Information security is the process of protecting the availability, privacy, and integrity of data. While the term often describes measures and methods of increasing computer security, it also refers to the protection of any type of important data, such as personal diaries or the classified plot details of an upcoming book. No security system is foolproof, but taking basic and practical steps to protect data is critical for good information security.
Password Protection
Using passwords is one of the most basic methods of improving information security. This measure reduces the number of people who have easy access to the information, since only those with approved codes can reach it. Unfortunately, passwords are not foolproof, and hacking programs can run through millions of possible codes in just seconds. Passwords can also be breached through carelessness, such as by leaving a public computer logged into an account or using a too simple code, like "password" or "1234."
To make access as secure as possible, users should create passwords that use a mix of upper and lowercase letters, numbers, and symbols, and avoid easily guessed combinations such as birthdays or family names. People should not write down passwords on papers left near the computer, and should use different passwords for each account. For better security, a computer user may want to consider switching to a new password every few months.
Antivirus and Malware Protection
One way that hackers gain access to secure information is through malware, which includes computer viruses, spyware, worms, and other programs. These pieces of code are installed on computers to steal information, limit usability, record user actions, or destroy data. Using strong antivirus software is one of the best ways of improving information security. Antivirus programs scan the system to check for any known malicious software, and most will warn the user if he or she is on a webpage that contains a potential virus. Most programs will also perform a scan of the entire system on command, identifying and destroying any harmful objects.
Most operating systems include a basic antivirus program that will help protect the computer to some degree. The most secure programs are typically those available for a monthly subscription or one-time fee, and which can be downloaded online or purchased in a store. Antivirus software can also be downloaded for free online, although these programs may offer fewer features and less protection than paid versions.
Even the best antivirus programs usually need to be updated regularly to keep up with the new malware, and most software will alert the user when a new update is available for downloading. Users must be aware of the name and contact method of each anti-virus program they own, however, as some viruses will pose as security programs in order to get an unsuspecting user to download and install more malware. Running a full computer scan on a weekly basis is a good way to weed out potentially malicious programs.
Firewalls
A firewall helps maintain computer information security by preventing unauthorized access to a network. There are several ways to do this, including by limiting the types of data allowed in and out of the network, re-routing network information through a proxy server to hide the real address of the computer, or by monitoring the characteristics of the data to determine if it's trustworthy. In essence, firewalls filter the information that passes through them, only allowing authorized content in. Specific websites, protocols (like File Transfer Protocol or FTP), and even words can be blocked from coming in, as can outside access to computers within the firewall.
Most computer operating systems include a pre-installed firewall program, but independent programs can also be purchased for additional security options. Together with an antivirus package, firewalls significantly increase information security by reducing the chance that a hacker will gain access to private data. Without a firewall, secure data is more vulnerable to attack.
Codes and Cyphers
Encoding data is one of the oldest ways of securing written information. Governments and military organizations often use encryption systems to ensure that secret messages will be unreadable if they are intercepted by the wrong person. Encryption methods can include simple substitution codes, like switching each letter for a corresponding number, or more complex systems that require complicated algorithms for decryption. As long as the code method is kept secret, encryption can be a good basic method of information security.
On computers systems, there are a number of ways to encrypt data to make it more secure. With a symmetric key system, only the sender and the receiver have the code that allows the data to be read. Public or asymmetric key encryption involves using two keys — one that is publicly available so that anyone can encrypt data with it, and one that is private, so only the person with that key can read the data that has been encoded. Secure socket layers use digital certificates, which confirm that the connected computers are who they say they are, and both symmetric and asymmetric keys to encrypt the information being passed between computers.
Legal Liability
Businesses and industries can also maintain information security by using privacy laws. Workers at a company that handles secure data may be required to sign non-disclosure agreements (NDAs), which forbid them from revealing or discussing any classified topics. If an employee attempts to give or sell secrets to a competitor or other unapproved source, the company can use the NDA as grounds for legal proceedings. The use of liability laws can help companies preserve their trademarks, internal processes, and research with some degree of reliability.
Training and Common Sense
One of the greatest dangers to computer data security is human error or ignorance. Those responsible for using or running a computer network must be carefully trained in order to avoid accidentally opening the system to hackers. In the workplace, creating a training program that includes information on existing security measures as well as permitted and prohibited computer usage can reduce breaches in internal security. Family members on a home network should be taught about running virus scans, identifying potential Internet threats, and protecting personal information online.
In business and personal behavior, the importance of maintaining information security through caution and common sense cannot be understated. A person who gives out personal information, such as a home address or telephone number, without considering the consequences may quickly find himself the victim of scams, spam, and identity theft. Likewise, a business that doesn't establish a strong chain of command for keeping data secure, or provides inadequate security training for workers, creates an unstable security system. By taking the time to ensure that data is handed out carefully and to reputable sources, the risk of a security breach can be significantly reduced.