By the end of this section, you will be able to:
- Describe the importance of practicing responsible computer safety and security
- Identify common computer security issues
- List measures to prevent computer security breaches
- Describe the importance of privacy in a digital world
At WorldCorp, you’ve realized how the evolution of computing has led to your present-day status as a new employee. You’re getting the hang of how computers are put together, how they have changed the business landscape, and how you need to understand their basic components to thrive in your industry. Another part of that understanding is learning how to safely navigate the computer world, both in the company’s internal systems and in external systems on the internet and the World Wide Web.
The Importance of Computer Safety and Security
The protection of computer systems and information that prevents unauthorized use is referred to as computer security. Computer ethics are guidelines for the morally acceptable use of computers in society. Any criminal offense that involves a computer and a network is referred to as cybercrime. One of the most common types of cybercrimes is identity theft, which occurs when an unauthorized user steals an individual’s personal information, such as a Social Security number or credit card information for economic gain. An increase in the number of hackers—individuals who gain unauthorized access to computer systems in an attempt to steal someone’s information—has prompted the development of software programs designed to protect consumers’ identities, such as LifeLock.
There are strategies you can employ that will keep your computer, and the information you have saved on it, safe and secure from theft and hacking. These include:
- using security suites that can protect user privacy and security while on the internet
- using a firewall, which is a barrier between a network that is secured and one that is not secured, to provide additional security
- setting up password-protected network access
- avoiding logging in to accounts on an open network (one that is not password protected)
- using encryption to make it impossible for unauthorized individuals to gain access
Data and Identity Theft
In addition to hackers who target individual users, corporate espionage (also known as industrial, economic, or corporate spying) is conducted for commercial or financial gain by targeting businesses, government agencies, energy companies, and even schools. Corporate espionage can take the form of unethical or illegal acquisition of intellectual property (such as customer data, pricing, or research and development information) or trade secrets through theft, bribery, or blackmail. Examples of corporate espionage include:
- trespassing on a competitor’s property and/or gaining unauthorized access to files
- wiretapping—the secret interception of electronic communications
- domain hacking, which occurs when another entity steals the original party’s domain name
- phishing to lure competitors’ employees to open emails, thereby exposing information
Attempts to get users to interact with an email or website that appears to be legitimate but is actually fake is called phishing. Phishing lures users to provide their personal information and login credentials through these hoax sites and emails. This is usually through the use of spoofing. Spoofing is communication (usually an email) that on the surface looks to be legitimate from a trusted source. These emails have become much more sophisticated and are designed to look more and more like real correspondence from a company or even a government agency such as the IRS. Something that has grown increasingly common is ransomware, malicious software that encrypts computer data, rendering it useless and inaccessible, and forcing the owner to pay a ransom to regain access. Software that is designed with the purpose of damaging a user’s computer system once it has access to that system is called malware.
Password Management and Biometrics
For all of these threats to online security, there are protective steps you can take. A set of principles and best practices for storing and managing passwords in a manner that is likely to prevent unauthorized access is called password management. You may password protect your computer, as well as various accounts you may access through your computer and the internet. Having a strong password will ensure that hackers cannot figure out your password easily. Many organizations today use multifactor authentication to provide an additional layer of security. For example, when accessing your bank account on your phone or your laptop, you may be asked to enter a specific code that is sent via email or text. This now provides two layers of security—first, entering the correct password, then correctly entering the code that was sent to you. Multifactor authentication can also be used by businesses when accessing the company software or computer network.
Please Pass the Password
Some tips for creating a strong password include:
- Avoid using a real name (either your own or the company’s) as your password.
- Use a combination of letters and numbers with at least eight characters.
- Do not use a complete word such as “password.”
- Do not reuse passwords.
- Use a combination of uppercase and lowercase letters.
- Incorporate special symbols instead of letters or numbers (such as an exclamation point or dollar sign instead of a numeral).
In addition to passwords, you can also use biometrics to protect your computer and information. Unique physical markers of an individual that can be used to restrict access to only those who match these physical characteristics, such as retinal scans and fingerprints, are called biometrics. Biometrics are much harder to hack as they cannot be guessed or stolen.
Internet and Web Privacy
The internet is pervasive and omnipresent. It is part of all you do in business and in your everyday life. How people conduct themselves online, what they share, and what they visit—all this information is captured and saved in various places, from internet providers’ servers to browser companies such as Google to different social media sites. This information is captured and saved even if deleted from your computer or account. It is important to consider how to represent yourself and what to share to maintain your privacy.
Your browsing history includes all websites you may have visited, as well as any actions you may have taken on those websites. It is typically saved locally on your computer within the browser application, as well as with the company that provides the browser. Your internet or data provider may also keep track of your browsing history. While this information is handy to have for future reference, consider clearing your browsing history from your personal computer on a regular basis. Be aware that your employer may also collect this information; while using a work computer, you should avoid visiting websites that do not support your work function. Both Google analytics and your company can theoretically store browsing data for a long time, even after you delete it.
As the name implies, temporary files are created by a program to allow it to complete a task or tasks. These files are handy to have in case of a sudden shutdown, as they may help to recover a file that might otherwise be lost. Many temporary files are automatically deleted once the task is complete or the file is saved permanently. But others may stick around; these files are saved in your temp folder. On a Windows computer, you can access your temp folder by typing %temp% in the Windows search bar at the bottom left of your screen.
On a Mac, open the Finder and select Go ≫ Go to Folder. In the search bar, type ~/Library/Caches/ and then click Go to run the command. A window will open with a list of all the generated temp files saved on your Mac. You can easily select and delete these files.
Posting on Social Media
According to Pew Research, “seven-in-ten Americans use social media to connect with one another, engage with news content, share information and entertain themselves.” Some of the most popular platforms today are TikTok, Facebook, YouTube, Instagram, and WhatsApp. Figure 1.31 shows the sites adults in the United States use most. The United States and China have the most social media users of all countries worldwide. Social media has exploded in popularity and is used widely for both personal and business purposes. Businesses and individuals must be mindful of what they post on social media. Even the most private accounts can have data breaches, allowing others to save and/or share private content. It is important to consider what you post, as well as any potential unintended consequences that might arise from social media use. You must also be aware of spoof accounts that present as a reputable person, when in fact they are attempting to con or mislead an individual. Similarly, AI and bots may interact with users, posing as real people when in fact they are nothing more than a computer algorithm.
Ultimately, you should be sure to present a positive self-image on the internet, particularly on networking social media platforms such as LinkedIn. When considering how you want to represent yourself online, answer these questions: (1) Is this information accurate? (2) Will this post be potentially detrimental to my schooling and/or career? (3) Is the information hurtful or detrimental to someone else?
Privacy involves practices related to the collection and use of data about an individual. Many companies will have privacy policies when you sign up as a customer or purveyor of their content. It is important to read these policies to ensure you are not inadvertently providing permission to use your data and information in a way that you do not actually approve of. In addition, many companies will disclose they sell your information to other companies seeking similar customers. It is important to decline these permissions to avoid circulation of your contact information.
Minimal Data Collection from Customers
Collecting data from customers allows organizations to determine their needs and identify niche markets. Companies must ensure they are collecting the most minimal amount of data necessary from their customers to achieve these goals. Collecting too much data places both the company and the customer at risk. The company is responsible for ensuring that information is used responsibly and within the parameters of its privacy agreement; any data breach puts the company at risk of liability. Similarly, customers have the right to know how their information is used by the company and may request compensation if it is used inappropriately. Therefore, companies must ensure that they collect only the most minimal amount of data required to meet their business needs.
Data security involves protecting digital information (data) from being accessed or used by parties who should not have access, or for purposes it should not be used for. Just as individuals must ensure they protect their information from hackers and malicious intent, companies are responsible for ensuring they use the most up-to-date data security measures to protect both customer information and proprietary company information and data.
Companies must ensure both internal and external security. Internally, a company should establish policies and protocols to ensure employees are abiding by data security measures. A company should also limit employee access to certain information. Keeping technologies up to date, with the most current security software, is also important. Depending on the size of the company, it may be worthwhile to establish a cybersecurity branch that employs qualified professionals dedicated to data security.
There are a number of strategies a company can use to keep data secure. Encrypting the data will render information unreadable to unauthorized users. Without the access key, encrypted information presents as nothing more than a meaningless string of characters. Companies, like individuals, can also take steps to delete files, software, and data that is no longer of use. And they can take it a step further by practicing data erasure, wherein the information is not only deleted but overwritten as well. In another approach, data masking, personally identifiable information is removed from the data, allowing the company to make decisions about its customers without associating the data with an individual’s personal information. By taking these steps, companies ensure they can recover from a data breach quickly, reinforcing their data resiliency.