Disclosure: Hackr.io is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.
What is Computer Security? Introduction to Computer Security
Table of Contents
- The Basic Foundations of Computer Security
- Types of Computer Security
- Types of Computer Security Threats
- Common Computer Security Practices
- Types of Computer Security Software
- Cloud-Based Computer Security
- Careers in Computer Security
- MSPs, SaaS, and Outsourced Security Services
- Zero-Trust Security Policies
- Learning More About Computer Security
What is Computer Security?
Also known as “cybersecurity,” computer security refers to the defense of physical computing devices, software information systems, and digital data against unwanted or malicious access, theft, or damage. Computer security is an extensive and growing field — and basic cybersecurity principles are essential for everyone.
Beyond this broad computer security definition, many disciplines, fields, tools, and technologies are involved. Attending seminars, acquiring certifications, and even getting a degree are viable ways to learn more about computer security technology.
The Basic Foundations of Computer Security
Computer security primarily addresses three major areas: privacy, integrity, and accessibility. To be specific:
- Privacy refers to the ability to maintain confidentiality regarding data that must be protected (such as personally identifiable information).
- Integrity refers to the ability to protect data from being deleted, altered, or otherwise mismanaged.
- Accessibility refers to the ability for anyone to access the data and thereby potentially compromise it.
A significant portion of computer security revolves around data, as you can see. But that’s not all that it is. Today, computer systems run the world. Massive amounts of damage can be done via a cyberattack — financial systems can go down, pipelines can go down, and even government agencies can be taken out of service.
Today, an employee may:
- Wake up in the morning and check their emails on their personal phone. If their phone isn’t locked, anyone can access their email and their accounts. If their phone is lost or stolen, it could provide authentication into a secured system.
- Go to work and log into a cloud-based terminal with a shared password. If someone shares a password with a trusted coworker, the risk isn’t usually malicious action by the trusted party. The danger is that the trusted coworker’s devices might be compromised.
- Try to install an unsecured application to their work computer. Self-service IT is notoriously dangerous. An employee could download an application for modifying PDFs that has a keylogger or virus in it, for instance.
- Answer an email asking for their credentials “from IT.” The most pervasive threats are called social engineering threats; they don’t involve any technology, making them difficult to defend against.
- Accidentally access and delete files they shouldn’t. If a company doesn’t have Zero-Trust policies in place, it’s easy for employees to compromise data accidentally. Non-malicious intent is still a security hazard.
- Forget to log out of their computer at the end of the day. Even if their accounts themselves are secure, it doesn’t help if someone just walks up to a computer and starts to use it.
- Go home and log in on their personal tablet. Having employees “always on” and “always accessible” also means that they will frequently use personal devices. In this case, this personal tablet could be used by the entire family, and a child could easily compromise data.
Every single employee encounters a multitude of risks every day. When you consider how many employees the average business has, the risk becomes significantly greater. But almost all the above risks could have been countered by the right policies and technologies.
The negligence of employees still causes 88% of all cybersecurity breaches.
Related Course: Cybersecurity Fundamentals
Types of Computer Security
As noted, computer security is rather broad. There are a lot of types of computer security. The major ones include:
- Information security. This refers directly to the process of securing and protecting data specifically, both from harm and from compromise.
- Network security. This refers to protecting communications throughout an organization’s network, such as when a computer transmits data to a server.
- Application security. This refers to securing data within an application, such as a web application or a mobile app.
- Computer security. This refers to securing computer devices or, more specifically, end-user devices (including tablets, smartphones, etc.).
- Cybersecurity. This refers to securing computing devices that are connected to the internet.
- Cloud security. This refers to the securing, management, and continued security maintenance of private, hybrid, and public cloud systems.
So, when someone says “computer security,” it may be worthwhile to dig a little deeper into the computer security meaning; it can mean multiple disciplines or encompass them all.
Each of these focuses also has corresponding certification processes, degree programs, and career paths.
Types of Computer Security Threats
Just as there are many types of computer security, there are also many forms of cybersecurity threats. Computer security is often seen as an arms race, with malicious attackers constantly developing new methods of thwarting even the most secure systems.
Some of the most common threats include:
- Viruses. Viruses sneak their way onto a computer system and then attempt a malicious action. Usually, a virus is designed to create havoc; it may delete files or brick the device. A virus might be intended for profit; it may show ads on pages that aren’t there. But the critical part of a virus is that it self-replicates.
- Phishing attempts. In a phishing attempt, a malicious attacker simply asks for information from a user. They may pretend to be the user’s bank, employer, or IT department. The data gained from this is used to compromise accounts.
- Ransomware. Ransomware will block access to a device or data until a ransom is paid. The device or data will be encrypted with a key that only the person who created the ransomware knows.
- DDoS attacks. Distributed Denial of Service attacks are designed to block out access to a system, service, or device by repeatedly connecting with that device and exhausting its resources.
- Rootkits. Often hidden in other software, a rootkit gives another user control over a device. “Root” refers to administrative control.
- Keyloggers. These software systems log keys pressed on a device, seeking to compromise passwords and confidential information.
By far, the most prevalent type of computer security threat today is ransomware. Since the advent of cryptocurrency, ransomware has become a popular hack — it’s easier than ever for ransom to be paid under an anonymized service.
But ransomware can be easily defeated through security practices such as keeping regular backups.
That brings us to the next section — how can you defend yourself?
Common Computer Security Practices
Imagine if you couldn’t get into your email. What data would you lose? What accounts would be compromised? Computer security is everyone’s responsibility.
While employers provide the tools and the devices, employees are most commonly the weak link, and most attacks occur due to employee negligence.
Let’s take a look at some common security practices.
- Installing next-generation antivirus solutions, which can use machine-learning algorithms and AI to identify a potential intrusion.
- Mandating regular employee training regarding computer security best practices and onboarding employees with the right training.
- Using advanced authentication systems such as multi-factor or biometric authentication rather than passwords.
- Streamlining and consolidating systems, such as through an identity-as-a-service solution.
- Having written computer security policies and ensuring that these policies are followed at all levels.
- Maintaining separate “work” devices from personal devices, particularly when it comes to cellphones and laptops.
- Conducting regular audits for potential security threats, security gaps, and improvements that can be made.
- Requiring a VPN or otherwise encrypted and secured connection.
- Maintaining proper authentication/password hygiene; keeping passwords unique, separate, and private.
- Refraining from connecting to systems or downloading data onto platforms that aren’t secure, such as a home computer rather than an office computer.
- Reporting anything strange that they receive, such as an obvious phishing attempt.
- Never send confidential information to a source that has not been properly verified; i.e., if IT sends an email asking for a login, they should call them on the phone to verify that they sent the request. They still should not proffer the login.
These are best practices that a system should be regularly audited for. Companies need to be constantly improving their security because malicious attackers are constantly improving their attempts.
Cyberattacks can cost an organization, on average, $200,000. Many businesses collapse under the weight of the cost.
Related reading: Top 10 Open Source Security Testing Tools for Web Applications
Types of Computer Security Software
At home, most users use an antivirus solution such as Avast Antivirus, AVG Antivirus, or McAfee. These are all-in-one protection devices, but there are actually many types of security tools.
- Antivirus suites. Commonly, antivirus suites come with an array of malware protection and detection utilities. A common one is “sandboxing.” In a sandbox, an application is run in a protected environment where it cannot access or manipulate other things on the system.
- Firewalls. A firewall is a system within a computer that determines whether a connection should be allowed.
- AI algorithms. AI algorithms use machine learning to identify behaviors that could be potentially dangerous to a system. For instance, they might identify an unusual amount of data transfer occurring, and alert security to possible intrusion.
- Backup systems. Backup systems are instrumental in defeating attacks such as ransomware. Even if your system is destroyed by a malicious program, you need to be able to bring it back — quickly.
- Email scanners. Email scanners are the frontline against phishing attempts, because these attempts are non-technological in nature. These email scanners can look for potentially suspicious emails.
- Data management solutions. Modern data management solutions can actually identify when privileged information or privileged documents might be getting sent out and halt the process.
- Authentication services. Most authentication services today are multi-factor or two-factor, ensuring that an individual has at least two forms of identification.
- Mobile device management platforms. MDM platforms manage mobile devices when connected to the network, such as smartphones and tablets.
- VPNs. VPNs provide end-to-end encryption services, so all the sent data is encrypted even on a potentially compromised line (such as a public coffee house).
A business will usually use some combination of the above to ensure the security of their systems. But it’s always a careful balance between security and performance. The more security a company installs, the slower their system will run — resources are being consumed. So, an organization has to choose the most secure system that they can afford to run.
Cloud-Based Computer Security
Quite a lot of systems are now run on the cloud, and the cloud introduces new issues. First, there are three types of cloud service:
- Private clouds, which operate very much like a cluster of on-premises servers.
- Public clouds, which are accessed online and are usually not in the direct control of the organization.
- Hybrid clouds, which are made of a mix of the above two types of cloud service.
There are now experts specifically in cloud-based computer security. Cloud security can be much more advanced than on-premise security today because the resources that the cloud provides can be used for next-generation, adaptive learning AI tools.
At the same time, the cloud is so accessible that it has an expanded attack surface, and many employees will use their cloud platform anywhere — coffee shops, shared computers, and more. When organizations use the cloud, they need to be more cautious about their security. When individuals use the cloud, they also need to be conscientious.
Are your photos, videos, and documents automatically uploaded to the cloud? How many devices have access to them? Could those devices become compromised?
You might not realize, for instance, that if your office computer is logged into your personal Gmail, anyone on that computer can see all your photos!
Careers in Computer Security
Computer security is one of the fastest-growing fields. With a growth rate of 33% for Information Security Analysts alone, there’s a lot of room for professional development. Because of that, many people are investing in careers in computer security.
Within separate classifications (such as cybersecurity or network security), security roles can include:
- Admins. Administrators will manage a system that has already been developed.
- Analysts. Analysts will analyze, optimize, and improve upon a system that’s been developed.
- Architects. Architects will create systems or sometimes perform high-level audits on systems.
Most people choose a path in cybersecurity (such as application security) and then progress along that path. Ways to get the applicable experience include:
- Working in an adjacent field.
- Acquiring a degree in Computer Security, Computer Science, or Computer Engineering.
- Getting certifications or attending a bootcamp.
There are many entry-level careers in computer security for those who would rather learn hands-on and on-the-job.
Computer security tends to be exceptionally skills-based because the field changes so swiftly. Those who go into computer security will need to take continuing education their entire careers.
Related reading: 10 Best Cybersecurity Certifications to Boost Your Career
MSPs, SaaS, and Outsourced Security Services
Understandably, not every business has the budget for an internal IT security team. Many companies outsource their security services to MSPs (managed service providers) or simply use as-a-Service technologies. As-a-Service technologies are generally managed by the service provider rather than the company itself.
There are both advantages and drawbacks to outsourcing security. An organization will likely acquire superior resources and technology for less money — but, in so doing, they will often become reliant on the MSP/SaaS provider and may have less control over their system.
About 64% of small businesses now manage their own IT needs.
Zero-Trust Security Policies
Today, a computer security system is often designed with “zero-trust” policies in mind.
In the past, systems had a running list of systems that they didn’t trust. They would actively deny those systems. Similarly, systems had a list of files that they protected. They would deny access to those files unless someone had the right credentials.
This was a “trust” policy — by default, people were trusted to access devices and documents.
But Zero-Trust policies have become more common. Under a zero-trust policy, systems instead have a list of systems that they do trust. They deny all connections except for those systems by default. And instead of having a list of protected files, all files are protected by default, with only a list of those who are allowed to access them.
Zero-Trust is a far more effective method of managing documents and computer systems. It means that if a single account is compromised, it’s far less likely that the entirety of the network and its data will be compromised. All data is properly siloed and disconnected.
The best example of Trust vs. Zero-Trust involves who is allowed to spend money with your bank account. Would you rather it be “everyone, except x, x, and x?” Or would you rather it be “only me?”
Learning More About Computer Security
Knowing the computer security definition often isn’t enough. Even an office worker who only casually works with technology needs to understand the basic principles of computer security. Computers are entrenched in the way that everyone today works, especially remote workers.
There are many ways to learn more about computer security:
- Attend a bootcamp, if you’re interested not only in the foundations but potentially making it a career.
- Go to seminars focused on your industry — every industry is different and maintains different technology.
- Learn more online. There’s a lot of information out there about new security risks, tools, and technologies.
Computer security is an extremely broad field. But it also touches upon every industry, every device, and every person. By learning more about computer security, you can ensure that your own data and devices are protected.