Computer security refers to the protection of a computer’s hardware and the data that it holds. Computer security can be implemented using passwords, encryption, and firewalls, and denying physical access to a computer’s location.

While security measures do not guarantee that data won’t be compromised, the extra steps can certainly help prevent unauthorized data access and acquisition.

What is a computer security risk?

A computer security risk is an event or action that could cause a loss of data or damage to hardware or software. It could result from unpatched software, misconfigured software or hardware, and bad habits (e.g., using “1234” as your password). Any illegal act involving a computer security risk is a considered a computer crime. The following pages contain information on how to minimize security risks:

  • What is a computer security risk?

  • What helps increase computer security?

  • What is a security fix?

  • Business and corporate security risks.

  • How can computer security risks be measured?

  • Can a computer be 100% secure?

  • Related information

  • How to protect yourself while on the Internet.

  • How to prevent unauthorized computer access.

What helps increase computer security?

Below is a list of several things that can be done to mitigate risks and improve your overall computer security.

For help with managing business and corporate security risks, see the business and corporate security risks section.

  • Use strong passwords.

  • Use 2FA (two-factor authentication).

  • Install all of the latest software and hardware updates.

  • Make backups of important data.

  • When using Wi-Fi, communicate over a secure WPA or WPA2 connection.

  • Be aware of social engineering and phishing tactics.

  • Never download or run pirated software.

  • Familiarize yourself with relevant security terms.

  • How to protect yourself while on the Internet.

What is a security fix?

A security fix is one or more solutions to security threats or vulnerabilities found in computer software or hardware after it’s been released.

Security fixes are applied by running updates for an operating system and software running on the computer or another device. For hardware, firmware updates are performed to resolve hardware security threats.

Business and corporate security risks

In addition to personal computer security risks, there are also business and corporate security risks that should be considered. Below are some risks to consider when reviewing your computer security. Once you’ve assessed the risks to your business, you’ll need to plan how to mitigate them, implement solutions, and then monitor their effectiveness.

Employees

Humans are often the biggest security risk for businesses. If your employees are not appropriately trained or don’t follow safe practices, they could misconfigure software or hardware or be susceptible to social engineering.

Also, a company that doesn’t respect its employees or has a bad corporate culture, may cause employees to retaliate, steal information, or knowingly damage hardware or misconfigure software.

Bad backups

The data your company has for its products and customers is often vital to its operations. If that information became corrupt or was lost, it could destroy a company. Making sure all data is properly backed up and stored offsite helps prevent this risk.

Not maintaining hardware or software

Although it can be expensive to pay someone to maintain your computer hardware and software, not maintaining it creates a computer security risk and potential entry point to an attacker. We recommend having at least one individual who regularly checks up on your hardware and software systems.

When developing a backup strategy, also consider the possibility of ransomware, which can lock all data, including data stored in a backup. When performing backups, it’s a good idea not to have them connected to the same network or computer.

Outdated hardware or software

Eventually, you’ll need to replace the hardware and software your business uses with more up-to-date and efficient alternatives. Older hardware and software eventually reach an EOL (end-of-life) point, and when this happens, the manufacturer no longer develops security patches for that product. If you’re using a product no longer supported and a vulnerability is discovered, your computer or network would be susceptible to an attack.

Not planning for a disaster

If your business or one of your business locations is destroyed in a disaster, not planning for disaster recovery is another type of risk.

How can computer security risks be measured?

Below are technical reports with more advanced information on assessing security risks.

  • NIST Guide for Conducting Risk Assessments
  • OCTAVE - Operationally Critical Threat, Asset, and Vulnerability Evaluation
  • FAIR - Factor analysis of information risk
  • ISO 31000 Risk Management

Can a computer be 100% secure?

For a computer to be 100% secure, it would need to be disconnected from everything (air-gapped) and physically isolated to prevent anything getting installed. For example, you’d need to disable all drives that allow software to be installed (e.g., a disc drive) and disable ports (e.g., USB) that allow drives to connect to the computer.

When a computer connects to a network or the Internet and new software is installed, risks are introduced. Since most people need the Internet and the ability to install new software, a computer cannot be 100% secure. Computer security helps mitigate the risks to your computer, but it does not eliminate all risks.

Business terms, Hacker, Security terms, Threat, Vulnerability, WireGuard

  • How to protect yourself while on the Internet.
  • Computer security companies and related links.
  • Computer security help and support.