibly valuable. Many companies collect vast amounts of information about our online behaviour.<\/p>\r\n\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Personal Data Protection:<\/strong> In Malaysia, the <strong>Personal Data Protection Act (PDPA) 2010<\/strong> is the main law that governs how businesses can collect, use, and store our personal data. Businesses must get our consent before collecting our information, and they are responsible for keeping it secure. Recent updates to this law, which came into effect in 2025, require businesses to notify users and the authorities much more quickly if a data breach occurs. This shows how seriously data privacy is now being taken.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Identity Theft:<\/strong> This is a serious crime where someone steals your personal information (like your MyKad number, address, or bank details) and uses it to impersonate you, often for financial gain. They might use your identity to apply for a loan, make online purchases, or commit other crimes in your name.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Online Social Networks:<\/strong> Be very careful about what you share on social media platforms like Facebook, Instagram, and TikTok. Information, photos, and opinions posted online can sometimes be seen by anyone, including future employers, and can stay on the internet forever, even if you delete the original post. It is important to regularly check your privacy settings to control who can see what you share.<\/li>\r\n<\/ul>\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image5-2.jpg\" alt=\"image\" width=\"2048\" height=\"923\" \/> Figure 9.9: The Lifecycle of Identity Theft. This infographic provides an overview of identity theft by illustrating three key stages: how personal information is stolen (digitally, physically, or socially), what types of information are targeted (account numbers, records, and identification), and how the stolen information is used to commit fraud (such as unauthorized use of existing accounts or opening new ones). Image Credit: \"Figure_1-_Examples_of_How_Personal_Information_Is_Obtained_and_Used_to_Commit_Identity_Theft_(34085055812)\" by U.S. Government Accountability Office is licensed under Public Domain, via Wikimedia Commons.[\/caption]\r\n<h3 style=\"text-align: justify;\">Health Concerns of Using Technology<\/h3>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Spending many hours a day using computers and smartphones can have a real impact on our physical health.<\/p>\r\n\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Repetitive Strain Injuries (RSI):<\/strong> These are injuries to the muscles, nerves, and tendons caused by performing the same action over and over again. For computer users, this often affects the hands and wrists.\r\n<ul>\r\n \t<li class=\"import-Normal\"><strong>Tendonitis<\/strong> is the inflammation of a tendon, which can be caused by too much typing.<\/li>\r\n \t<li class=\"import-Normal\"><strong>Carpal tunnel syndrome (CTS)<\/strong> is a painful condition caused by pressure on a nerve in your wrist, which can also result from prolonged and improper keyboard use.<\/li>\r\n<\/ul>\r\n<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Computer Vision Syndrome (CVS):<\/strong> This is a condition that includes a range of eye problems from spending too much time looking at a digital screen. Symptoms can include eye strain, headaches, dry eyes, and blurred vision. A simple tip to help prevent this is the <strong>20-20-20 rule<\/strong>: every 20 minutes, take a 20-second break to look at something 20 feet (about 6 meters) away.<\/li>\r\n \t<li class=\"import-Normal\"><strong>[pb_glossary id=\"683\"]Ergonomics[\/pb_glossary]: Designing for Health and Safety:<\/strong> <strong>Ergonomics<\/strong> is the science of designing equipment, furniture, and workspaces to be as comfortable, efficient, and safe as possible. An ergonomic workspace can help prevent many of these health issues. This includes:\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\">An adjustable chair that provides good back support.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\">A desk at the correct height.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\">Placing the monitor at eye level to avoid straining your neck.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\">Using an ergonomic keyboard and mouse that keep your wrists in a natural position.<\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image9-3.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/> Figure 9.10: Poor Office Ergonomics. This image illustrates poor posture at a workstation, a common ergonomic issue. The individual is hunched forward with a curved back and neck, which can lead to strain, discomfort, and long-term musculoskeletal problems. Proper ergonomics, including maintaining a neutral spine and ensuring screens are at eye level, is crucial for health and safety in an office environment. (Image generated with AI assistance using Gemini Pro 2.5.)[\/caption]\r\n\r\n&nbsp;\r\n\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image6-3.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/> Figure 9.11: Proper Office Ergonomics. This image demonstrates an ideal ergonomic setup in an office environment. The individual maintains a healthy posture with a straight back, supported by an adjustable chair. The desk is at the correct height, and the monitor is positioned at eye level to prevent neck strain. The use of an ergonomic keyboard and mouse helps to keep the wrists in a neutral and comfortable position, contributing to a safe and productive workspace. (Image generated with AI assistance using Gemini Pro 2.5.)[\/caption]\r\n<h3 style=\"text-align: justify;\">Environmental Issues<\/h3>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Our love for the latest technology also has a significant impact on the environment.<\/p>\r\n\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>[pb_glossary id=\"684\"]E-waste[\/pb_glossary]:<\/strong> Old, discarded electronic equipment like computers, smartphones, and printers is called <strong>e-waste<\/strong>. This is a growing global problem. E-waste often contains toxic materials like lead, mercury, and cadmium. If these devices are just thrown into a normal landfill, these toxic materials can leak into the soil and water, causing serious environmental damage and health risks.<\/li>\r\n \t<li class=\"import-Normal\"><strong>[pb_glossary id=\"685\"]Green Computing[\/pb_glossary]: Using Technology Sustainably:<\/strong> <strong>Green computing<\/strong> involves practices that reduce the environmental impact of computers and technology. This includes:\r\n<ul>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Recycling:<\/strong> Taking old devices to a proper e-waste recycling centre where they can be safely disassembled and the materials recovered.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Energy Efficiency:<\/strong> Choosing computer products that have an energy-saving certification and remembering to turn off devices when they are not in use.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Extending the Life of Computers:<\/strong> Upgrading components like RAM or the storage drive to make an older computer last longer, instead of buying a new one.<\/li>\r\n \t<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Proper Disposal:<\/strong> Ensuring that when a device reaches the end of its life, it is disposed of through a certified e-waste program and not just thrown in the rubbish bin.<\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n[caption id=\"\" align=\"aligncenter\" width=\"2048\"]<img src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image10.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/> Figure 9.12: Electronic Waste (E-Waste). This image shows a large accumulation of discarded electronic devices, commonly known as e-waste. It includes obsolete or broken computers, monitors, printers, and mobile phones. E-waste is a growing environmental concern due to the hazardous materials it contains and the challenges of proper disposal and recycling. (Image generated with AI assistance using Gemini Pro 2.5.)[\/caption]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q7<\/span><\/h2>\r\n[h5p id=\"108\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q8<\/span><\/h2>\r\n[h5p id=\"109\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q9<\/span><\/h2>\r\n[h5p id=\"110\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q10<\/span><\/h2>\r\n[h5p id=\"111\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q11<\/span><\/h2>\r\n[h5p id=\"112\"]\r\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q12<\/span><\/h2>\r\n[h5p id=\"113\"]\r\n<h2 style=\"text-align: justify;\">Chapter Summary<\/h2>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">In this chapter, we have explored the critical importance of digital ethics and responsibility in our personal and professional lives. We learned about the need for <strong>Acceptable Use Policies<\/strong> in businesses and the technical <strong>access controls<\/strong> used to enforce them. We saw how <strong>authentication<\/strong> methods, from simple passwords to advanced biometrics and <strong>two-step verification<\/strong>, are used to prove our identity and secure our accounts.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">We discussed the problems of <strong>software theft<\/strong> and <strong>information theft<\/strong>, and the powerful safeguards used to prevent them, such as software license agreements and, most importantly, <strong>encryption<\/strong>. We learned how tools like VPNs and secure websites (HTTPS) help to protect our data as it travels across the internet.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Finally, we considered the wider impact of technology on society. We looked at our right to privacy under laws like Malaysia's PDPA, the real health concerns of prolonged computer use and how <strong>ergonomics<\/strong> can help, and the growing environmental challenge of <strong>e-waste<\/strong> and the importance of adopting <strong>green computing<\/strong> practices. Using technology is not just about what we can do, but about what we <em>should<\/em> do to be safe, respectful, and responsible digital citizens.<\/p>\r\n\r\n<h2 style=\"text-align: justify;\">Review Questions<\/h2>\r\n<ol style=\"text-align: justify;\">\r\n \t<li>What is the purpose of an Acceptable Use Policy (AUP) in a business, and why is it important?<\/li>\r\n \t<li>Explain two-step verification using a real-world example, such as logging into your online banking account.<\/li>\r\n \t<li>Your friend wants to download a popular software program for free from an illegal website. What is this action called, and what are two different risks they are taking by doing this?<\/li>\r\n \t<li>You are about to enter your credit card details on a Malaysian e-commerce website. What is the single most important thing you should look for in the website's address bar to ensure the connection is secure?<\/li>\r\n \t<li>What is one health concern related to using computers for long periods, and what is one specific ergonomic adjustment you can make to your workspace to help prevent it?<\/li>\r\n \t<li>Explain the difference between private key encryption and public key encryption. Which one is better for sending a secure message to someone you have never met before, and why?<\/li>\r\n \t<li>What is the difference between unauthorized access and unauthorized use? Provide a simple example of each in a university setting.<\/li>\r\n \t<li>Why is e-waste a serious environmental problem, and what is one example of a green computing practice?<\/li>\r\n<\/ol>\r\n<h1 style=\"text-align: justify;\">References<\/h1>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">ASEAN Briefing. (2025, April 25). <em>Malaysia tightens data protection from June 2025<\/em>. <a class=\"rId19\" href=\"https:\/\/www.aseanbriefing.com\/news\/malaysia-tightens-data-protection-from-june-2025\/\">https:\/\/www.aseanbriefing.com\/news\/malaysia-tightens-data-protection-from-june-2025\/<\/a><\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Brookshear, J. G., &amp; Brylow, D. (2019). <em>Computer science: An overview<\/em> (13th ed.). Pearson.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Laudon, K. C., &amp; Laudon, J. P. (2020). <em>Management information systems: Managing the digital firm<\/em> (16th ed.). Pearson.<\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Personal Data Protection Department of Malaysia. (2025). <em>Personal Data Protection Act (PDPA) 2010<\/em>. JPDP. <a class=\"rId21\" href=\"https:\/\/www.pdp.gov.my\/jpdpv2\/\">https:\/\/www.pdp.gov.my\/jpdpv2\/<\/a><\/p>\r\n<p class=\"import-Normal\" style=\"text-align: justify;\">Silberschatz, A., Galvin, P. B., &amp; Gagne, G. (2018). <em>Operating system concepts<\/em> (10th ed.). Wiley.<\/p>\r\n<p class=\"import-Normal\" style=\"margin-left: 0pt; text-indent: 0pt;\"><\/p>","rendered":"<div class=\"chapter-9:-ethics-and-privacy-in-the-digital-age\">\n<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<h2 class=\"textbox__title\">Learning Objectives<\/h2>\n<\/header>\n<div class=\"textbox__content\">\n<p class=\"import-Normal\">Welcome to Chapter 9! In this chapter, we will discuss how to use technology in a responsible and ethical way. After studying this chapter, you will be able to:<\/p>\n<ul>\n<li class=\"import-Normal\">Understand the importance of authorized use and access controls.<\/li>\n<li class=\"import-Normal\">Describe different methods of authentication, including biometrics and two-step verification.<\/li>\n<li class=\"import-Normal\">Define software theft and the safeguards used to prevent it.<\/li>\n<li class=\"import-Normal\">Explain how encryption and other technologies protect information.<\/li>\n<li class=\"import-Normal\">Recognise privacy, health, and environmental issues related to technology.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<h2 style=\"text-align: justify;\">Introduction<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Imagine you are a new intern at a large company in Kuala Lumpur. On your first day, you are given a company laptop, a smartphone, and access to the company&#8217;s internal network. You can access the company&#8217;s client database, its financial reports, and its marketing plans. With a few clicks, you hold a huge amount of valuable and confidential information in your hands.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">This access comes with a great deal of responsibility. Should you use the high-speed office internet to download movies for yourself? Is it okay to use your work laptop to check your personal Facebook account? What would happen if you lost your company phone in a Grab car? What are the company&#8217;s rules about sharing information, and what are your personal ethical obligations to protect that data?<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">As we use technology more and more in our daily lives and in business, it becomes very important to think about <em>how<\/em> we use it. Using technology is not just about being efficient; it is also about being responsible, professional, and ethical. This chapter talks about <strong>digital ethics<\/strong>, which means doing the right thing online and with digital tools. We will discuss the crucial methods businesses use to control who can access their valuable data. We will explore how to protect our personal information and respect the privacy of others, and we will look at the wider impact that our constant use of technology has on our health and the environment.<\/p>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image12-1.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/><figcaption class=\"wp-caption-text\">Figure 9.1: Keeping Our Information Safe Online. Protecting our personal information online. The digital symbols on the face represent our data, and the lock shows the importance of keeping that data private. (Image generated with AI assistance using Gemini Pro 2.5.)<\/figcaption><\/figure>\n<h2 style=\"text-align: justify;\">Unauthorized Access and Use: Defining the Boundaries<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\">At its core, the first rule of digital ethics in a business context is about permission. <strong>Unauthorized access<\/strong> is the use of a computer, server, or network without permission. <strong>Unauthorized use<\/strong> is the act of using a computer or network for activities that are not approved, even if you have permission to be on the system.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong>Scenario: A Day at the Office<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li class=\"import-Normal\"><strong>Unauthorized Access:<\/strong> A person from another department who does not have permission to view payroll information tries to guess the password for the Human Resources server. This is unauthorized access.<\/li>\n<li class=\"import-Normal\"><strong>Unauthorized Use:<\/strong> An HR employee, who <em>does<\/em> have permission to access the payroll server, uses their computer during work hours to run a side business selling products on Shopee. This is unauthorized use.<\/li>\n<\/ul>\n<p class=\"import-Normal\" style=\"text-align: justify;\">To prevent confusion and set clear expectations for employees, many companies and organisations create an <strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_675\">Acceptable Use Policy (AUP)<\/a><\/strong>. An AUP is a formal document that outlines the specific rules and guidelines for using the company&#8217;s computers, networks, internet connection, and other IT resources.<\/p>\n<ul style=\"text-align: justify;\">\n<li class=\"import-Normal\">An AUP is a critical document for any modern business. It typically answers questions like:<\/li>\n<li class=\"import-Normal\">Can employees use their work computers for personal emails?<\/li>\n<li class=\"import-Normal\">Are employees allowed to access social media sites like Instagram or TikTok on the company network?<\/li>\n<li class=\"import-Normal\">Is it okay to install personal software (like a video game) on a company laptop?<\/li>\n<li class=\"import-Normal\">What are the rules about sending confidential company information via email?<\/li>\n<\/ul>\n<p class=\"import-Normal\" style=\"text-align: justify;\">By signing an AUP, employees acknowledge that they understand the rules. If they break these rules, the AUP gives the company the right to take disciplinary action. This protects the company from both security risks and legal problems.<\/p>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image7-4.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/><figcaption class=\"wp-caption-text\">Figure 9.2: Unauthorized Access Attempt. An individual from another department attempting to guess the password to access the Human Resources server, highlighting a critical cybersecurity risk. (Image generated with AI assistance using Gemini Pro 2.5.)<\/figcaption><\/figure>\n<h2 style=\"text-align: justify;\">Access Controls and Authentication: Who Are You?<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\">To enforce the rules set out in an AUP, companies use <strong>access controls<\/strong>. These are technical security measures that define who can access a computer or network, when they can access it, and what specific actions they are allowed to take. For example, an access control policy might state that a marketing intern can only log in during business hours and can only view the marketing folders, but cannot delete any files.<\/p>\n<h3 style=\"text-align: justify;\">Identifying Yourself: The First Step<\/h3>\n<p class=\"import-Normal\" style=\"text-align: justify;\">The most basic access control is user identification. The system needs to know who you are.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong>User Names and Passwords:<\/strong> A <strong>user name<\/strong> (or User ID) is a unique name that identifies a specific user on a network, like siti.rahman. A <strong>password<\/strong> is a secret word, phrase, or combination of characters that, when combined with the user name, allows access. A common weakness is that people often choose simple, easy-to-guess passwords. To combat this, many systems now require more complex passwords or encourage the use of a <strong>passphrase<\/strong>, which is a longer password that is easier for a human to remember but much harder for a computer to guess (e.g., MyFirstCarWasABlueProton!).<\/p>\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>PIN (Personal Identification Number):<\/strong> A PIN is a numeric passcode. It is shorter and simpler than a password and is often used for systems that require quick access, such as unlocking your smartphone or using your Maybank ATM card.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>CAPTCHA:<\/strong> This stands for &#8220;Completely Automated Public Turing test to tell Computers and Humans Apart.&#8221; It is a simple challenge-response test designed to determine whether the user is a human or an automated computer program (a bot). You have likely encountered these when signing up for a new online account. You might be asked to type a series of distorted letters and numbers or to click on all the pictures that contain a traffic light. This is used to prevent bots from creating thousands of fake accounts or posting spam comments.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Audit Trail:<\/strong> For businesses, it&#8217;s not enough to just control access; they also need to know what people are doing on the system. An <strong>audit trail<\/strong> is an electronic log file that records all the activity on a computer or network. It tracks who accessed the system, what files they opened, what changes they made, and when they did it. If a data breach occurs, the IT security team can use the audit trail to investigate what happened, much like a detective reviewing CCTV footage after a crime.<\/li>\n<\/ul>\n<figure style=\"width: 652px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image4-5.png\" alt=\"image\" width=\"652\" height=\"532\" \/><figcaption class=\"wp-caption-text\">Figure 9.3: CAPTCHA Security Check. A common test used on websites to make sure the user is a real person and not a computer program (a bot). The person must type the hard-to-read text from the picture to proceed. Image Credit: &#8220;CAPTCHA_test&#8221; by Mover of molehills is licensed under CC BY-SA 4.0, via Wikimedia Commons.<\/figcaption><\/figure>\n<h3 style=\"text-align: justify;\">Proving Your Identity: Authentication Methods<\/h3>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Knowing a username is not enough. The system needs to be sure that the person entering the username is the real owner of that account. <strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_676\">Authentication<\/a><\/strong> is the process of verifying a user&#8217;s identity. There are three main categories of authentication methods, often described as: &#8220;something you have,&#8221; &#8220;something you are,&#8221; and &#8220;something you know.&#8221;<\/p>\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Possessed Objects (Something You Have):<\/strong> This is a physical item that an individual must carry and present to gain access to a secured area. A common local scenario can be observed at a secure office in a building like KL Sentral, where an employee is required to tap their employee badge or identity card on a reader. This form of security is widely implemented in modern office doors and even university hostels through the use of smart cards, which are plastic cards embedded with a microchip that contains the user&#8217;s specific access permissions.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_677\">Biometric<\/a> Devices (Something You Are):<\/strong> These devices authenticate a person&#8217;s identity by translating a unique personal characteristic into a digital code. This is a very secure method because it is very difficult to fake a biological trait.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Fingerprint Readers:<\/strong> The most common biometric device, now built into most smartphones and many modern laptops.\n<ul>\n<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Face Recognition Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Used on many smartphones (like Apple&#8217;s Face ID) and for automated gates at airports like KLIA.<\/span><\/li>\n<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Hand Geometry Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Measures the shape and size of a person&#8217;s hand.<\/span><\/li>\n<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Voice Verification Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Analyzes a person&#8217;s unique voice patterns.<\/span><\/li>\n<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Signature Verification Systems:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> Analyzes the shape, speed, and pressure of a person&#8217;s signature.<\/span><\/li>\n<li class=\"import-Normal\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">Iris or Retinal Scanners:<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> These are extremely secure systems that scan the unique patterns in a person&#8217;s iris (the coloured part of the eye) or the pattern of blood vessels in their retina. These are often used for very high-security locations.<\/span><\/li>\n<\/ul>\n<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_678\">Two-Step Verification<\/a> (Combining Methods):<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> This method, often called <\/span><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">two factor authentication<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\"> or <\/span><strong style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">2FA<\/strong><span style=\"text-align: initial; text-indent: 18pt; font-size: 1em;\">, provides significantly stronger security by requiring two distinct methods to verify an identity, typically combining &#8220;something you know&#8221; with &#8220;something you have.&#8221; A common global business scenario occurs when an employee of a multinational company attempts to log into their work email from a new device. They first provide their password, which qualifies as something they know. The system then sends a temporary, single use code to an authenticator app on their company issued smartphone, which represents something they have. The employee must enter this code to finalize the login. Consequently, even if a criminal steals the password, they cannot access the account without also physically possessing the employee\u2019s phone. This powerful security practice has become a standard for protecting important online services, including Google accounts and online banking platforms.<\/span><\/li>\n<\/ul>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image8-4.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/><figcaption class=\"wp-caption-text\">Figure 9.4: Biometric Screening at Airport Security. A traveler undergoes an iris scan at an airport security checkpoint. This form of biometric identification uses a high-resolution camera to capture the unique patterns of a person&#8217;s iris, providing a quick and secure method for identity verification. The process is designed to enhance security and streamline passenger flow in modern airports. (Image generated with AI assistance using Gemini Pro 2.5.)<\/figcaption><\/figure>\n<figure style=\"width: 634px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image3-3.png\" alt=\"image\" width=\"634\" height=\"514\" \/><figcaption class=\"wp-caption-text\">Figure 9.5: Two-Factor Authentication (2FA). For extra security, after typing a password, Two-Factor Authentication requires a second step. The user must enter a special, one-time code (also called a &#8216;token&#8217;) from another device, like a phone, to complete the login. Image Credit: &#8220;Logging_in_with_2FA_on_Wikipedia&#8221; by Newslinger is licensed under CC0 1.0, via Wikimedia Commons.<\/figcaption><\/figure>\n<h2 style=\"text-align: justify;\">Digital Forensics: The Detectives of the Digital World<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\">What happens when an access control fails and a cybercrime is committed? That is where <strong>digital forensics<\/strong> comes in. Also called <strong>cyber forensics<\/strong>, this is the discovery, collection, and analysis of evidence found on computers and networks.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Digital forensics specialists function as high tech detectives, specializing in recovering deleted data, tracing the origins of network attacks, and analyzing digital artifacts to reconstruct the events of a security incident. Their expertise is critical in both law enforcement and corporate environments. For instance, the Polis Diraja Malaysia (PDRM) utilizes a dedicated digital forensics unit to investigate cybercrimes by examining evidence from seized devices like computers and phones for use in legal proceedings. Similarly, in the business world, a company that experiences a data breach will frequently enlist a digital forensics team to determine how the attackers infiltrated their systems, identify what information was compromised, and recommend strategies to prevent future occurrences.<\/p>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image11-1.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/><figcaption class=\"wp-caption-text\">Figure 9.6: Digital Forensics Analysis. A digital forensics investigator is shown analyzing complex data on an advanced, transparent interface. This process involves meticulously examining digital evidence from various sources to uncover the details of a cyber incident, identify perpetrators, and reconstruct the timeline of events for investigative and legal purposes. (Image generated with AI assistance using Gemini Pro 2.5.)<\/figcaption><\/figure>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q1<\/span><\/h2>\n<div id=\"h5p-102\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-102\" class=\"h5p-iframe\" data-content-id=\"102\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q1_Drag_And_Drop\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q2<\/span><\/h2>\n<div id=\"h5p-103\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-103\" class=\"h5p-iframe\" data-content-id=\"103\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q2_Question_Set_MCQ\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q3<\/span><\/h2>\n<div id=\"h5p-104\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-104\" class=\"h5p-iframe\" data-content-id=\"104\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q3_Quiz_Question_Set_TF\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q4<\/span><\/h2>\n<div id=\"h5p-105\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-105\" class=\"h5p-iframe\" data-content-id=\"105\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q4_Summary\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q5<\/span><\/h2>\n<div id=\"h5p-106\">\n<div class=\"h5p-content\" data-content-id=\"106\"><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q6<\/span><\/h2>\n<div id=\"h5p-107\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-107\" class=\"h5p-iframe\" data-content-id=\"107\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q6_Find_The_Words\"><\/iframe><\/div>\n<\/div>\n<h2 style=\"text-align: justify;\">Software Theft and Its Safeguards<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong>Software theft<\/strong> occurs when someone steals software media, intentionally erases programs, or illegally copies a program. The most common form of software theft is <strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_679\">software piracy<\/a><\/strong>, which is the unauthorized and illegal duplication of copyrighted software.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">It might seem harmless to download a &#8220;cracked&#8221; version of an expensive program like Microsoft Office or Adobe Photoshop from an illegal website, but it is a crime. It is the digital equivalent of shoplifting. Another common tool used in software piracy is a <strong>keygen<\/strong> (key generator), which is a small program that generates fake registration numbers or activation codes to trick the software into thinking it was legally purchased.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">To protect themselves from software theft, software companies use several safeguards:<\/p>\n<ul style=\"text-align: justify;\">\n<li class=\"import-Normal\"><strong>Product Activation:<\/strong> This is a process that requires you to connect to the internet or enter a unique serial number (often called a product key) to verify that the software was legally purchased before it can be fully used. This helps to prevent a single copy of the software from being installed on hundreds of different computers.<\/li>\n<li class=\"import-Normal\"><strong>License Agreements:<\/strong> When you install a piece of software, you are asked to agree to a <strong>license agreement<\/strong>. This is a legal contract that specifies the rules for using the software.\n<ul>\n<li class=\"import-Normal\">A <strong>single-user license agreement<\/strong>, also known as an <strong>EULA (End-User License Agreement)<\/strong>, is the most common type. It typically allows the user to install the software on only one computer.<\/li>\n<li class=\"import-Normal\">A <strong>network license<\/strong> is for businesses and allows a specific number of computers on a company network to use the software at the same time.<\/li>\n<li class=\"import-Normal\">A <strong>site license<\/strong> is a more expensive option for large organizations, like a university. It provides a flat-fee permission for all users or all computers at a particular location to use the software.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\">Information Theft and Its Safeguards<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\">While software theft is a problem for software companies, <strong>information theft<\/strong> is a risk for everyone. Information theft occurs when someone steals personal or confidential information. This is often the primary goal of a cyber attack. Businesses and individuals use many powerful safeguards to protect their information, with the most important being encryption.<\/p>\n<h3 style=\"text-align: justify;\">Encryption: The Art of Scrambling Data<\/h3>\n<p class=\"import-Normal\" style=\"text-align: justify;\"><strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_680\">Encryption<\/a><\/strong> is the process of converting readable data into an unreadable, scrambled form to prevent anyone without the secret key from reading it. The readable data is called <strong>plaintext<\/strong>, and the unreadable, scrambled data is called <strong>ciphertext<\/strong>.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">To convert from plaintext to ciphertext, you use an <strong>encryption algorithm<\/strong> (or <strong>cypher<\/strong>) and an <strong>encryption key<\/strong>, which is a secret code or set of characters.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Imagine you have a secret message. You use a secret rule (the algorithm) and a secret keyword (the key) to change every letter in the message. The resulting scrambled message is the ciphertext. Only someone who knows both the rule and the keyword can unscramble it back into plaintext.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">There are two main types of encryption:<\/p>\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Private key encryption<\/strong>, also known as<strong> symmetric key encryption<\/strong>, is a method that uses a single, identical secret key to both encrypt and decrypt information, making it a very fast and efficient process. A practical scenario for its use would involve sending a confidential report to your manager. In this case, both parties would need to agree upon a secret password, which acts as the key, ahead of time. You would use this password to encrypt the file before emailing it, and your manager would then use the same password to decrypt it for reading. The primary challenge with this method is the initial secure distribution of the secret key itself, as any compromise during its exchange would undermine the entire encryption process.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Public key encryption<\/strong>, also known as<strong> asymmetric encryption<\/strong>, is a more complex system designed to solve the fundamental problem of securely sharing a key. It operates using a mathematically linked pair of keys: a <strong>public key<\/strong>, which can be freely distributed to anyone, and a <strong>private key<\/strong>, which must be kept secret by its owner. The core principle is that any data encrypted with the public key can only be decrypted by its corresponding private key. A practical scenario illustrates this effectively: to send a confidential report to your manager, you first request their public key. Using this key, you encrypt the sensitive file. Once encrypted, the report becomes scrambled and secure. The only way to decipher it is with your manager&#8217;s unique private key, which they alone possess. This elegant solution for securing communication without a pre-shared secret is the foundational technology that protects modern internet activities, from emails to online banking.<\/li>\n<\/ul>\n<figure style=\"width: 796px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image1-4.png\" alt=\"image\" width=\"796\" height=\"755\" \/><figcaption class=\"wp-caption-text\">Figure 9.7: The Digital Signature Process. This diagram shows how a digital signature is created and verified using public-key cryptography. Alice uses her private key to sign a message, which generates a unique signature. Bob then uses Alice&#8217;s corresponding public key to verify that the message is authentic and has not been altered. Image Credit: &#8220;Private_key_signing&#8221; by FlippyFlink is licensed under CC BY-SA 4.0, via Wikimedia Commons.<\/figcaption><\/figure>\n<h3 style=\"text-align: justify;\">Other Key Safeguards<\/h3>\n<ul>\n<li style=\"text-align: justify;\"><strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_681\">Virtual Private Network (VPN)<\/a>:<\/strong> A VPN establishes a secure, encrypted connection over a public network such as the internet. For example, if you are working remotely from a public location like a ZUS Coffee in Labuan and using their unsecured Wi-Fi, your internet traffic could be vulnerable to eavesdropping by hackers. By connecting to your company\u2019s VPN, an encrypted tunnel is created from your device through the public network directly to your company\u2019s private network. This ensures that all transmitted data remains scrambled and unreadable to anyone who might intercept it, thereby safeguarding your online activities and sensitive information.<\/li>\n<li style=\"text-align: justify;\"><strong>Digital Signatures and Certificates:<\/strong>\n<ul>\n<li>A <strong>digital signature<\/strong> is an encrypted code that a person or company attaches to a file or email to verify their identity and to ensure the document has not been altered. It&#8217;s like a tamper-proof digital seal.<\/li>\n<li>A <strong>digital certificate<\/strong> is an electronic notice that guarantees a user or, more commonly, a website is legitimate. It is issued by a trusted third party called a Certificate Authority (CA).<\/li>\n<\/ul>\n<\/li>\n<li style=\"text-align: justify;\"><strong>Secure Sites (<a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_682\">HTTPS<\/a>):<\/strong> When you are browsing the web, especially on banking or e-commerce sites like Lazada or Shopee, always look at the web address in your browser. If it starts with <strong>https:\/\/<\/strong>, it means the website is secure. The &#8216;s&#8217; stands for &#8220;secure&#8221; and indicates that the site is using a digital certificate and encryption to protect the data you send to it, such as your password or credit card number. If a site that asks for personal information only uses http:\/\/ (without the &#8216;s&#8217;), you should not trust it.<\/li>\n<\/ul>\n<figure style=\"width: 1932px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image2-4.png\" alt=\"image\" width=\"1932\" height=\"698\" \/><figcaption class=\"wp-caption-text\">Figure 9.8: How a VPN Secures an Internet Connection. This diagram illustrates the operation of a Virtual Private Network (VPN). The user&#8217;s device connects to a VPN server through an encrypted tunnel, which protects their internet traffic from being monitored by the Internet Service Provider (ISP). The VPN server then communicates with the internet, masking the user&#8217;s original IP address with its own, thereby enhancing online privacy and security. Image Credit: &#8220;How_vpn_works&#8221; by Shashikabir87 is licensed under CC BY-SA 4.0, via Wikimedia Commons.<\/figcaption><\/figure>\n<\/div>\n<h2 style=\"text-align: justify;\">Wider Implications of Technology<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Using technology ethically and responsibly goes beyond just security. It also means we need to consider its effect on our personal privacy, our health, and the environment.<\/p>\n<h3 style=\"text-align: justify;\">Privacy Concerns in the Digital Age<\/h3>\n<p class=\"import-Normal\" style=\"text-align: justify;\">In the modern economy, data is incredibly valuable. Many companies collect vast amounts of information about our online behaviour.<\/p>\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Personal Data Protection:<\/strong> In Malaysia, the <strong>Personal Data Protection Act (PDPA) 2010<\/strong> is the main law that governs how businesses can collect, use, and store our personal data. Businesses must get our consent before collecting our information, and they are responsible for keeping it secure. Recent updates to this law, which came into effect in 2025, require businesses to notify users and the authorities much more quickly if a data breach occurs. This shows how seriously data privacy is now being taken.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Identity Theft:<\/strong> This is a serious crime where someone steals your personal information (like your MyKad number, address, or bank details) and uses it to impersonate you, often for financial gain. They might use your identity to apply for a loan, make online purchases, or commit other crimes in your name.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Online Social Networks:<\/strong> Be very careful about what you share on social media platforms like Facebook, Instagram, and TikTok. Information, photos, and opinions posted online can sometimes be seen by anyone, including future employers, and can stay on the internet forever, even if you delete the original post. It is important to regularly check your privacy settings to control who can see what you share.<\/li>\n<\/ul>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image5-2.jpg\" alt=\"image\" width=\"2048\" height=\"923\" \/><figcaption class=\"wp-caption-text\">Figure 9.9: The Lifecycle of Identity Theft. This infographic provides an overview of identity theft by illustrating three key stages: how personal information is stolen (digitally, physically, or socially), what types of information are targeted (account numbers, records, and identification), and how the stolen information is used to commit fraud (such as unauthorized use of existing accounts or opening new ones). Image Credit: &#8220;Figure_1-_Examples_of_How_Personal_Information_Is_Obtained_and_Used_to_Commit_Identity_Theft_(34085055812)&#8221; by U.S. Government Accountability Office is licensed under Public Domain, via Wikimedia Commons.<\/figcaption><\/figure>\n<h3 style=\"text-align: justify;\">Health Concerns of Using Technology<\/h3>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Spending many hours a day using computers and smartphones can have a real impact on our physical health.<\/p>\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Repetitive Strain Injuries (RSI):<\/strong> These are injuries to the muscles, nerves, and tendons caused by performing the same action over and over again. For computer users, this often affects the hands and wrists.\n<ul>\n<li class=\"import-Normal\"><strong>Tendonitis<\/strong> is the inflammation of a tendon, which can be caused by too much typing.<\/li>\n<li class=\"import-Normal\"><strong>Carpal tunnel syndrome (CTS)<\/strong> is a painful condition caused by pressure on a nerve in your wrist, which can also result from prolonged and improper keyboard use.<\/li>\n<\/ul>\n<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Computer Vision Syndrome (CVS):<\/strong> This is a condition that includes a range of eye problems from spending too much time looking at a digital screen. Symptoms can include eye strain, headaches, dry eyes, and blurred vision. A simple tip to help prevent this is the <strong>20-20-20 rule<\/strong>: every 20 minutes, take a 20-second break to look at something 20 feet (about 6 meters) away.<\/li>\n<li class=\"import-Normal\"><strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_683\">Ergonomics<\/a>: Designing for Health and Safety:<\/strong> <strong>Ergonomics<\/strong> is the science of designing equipment, furniture, and workspaces to be as comfortable, efficient, and safe as possible. An ergonomic workspace can help prevent many of these health issues. This includes:\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\">An adjustable chair that provides good back support.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\">A desk at the correct height.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\">Placing the monitor at eye level to avoid straining your neck.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\">Using an ergonomic keyboard and mouse that keep your wrists in a natural position.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image9-3.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/><figcaption class=\"wp-caption-text\">Figure 9.10: Poor Office Ergonomics. This image illustrates poor posture at a workstation, a common ergonomic issue. The individual is hunched forward with a curved back and neck, which can lead to strain, discomfort, and long-term musculoskeletal problems. Proper ergonomics, including maintaining a neutral spine and ensuring screens are at eye level, is crucial for health and safety in an office environment. (Image generated with AI assistance using Gemini Pro 2.5.)<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image6-3.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/><figcaption class=\"wp-caption-text\">Figure 9.11: Proper Office Ergonomics. This image demonstrates an ideal ergonomic setup in an office environment. The individual maintains a healthy posture with a straight back, supported by an adjustable chair. The desk is at the correct height, and the monitor is positioned at eye level to prevent neck strain. The use of an ergonomic keyboard and mouse helps to keep the wrists in a neutral and comfortable position, contributing to a safe and productive workspace. (Image generated with AI assistance using Gemini Pro 2.5.)<\/figcaption><\/figure>\n<h3 style=\"text-align: justify;\">Environmental Issues<\/h3>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Our love for the latest technology also has a significant impact on the environment.<\/p>\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_684\">E-waste<\/a>:<\/strong> Old, discarded electronic equipment like computers, smartphones, and printers is called <strong>e-waste<\/strong>. This is a growing global problem. E-waste often contains toxic materials like lead, mercury, and cadmium. If these devices are just thrown into a normal landfill, these toxic materials can leak into the soil and water, causing serious environmental damage and health risks.<\/li>\n<li class=\"import-Normal\"><strong><a class=\"glossary-term\" aria-haspopup=\"dialog\" aria-describedby=\"definition\" href=\"#term_663_685\">Green Computing<\/a>: Using Technology Sustainably:<\/strong> <strong>Green computing<\/strong> involves practices that reduce the environmental impact of computers and technology. This includes:\n<ul>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Recycling:<\/strong> Taking old devices to a proper e-waste recycling centre where they can be safely disassembled and the materials recovered.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Energy Efficiency:<\/strong> Choosing computer products that have an energy-saving certification and remembering to turn off devices when they are not in use.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Extending the Life of Computers:<\/strong> Upgrading components like RAM or the storage drive to make an older computer last longer, instead of buying a new one.<\/li>\n<li class=\"import-Normal\" style=\"text-align: justify;\"><strong>Proper Disposal:<\/strong> Ensuring that when a device reaches the end of its life, it is disposed of through a certified e-waste program and not just thrown in the rubbish bin.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<figure style=\"width: 2048px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-content\/uploads\/sites\/239\/2025\/08\/image10.png\" alt=\"image\" width=\"2048\" height=\"2048\" \/><figcaption class=\"wp-caption-text\">Figure 9.12: Electronic Waste (E-Waste). This image shows a large accumulation of discarded electronic devices, commonly known as e-waste. It includes obsolete or broken computers, monitors, printers, and mobile phones. E-waste is a growing environmental concern due to the hazardous materials it contains and the challenges of proper disposal and recycling. (Image generated with AI assistance using Gemini Pro 2.5.)<\/figcaption><\/figure>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q7<\/span><\/h2>\n<div id=\"h5p-108\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-108\" class=\"h5p-iframe\" data-content-id=\"108\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q7_Drag_And_Drop\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q8<\/span><\/h2>\n<div id=\"h5p-109\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-109\" class=\"h5p-iframe\" data-content-id=\"109\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q8_Drag_And_Drop\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q9<\/span><\/h2>\n<div id=\"h5p-110\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-110\" class=\"h5p-iframe\" data-content-id=\"110\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q2_Question_Set_MCQ\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q10<\/span><\/h2>\n<div id=\"h5p-111\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-111\" class=\"h5p-iframe\" data-content-id=\"111\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q10_Summary\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q11<\/span><\/h2>\n<div id=\"h5p-112\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-112\" class=\"h5p-iframe\" data-content-id=\"112\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q11_Question_Set_MCQ\"><\/iframe><\/div>\n<\/div>\n<h2><span style=\"color: #ff6600;\">Check Your Understanding: Q12<\/span><\/h2>\n<div id=\"h5p-113\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-113\" class=\"h5p-iframe\" data-content-id=\"113\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"Chapter_9_Q12_Summary\"><\/iframe><\/div>\n<\/div>\n<h2 style=\"text-align: justify;\">Chapter Summary<\/h2>\n<p class=\"import-Normal\" style=\"text-align: justify;\">In this chapter, we have explored the critical importance of digital ethics and responsibility in our personal and professional lives. We learned about the need for <strong>Acceptable Use Policies<\/strong> in businesses and the technical <strong>access controls<\/strong> used to enforce them. We saw how <strong>authentication<\/strong> methods, from simple passwords to advanced biometrics and <strong>two-step verification<\/strong>, are used to prove our identity and secure our accounts.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">We discussed the problems of <strong>software theft<\/strong> and <strong>information theft<\/strong>, and the powerful safeguards used to prevent them, such as software license agreements and, most importantly, <strong>encryption<\/strong>. We learned how tools like VPNs and secure websites (HTTPS) help to protect our data as it travels across the internet.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Finally, we considered the wider impact of technology on society. We looked at our right to privacy under laws like Malaysia&#8217;s PDPA, the real health concerns of prolonged computer use and how <strong>ergonomics<\/strong> can help, and the growing environmental challenge of <strong>e-waste<\/strong> and the importance of adopting <strong>green computing<\/strong> practices. Using technology is not just about what we can do, but about what we <em>should<\/em> do to be safe, respectful, and responsible digital citizens.<\/p>\n<h2 style=\"text-align: justify;\">Review Questions<\/h2>\n<ol style=\"text-align: justify;\">\n<li>What is the purpose of an Acceptable Use Policy (AUP) in a business, and why is it important?<\/li>\n<li>Explain two-step verification using a real-world example, such as logging into your online banking account.<\/li>\n<li>Your friend wants to download a popular software program for free from an illegal website. What is this action called, and what are two different risks they are taking by doing this?<\/li>\n<li>You are about to enter your credit card details on a Malaysian e-commerce website. What is the single most important thing you should look for in the website&#8217;s address bar to ensure the connection is secure?<\/li>\n<li>What is one health concern related to using computers for long periods, and what is one specific ergonomic adjustment you can make to your workspace to help prevent it?<\/li>\n<li>Explain the difference between private key encryption and public key encryption. Which one is better for sending a secure message to someone you have never met before, and why?<\/li>\n<li>What is the difference between unauthorized access and unauthorized use? Provide a simple example of each in a university setting.<\/li>\n<li>Why is e-waste a serious environmental problem, and what is one example of a green computing practice?<\/li>\n<\/ol>\n<h1 style=\"text-align: justify;\">References<\/h1>\n<p class=\"import-Normal\" style=\"text-align: justify;\">ASEAN Briefing. (2025, April 25). <em>Malaysia tightens data protection from June 2025<\/em>. <a class=\"rId19\" href=\"https:\/\/www.aseanbriefing.com\/news\/malaysia-tightens-data-protection-from-june-2025\/\">https:\/\/www.aseanbriefing.com\/news\/malaysia-tightens-data-protection-from-june-2025\/<\/a><\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Brookshear, J. G., &amp; Brylow, D. (2019). <em>Computer science: An overview<\/em> (13th ed.). Pearson.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Laudon, K. C., &amp; Laudon, J. P. (2020). <em>Management information systems: Managing the digital firm<\/em> (16th ed.). Pearson.<\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Personal Data Protection Department of Malaysia. (2025). <em>Personal Data Protection Act (PDPA) 2010<\/em>. JPDP. <a class=\"rId21\" href=\"https:\/\/www.pdp.gov.my\/jpdpv2\/\">https:\/\/www.pdp.gov.my\/jpdpv2\/<\/a><\/p>\n<p class=\"import-Normal\" style=\"text-align: justify;\">Silberschatz, A., Galvin, P. B., &amp; Gagne, G. (2018). <em>Operating system concepts<\/em> (10th ed.). Wiley.<\/p>\n<p class=\"import-Normal\" style=\"margin-left: 0pt; text-indent: 0pt;\">\n<div class=\"glossary\"><span class=\"screen-reader-text\" id=\"definition\">definition<\/span><template id=\"term_663_675\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_675\"><div tabindex=\"-1\"><p>A document that outlines the rules for the use of a company's computers and networks.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_676\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_676\"><div tabindex=\"-1\"><p>The process of verifying a user's identity to ensure they are who they claim to be.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_677\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_677\"><div tabindex=\"-1\"><p>The use of a unique personal characteristic, like a fingerprint or facial scan, for identification.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_678\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_678\"><div tabindex=\"-1\"><p>A security method that requires two different forms of identification to log in.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_679\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_679\"><div tabindex=\"-1\"><p>The illegal and unauthorized copying, distribution, or use of copyrighted software<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_680\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_680\"><div tabindex=\"-1\"><p>The process of converting readable data (plaintext) into an unreadable, scrambled code (ciphertext) to protect it.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_681\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_681\"><div tabindex=\"-1\"><p>A service that provides a secure, encrypted connection over a public network like the internet.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_682\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_682\"><div tabindex=\"-1\"><p>A protocol that indicates a secure and encrypted connection to a website, often shown by a padlock icon in the browser.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_683\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_683\"><div tabindex=\"-1\"><p>The science of designing a workspace and its equipment to be safe, comfortable, and efficient for human use.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_684\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_684\"><div tabindex=\"-1\"><p>Discarded electronic equipment, such as old computers, smartphones, and printers.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><template id=\"term_663_685\"><div class=\"glossary__definition\" role=\"dialog\" data-id=\"term_663_685\"><div tabindex=\"-1\"><p>The practice of using computing resources in a more environmentally responsible and sustainable way.<\/p>\n<\/div><button><span aria-hidden=\"true\">&times;<\/span><span class=\"screen-reader-text\">Close definition<\/span><\/button><\/div><\/template><\/div>","protected":false},"author":91,"menu_order":9,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-663","chapter","type-chapter","status-publish","hentry"],"part":3,"_links":{"self":[{"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/pressbooks\/v2\/chapters\/663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/wp\/v2\/users\/91"}],"version-history":[{"count":20,"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/pressbooks\/v2\/chapters\/663\/revisions"}],"predecessor-version":[{"id":766,"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/pressbooks\/v2\/chapters\/663\/revisions\/766"}],"part":[{"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/pressbooks\/v2\/parts\/3"}],"metadata":[{"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/pressbooks\/v2\/chapters\/663\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/wp\/v2\/media?parent=663"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/pressbooks\/v2\/chapter-type?post=663"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/wp\/v2\/contributor?post=663"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/openbook.ums.edu.my\/businessbytescomputerguide\/wp-json\/wp\/v2\/license?post=663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}