Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo
Introduction to Business

13.5 Protecting Computers and Information

Introduction to Business13.5 Protecting Computers and Information
Menu
Table of contents
  1. Preface
  2. 1 Understanding Economic Systems and Business
    1. Introduction
    2. 1.1 The Nature of Business
    3. 1.2 Understanding the Business Environment
    4. 1.3 How Business and Economics Work
    5. 1.4 Macroeconomics: The Big Picture
    6. 1.5 Achieving Macroeconomic Goals
    7. 1.6 Microeconomics: Zeroing in on Businesses and Consumers
    8. 1.7 Competing in a Free Market
    9. 1.8 Trends in the Business Environment and Competition
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  3. 2 Making Ethical Decisions and Managing a Socially Responsible Business
    1. Introduction
    2. 2.1 Understanding Business Ethics
    3. 2.2 How Organizations Influence Ethical Conduct
    4. 2.3 Managing a Socially Responsible Business
    5. 2.4 Responsibilities to Stakeholders
    6. 2.5 Trends in Ethics and Corporate Social Responsibility
    7. Key Terms
    8. Summary of Learning Outcomes
    9. Preparing for Tomorrow's Workplace Skills
    10. Ethics Activity
    11. Working the Net
    12. Critical Thinking Case
    13. Hot Links Address Book
  4. 3 Competing in the Global Marketplace
    1. Introduction
    2. 3.1 Global Trade in the United States
    3. 3.2 Why Nations Trade
    4. 3.3 Barriers to Trade
    5. 3.4 Fostering Global Trade
    6. 3.5 International Economic Communities
    7. 3.6 Participating in the Global Marketplace
    8. 3.7 Threats and Opportunities in the Global Marketplace
    9. 3.8 The Impact of Multinational Corporations
    10. 3.9 Trends in Global Competition
    11. Key Terms
    12. Summary of Learning Outcomes
    13. Preparing for Tomorrow's Workplace Skills
    14. Ethics Activity
    15. Working the Net
    16. Critical Thinking Case
    17. Hot Links Address Book
  5. 4 Forms of Business Ownership
    1. Introduction
    2. 4.1 Going It Alone: Sole Proprietorships
    3. 4.2 Partnerships: Sharing the Load
    4. 4.3 Corporations: Limiting Your Liability
    5. 4.4 Specialized Forms of Business Organization
    6. 4.5 Franchising: A Popular Trend
    7. 4.6 Mergers and Acquisitions
    8. 4.7 Trends in Business Ownership
    9. Key Terms
    10. Summary of Learning Outcomes
    11. Preparing for Tomorrow's Workplace Skills
    12. Ethics Activity
    13. Working the Net
    14. Critical Thinking Case
    15. Hot Links Address Book
  6. 5 Entrepreneurship: Starting and Managing Your Own Business
    1. Introduction
    2. 5.1 Entrepreneurship Today
    3. 5.2 Characteristics of Successful Entrepreneurs
    4. 5.3 Small Business: Driving America's Growth
    5. 5.4 Ready, Set, Start Your Own Business
    6. 5.5 Managing a Small Business
    7. 5.6 Small Business, Large Impact
    8. 5.7 The Small Business Administration
    9. 5.8 Trends in Entrepreneurship and Small-Business Ownership
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  7. 6 Management and Leadership in Today's Organizations
    1. Introduction
    2. 6.1 The Role of Management
    3. 6.2 Planning
    4. 6.3 Organizing
    5. 6.4 Leading, Guiding, and Motivating Others
    6. 6.5 Controlling
    7. 6.6 Managerial Roles
    8. 6.7 Managerial Skills
    9. 6.8 Trends in Management and Leadership
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  8. 7 Designing Organizational Structures
    1. Introduction
    2. 7.1 Building Organizational Structures
    3. 7.2 Contemporary Structures
    4. 7.3 Using Teams to Enhance Motivation and Performance
    5. 7.4 Authority—Establishing Organizational Relationships
    6. 7.5 Degree of Centralization
    7. 7.6 Organizational Design Considerations
    8. 7.7 The Informal Organization
    9. 7.8 Trends in Organizational Structure
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  9. 8 Managing Human Resources and Labor Relations
    1. Introduction
    2. 8.1 Achieving High Performance through Human Resources Management
    3. 8.2 Employee Recruitment
    4. 8.3 Employee Selection
    5. 8.4 Employee Training and Development
    6. 8.5 Performance Planning and Evaluation
    7. 8.6 Employee Compensation and Benefits
    8. 8.7 The Labor Relations Process
    9. 8.8 Managing Grievances and Conflicts
    10. 8.9 Legal Environment of Human Resources and Labor Relations
    11. 8.10 Trends in Human Resource Management and Labor Relations
    12. Key Terms
    13. Summary of Learning Outcomes
    14. Preparing for Tomorrow's Workplace Skills
    15. Ethics Activity
    16. Working the Net
    17. Critical Thinking Case
    18. Hot Links Address Book
  10. 9 Motivating Employees
    1. Introduction
    2. 9.1 Early Theories of Motivation
    3. 9.2 The Hawthorne Studies
    4. 9.3 Maslow's Hierarchy of Needs
    5. 9.4 McGregor's Theories X and Y
    6. 9.5 Herzberg's Motivator-Hygiene Theory
    7. 9.6 Contemporary Views on Motivation
    8. 9.7 From Motivation Theory to Application
    9. 9.8 Trends in Employee Motivation
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  11. 10 Achieving World-Class Operations Management
    1. Introduction
    2. 10.1 Production and Operations Management—An Overview
    3. 10.2 The Production Process: How Do We Make It?
    4. 10.3 Location, Location, Location: Where Do We Make It?
    5. 10.4 Pulling It Together: Resource Planning
    6. 10.5 Production and Operations Control
    7. 10.6 Looking for a Better Way: Improving Production and Operations
    8. 10.7 Transforming the Factory Floor with Technology
    9. 10.8 Trends in Production and Operations Management
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  12. 11 Creating Products and Pricing Strategies to Meet Customers' Needs
    1. Introduction
    2. 11.1 The Marketing Concept
    3. 11.2 Creating a Marketing Strategy
    4. 11.3 Developing a Marketing Mix
    5. 11.4 Buyer Behavior
    6. 11.5 Market Segmentation
    7. 11.6 What Is a Product?
    8. 11.7 Creating Products That Deliver Value
    9. 11.8 The Product Life Cycle
    10. 11.9 Pricing Strategies and Future Trends
    11. 11.10 Trends in Developing Products and Pricing
    12. Key Terms
    13. Summary of Learning Outcomes
    14. Preparing for Tomorrow's Workplace Skills
    15. Ethics Activity
    16. Working the Net
    17. Critical Thinking Case
    18. Hot Links Address Book
  13. 12 Distributing and Promoting Products and Services
    1. Introduction
    2. 12.1 The Nature and Functions of Distribution (Place)
    3. 12.2 Wholesaling
    4. 12.3 The Competitive World of Retailing
    5. 12.4 Using Supply Chain Management to Increase Efficiency and Customer Satisfaction
    6. 12.5 Promotion Strategy
    7. 12.6 The Huge Impact of Advertising
    8. 12.7 The Importance of Personal Selling
    9. 12.8 Sales Promotion
    10. 12.9 Public Relations Helps Build Goodwill
    11. 12.10 Trends in Social Media
    12. 12.11 Trends in E-Commerce
    13. Key Terms
    14. Summary of Learning Outcomes
    15. Preparing for Tomorrow's Workplace Skills
    16. Ethics Activity
    17. Working the Net
    18. Critical Thinking Case
    19. Hot Links Address Book
  14. 13 Using Technology to Manage Information
    1. Introduction
    2. 13.1 Transforming Businesses through Information
    3. 13.2 Linking Up: Computer Networks
    4. 13.3 Management Information Systems
    5. 13.4 Technology Management and Planning
    6. 13.5 Protecting Computers and Information
    7. 13.6 Trends in Information Technology
    8. Key Terms
    9. Summary of Learning Outcomes
    10. Preparing for Tomorrow's Workplace Skills
    11. Ethics Activity
    12. Working the Net
    13. Critical Thinking Case
    14. Hot Links Address Book
  15. 14 Using Financial Information and Accounting
    1. Introduction
    2. 14.1 Accounting: More than Numbers
    3. 14.2 The Accounting Profession
    4. 14.3 Basic Accounting Procedures
    5. 14.4 The Balance Sheet
    6. 14.5 The Income Statement
    7. 14.6 The Statement of Cash Flows
    8. 14.7 Analyzing Financial Statements
    9. 14.8 Trends in Accounting
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  16. 15 Understanding Money and Financial Institutions
    1. Introduction
    2. 15.1 Show Me the Money
    3. 15.2 The Federal Reserve System
    4. 15.3 U.S. Financial Institutions
    5. 15.4 Insuring Bank Deposits
    6. 15.5 International Banking
    7. 15.6 Trends in Financial Institutions
    8. Key Terms
    9. Summary of Learning Outcomes
    10. Preparing for Tomorrow's Workplace Skills
    11. Ethics Activity
    12. Working the Net
    13. Critical Thinking Case
    14. Hot Links Address Book
  17. 16 Understanding Financial Management and Securities Markets
    1. Introduction
    2. 16.1 The Role of Finance and the Financial Manager
    3. 16.2 How Organizations Use Funds
    4. 16.3 Obtaining Short-Term Financing
    5. 16.4 Raising Long-Term Financing
    6. 16.5 Equity Financing
    7. 16.6 Securities Markets
    8. 16.7 Buying and Selling at Securities Exchanges
    9. 16.8 Trends in Financial Management and Securities Markets
    10. Key Terms
    11. Summary of Learning Outcomes
    12. Preparing for Tomorrow's Workplace Skills
    13. Ethics Activity
    14. Working the Net
    15. Critical Thinking Case
    16. Hot Links Address Book
  18. 17 Your Career in Business
    1. Introduction
    2. 17.1 Learn the Basics of Business
    3. 17.2 Developing Interpersonal Skills Is Key to Your Success
    4. 17.3 Make Your Future Happen: Learn to Plan
    5. 17.4 Going to College Is an Opportunity of a Lifetime—Never Drop Out
    6. 17.5 Get Your Career Off on the Right Track
    7. 17.6 Self-Test Scoring Guidelines
  19. A | Understanding the Legal and Tax Environment
  20. Index
  21. References
  1. What are the best ways to protect computers and the information they contain?

Have you ever lost a term paper you worked on for weeks because your hard drive crashed or you deleted the wrong file? You were upset, angry, and frustrated. Multiply that paper and your feelings hundreds of times over, and you can understand why companies must protect computers, networks, and the information they store and transmit from a variety of potential threats. For example, security breaches of corporate information systems—from human hackers or electronic versions such as viruses and worms—are increasing at an alarming rate. The ever-increasing dependence on computers requires plans that cover human error, power outages, equipment failure, hacking, and terrorist attacks. To withstand natural disasters such as major fires, earthquakes, and floods, many companies install specialized fault-tolerant computer systems.

Disasters are not the only threat to data. A great deal of data, much of it confidential, can easily be tapped or destroyed by anyone who knows about computers. Keeping your networks secure from unauthorized access—from internal as well as external sources—requires formal security policies and enforcement procedures. The increasing popularity of mobile devices—laptops, tablets, and cell phones—and wireless networks requires new types of security provisions.

In response to mounting security concerns, companies have increased spending on technology to protect their IT infrastructure and data. Along with specialized hardware and software, companies need to develop specific security strategies that take a proactive approach to prevent security and technical problems before they start. However, a recent CIO article lamented the lack of basic security policies that companies only implement after a hack or data crisis.15

Data Security Issues

Unauthorized access into a company’s computer systems can be expensive, and not just in monetary terms. Juniper Networks estimates that cybercrime will cost businesses more than $2 trillion in 2019, compared to just $450 million in 2001. The most costly categories of threats include worms, viruses, and Trojan horses (defined later in this section); computer theft; financial fraud; and unauthorized network access. The report also states that almost all U.S. businesses report at least one security issue, and almost 20 percent have experienced multiple security incidents.16

Computer crooks are becoming more sophisticated all the time, finding new ways to get into ultra-secure sites. “As companies and consumers continue to move towards a networked and information economy, more opportunity exists for cybercriminals to take advantage of vulnerabilities on networks and computers,” says Chris Christiansen, program vice president at technology research firm IDC.17 Whereas early cybercrooks were typically amateur hackers working alone, the new ones are more professional and often work in gangs to commit large-scale internet crimes for large financial rewards. The internet, where criminals can hide behind anonymous screen names, has increased the stakes and expanded the realm of opportunities to commit identity theft and similar crimes. Catching such cybercriminals is difficult, and fewer than 5 percent are caught.18

A photograph shows a laptop with streaming numbers on its screen, and a big red lock icon.
Exhibit 13.8 Data security is under constant attack. In 2017, cybercriminals penetrated Equifax, one of the largest credit bureaus in the nation, and stole the personal data of more than 145 million people. To date, it is considered one of the worst data breaches of all time because of the amount of sensitive data stolen, including consumers’ Social Security numbers. What impact do identity theft and other data-security issues have on global networking and e-commerce? (Credit: Blogtrepreneur/ flickr/ Attribution 2.0 Generic (CC BY 2.0))

Firms are taking steps to prevent these costly computer crimes and problems, which fall into several major categories:

  • Unauthorized access and security breaches. Whether from internal or external sources, unauthorized access and security breaches are a top concern of IT managers. These can create havoc with a company’s systems and damage customer relationships. Unauthorized access also includes employees, who can copy confidential new-product information and provide it to competitors or use company systems for personal business that may interfere with systems operation. Networking links also make it easier for someone outside the organization to gain access to a company’s computers.

    One of the latest forms of cybercrime involves secretly installing keylogging software via software downloads, e-mail attachments, or shared files. This software then copies and transmits a user’s keystrokes—passwords, PINs, and other personal information—from selected sites, such as banking and credit card sites, to thieves.

  • Computer viruses, worms, and Trojan horses. Computer viruses and related security problems such as worms and Trojan horses are among the top threats to business and personal computer security. A computer program that copies itself into other software and can spread to other computer systems, a computer virus can destroy the contents of a computer’s hard drive or damage files. Another form is called a worm because it spreads itself automatically from computer to computer. Unlike a virus, a worm doesn’t require e-mail to replicate and transmit itself into other systems. It can enter through valid access points.

    Trojan horses are programs that appear to be harmless and from legitimate sources but trick the user into installing them. When run, they damage the user’s computer. For example, a Trojan horse may claim to get rid of viruses but instead infects the computer. Other forms of Trojan horses provide a “trapdoor” that allows undocumented access to a computer, unbeknownst to the user. Trojan horses do not, however, infect other files or self-replicate.19

    Viruses can hide for weeks, months, or even years before starting to damage information. A virus that “infects” one computer or network can be spread to another computer by sharing disks or by downloading infected files over the internet. To protect data from virus damage, virus protection software automatically monitors computers to detect and remove viruses. Program developers make regular updates available to guard against newly created viruses. In addition, experts are becoming more proficient at tracking down virus authors, who are subject to criminal charges.

  • Deliberate damage to equipment or information. For example, an unhappy employee in the purchasing department could get into the company’s computer system and delete information on past orders and future inventory needs. The sabotage could severely disrupt production and the accounts payable system. Willful acts to destroy or change the data in computers are hard to prevent. To lessen the damage, companies should back up critical information.
  • Spam. Although you might think that spam, or unsolicited and unwanted e-mail, is just a nuisance, it also poses a security threat to companies. Viruses spread through e-mail attachments that can accompany spam e-mails. Spam is now clogging blogs, instant messages, and cell phone text messages as well as e-mail inboxes. Spam presents other threats to a corporation: lost productivity and expenses from dealing with spam, such as opening the messages and searching for legitimate messages that special spam filters keep out.
  • Software and media piracy. The copying of copyrighted software programs, games, and movies by people who haven’t paid for them is another form of unauthorized use. Piracy, defined as using software without a license, takes revenue away from the company that developed the program—usually at great cost. It includes making counterfeit CDs to sell as well as personal copying of software to share with friends.

Preventing Problems

Creating formal written information security policies to set standards and provide the basis for enforcement is the first step in a company’s security strategy. Unfortunately, a recent survey of IT executives worldwide revealed that over two-thirds expect a cyberattack in the near future. Stephanie Ewing, a data security expert, states, “Having a documented, tested process brings order to chaotic situations and keeps everyone focused on solving the most pressing issues.” Without information security strategies in place, companies spend too much time in a reactive mode—responding to crises—and don’t focus enough on prevention.20

Security plans should have the support of top management, and then follow with procedures to implement the security policies. Because IT is a dynamic field with ongoing changes to equipment and processes, it’s important to review security policies often. Some security policies can be handled automatically, by technical measures, whereas others involve administrative policies that rely on humans to perform them. Examples of administrative policies are “Users must change their passwords every 90 days” and “End users will update their virus signatures at least once a week.” Table 13.4 shows the types of security measures companies use to protect data.

Five Areas of Concern Regarding the Protection of Data
Percentage Concern for Protecting Data
52 Aren’t sure how to secure connected devices and apps
40 Don’t immediately change default passwords
33 Don’t think they can control how companies collect personal information
33 Parents admit they don’t know the risks well enough to explain to children
37 Use credit-monitoring services
Table 13.4 Source: Adapted from Tony Bradley, “Top 5 Concerns to Focus on for Privacy Day,” Forbes, https://forbes.com, January 27, 2017.

Preventing costly problems can be as simple as regularly backing up applications and data. Companies should have systems in place that automatically back up the company’s data every day and store copies of the backups off-site. In addition, employees should back up their own work regularly. Another good policy is to maintain a complete and current database of all IT hardware, software, and user details to make it easier to manage software licenses and updates and diagnose problems. In many cases, IT staff can use remote access technology to automatically monitor and fix problems, as well as update applications and services.

Companies should never overlook the human factor in the security equation. One of the most common ways that outsiders get into company systems is by posing as an employee, first getting the staffer’s full name and username from an e-mail message and then calling the help desk to ask for a forgotten password. Crooks can also get passwords by viewing them on notes attached to a desk or computer monitor, using machines that employees leave logged on when they leave their desks, and leaving laptop computers with sensitive information unsecured in public places.

Portable devices, from handheld computers to tiny plug-and-play flash drives and other storage devices (including mobile phones), pose security risks as well. They are often used to store sensitive data such as passwords, bank details, and calendars. Mobile devices can spread viruses when users download virus-infected documents to their company computers.

Imagine the problems that could arise if an employee saw a calendar entry on a mobile device like “meeting re: layoffs,” an outsider saw “meeting about merger with ABC Company,” or an employee lost a flash drive containing files about marketing plans for a new product. Manufacturers are responding to IT managers’ concerns about security by adding password protection and encryption to flash drives. Companies can also use flash drive monitoring software that prevents unauthorized access on PCs and laptops.

Companies have many ways to avoid an IT meltdown, as Table 13.5 describes.

Procedures to Protect IT Assets
  • Develop a comprehensive plan and policies that include portable as well as fixed equipment.
  • Protect the equipment itself with stringent physical security measures to the premises.
  • Protect data using special encryption technology to encode confidential information so only the recipient can decipher it.
  • Stop unwanted access from inside or outside with special authorization systems. These can be as simple as a password or as sophisticated as fingerprint or voice identification.
  • Install firewalls, hardware or software designed to prevent unauthorized access to or from a private network.
  • Monitor network activity with intrusion-detection systems that signal possible unauthorized access, and document suspicious events.
  • Conduct periodic IT audits to catalog all attached storage devices as well as computers.
  • Use technology that monitors ports for unauthorized attached devices and turn off those that are not approved for business use.
  • Train employees to troubleshoot problems in advance, rather than just react to them.
  • Hold frequent staff-training sessions to teach correct security procedures, such as logging out of networks when they go to lunch and changing passwords often.
  • Make sure employees choose sensible passwords, at least six and ideally eight characters long, containing numbers, letters, and punctuation marks. Avoid dictionary words and personal information.
  • Establish a database of useful information and FAQ (frequently asked questions) for employees so they can solve problems themselves.
  • Develop a healthy communications atmosphere.
Table 13.5

Keep IT Confidential: Privacy Concerns

The very existence of huge electronic file cabinets full of personal information presents a threat to our personal privacy. Until recently, our financial, medical, tax, and other records were stored in separate computer systems. Computer networks make it easy to pool these data into data warehouses. Companies also sell the information they collect about you from sources like warranty registration cards, credit-card records, registration at websites, personal data forms required to purchase online, and grocery store discount club cards. Telemarketers can combine data from different sources to create fairly detailed profiles of consumers.

The September 11, 2001, tragedy and other massive security breaches have raised additional privacy concerns. As a result, the government began looking for ways to improve domestic-intelligence collection and analyze terrorist threats within the United States. Sophisticated database applications that look for hidden patterns in a group of data, a process called data mining, increase the potential for tracking and predicting people’s daily activities. Legislators and privacy activists worry that such programs as this and ones that eavesdrop electronically could lead to excessive government surveillance that encroaches on personal privacy. The stakes are much higher as well: errors in data mining by companies in business may result in a consumer being targeted with inappropriate advertising, whereas a governmental mistake in tracking suspected terrorists could do untold damage to an unjustly targeted person.

Increasingly, consumers are fighting to regain control of personal data and how that information is used. Privacy advocates are working to block sales of information collected by governments and corporations. For example, they want to prevent state governments from selling driver’s license information and supermarkets from collecting and selling information gathered when shoppers use barcoded plastic discount cards. With information about their buying habits, advertisers can target consumers for specific marketing programs.

The challenge to companies is to find a balance between collecting the information they need while at the same time protecting individual consumer rights. Most registration and warranty forms that ask questions about income and interests have a box for consumers to check to prevent the company from selling their names. Many companies now state in their privacy policies that they will not abuse the information they collect. Regulators are taking action against companies that fail to respect consumer privacy.

Concept Check

  1. Describe the different threats to data security.
  2. How can companies protect information from destruction and unauthorized use?
  3. Why are privacy rights advocates alarmed over the use of techniques such as data warehouses and data mining?
PreviousNext
Order a print copy

As an Amazon Associate we earn from qualifying purchases.

Citation/Attribution

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/introduction-business/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/introduction-business/pages/1-introduction
Citation information

© Dec 12, 2022 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.