Computer security
Computer security refers to protecting a computer and the data it holds. Computer security can be using passwords, encryption, firewalls, and denying physical access to a computer's location.
While security measures do not guarantee that data won't be compromised, the extra steps help prevent unauthorized data access and acquisition.
Cybersecurity was featured as a top term of 2017.
Why is security important?
Computer security is important because it helps protect you and your computer from potential threats. Below are a few different scenarios relating to computer security and why it is important to consider these threats.
- Not having a strong password could allow an attacker to access your account. For example, having a weak password on your e-mail account could allow hackers access to your e-mail and use it to reset your other account passwords.
- Malware may be designed to spy on you as you use the computer. Scan, detect, and eliminate these threats with a malware scanner.
- Not updating your software could leave your computer vulnerable to security vulnerabilities, giving an attacker access to your computer information, which could be used for identity theft.
What is a computer security risk?
A computer security risk is an event or action that could cause a data loss or damage to hardware or software. It could result from unpatched software, misconfigured software or hardware, and bad habits (e.g., using "1234" as your password). Any illegal act involving a computer security risk is considered a computer crime. The following pages contain information on how to minimize security risks.
For help with managing business and corporate security risks, see the business and corporate security risks section.
What helps increase computer security?
Below are several things that can be done to mitigate risks and improve your overall computer security.
- Use strong passwords.
- Use 2FA (two-factor authentication).
- Install all the latest software and hardware updates.
- Make backups of important data.
- Communicate over a secure WPA (Wi-Fi Protected Access) or WPA2 connection when using Wi-Fi.
- Be aware of social engineering and phishing tactics.
- Never download or run pirated software.
- Familiarize yourself with relevant security terms.
What is a security fix?
A security fix is one or more solutions to security threats or vulnerabilities found in computer software or hardware after it is released.
Security fixes are applied by running updates for an operating system and software on the computer or another device. For hardware, firmware updates are performed to resolve hardware security threats.
Business and corporate security risks
In addition to personal computer security risks, business and corporate security risks should be considered. Below are some risks to consider when reviewing your computer security. Once you've assessed the risks to your business, you'll need to plan how to mitigate them, implement solutions, and then monitor their effectiveness.
Employees
Humans are often the biggest security risk for businesses. If your employees are not appropriately trained or don't follow safe practices, they could misconfigure software or hardware or be susceptible to social engineering.
Also, a company that doesn't respect its employees or has a bad corporate culture may cause employees to retaliate, steal information, or knowingly damage hardware or misconfigure software.
Bad backups
Your company's data for its products and customers is often vital to its operations. If that information became corrupt or was lost, it could destroy a company. Ensuring all data is properly backed up and stored offsite helps prevent this risk.
When developing a backup strategy, consider the possibility of ransomware, which can lock all data, including data stored in a backup. When performing backups, it's a good idea not to have them connected to the same network or computer.
Not maintaining hardware or software
Although paying someone to maintain your computer hardware and software can be expensive, not maintaining it creates a computer security risk and a potential entry point to an attacker. We recommend having at least one individual who regularly checks up on your hardware and software systems.
Outdated hardware or software
Eventually, you'll need to replace your business hardware and software with more up-to-date and efficient alternatives. Older hardware and software eventually reach an EOL (end-of-life) point; when this happens, the manufacturer no longer develops security patches for that product. If you're using a product no longer supported and a vulnerability is discovered, your computer or network becomes susceptible to an attack.
Not planning for a disaster
If your business or one of its locations is destroyed in a disaster, not planning for disaster recovery is another risk.
How can computer security risks be measured?
Below are technical reports with more advanced information on assessing security risks.
- NIST Guide for Conducting Risk Assessments
- OCTAVE - Operationally Critical Threat, Asset, and Vulnerability Evaluation
- FAIR - Factor analysis of information risk
- ISO 31000 Risk Management
Can a computer be 100% secure?
For a computer to be 100% secure, it must be disconnected from everything (air-gapped) and physically isolated to prevent anything getting installed. For example, you'd need to turn off all drives that allow software to be installed (e.g., a disc drive) and turn off ports (e.g., USB (universal serial bus)) that allow drives to connect to the computer.
Risks are introduced when a computer connects to a network or the Internet, and new software is installed. Since most people need the Internet and the ability to install new software, a computer cannot be 100% secure. Computer security helps mitigate the risks to your computer, but it does not eliminate all risks.
Business terms, Cyberwar, Hacker, SBOM, Security+, Security terms, Threat, Vulnerability, WireGuard