Security
What is computer security?
Computer security is the protection of computing devices, networks, and data from external threats.
What are the goals of the people behind these security threats?
Devices and networks connected to the Internet are constantly under threat from malicious entities. These entities range from small-time solo hackers, all the way up to national intelligence agencies. Their goals vary widely, but they can be grouped into several common categories:
- To collect private information. There are many types of private information, all of which may be the target of hackers—passwords, credit card numbers, messages, legal documents, and so on. A hacker could steal someone’s personal messages and then extort the person, or publish the messages to harm the person’s reputation. They might do the same with a company’s trade secrets. Intelligence agencies try to steal secrets from rival agencies, and monitor people and groups they consider dangerous.
- Financial gain. The most straightforward example of hacking for financial gain is to simply steal money by breaking into a bank account. Another example is ransomware: malicious software that encrypts your device, basically “locking” it and rendering it unusable; the ransomware operator will offer to decrypt your device in exchange for payment.
- Disruption. A common example of this category is denial-of-service (DoS) attacks: flooding a website with traffic, which overwhelms and crashes the site for all users. The attacker doesn’t necessarily gain anything; their aim may simply be to create chaos.
These goals are often achieved by means of malware, which is software made with a malicious purpose. Malware often makes use of bugs in legitimate software to install itself on a target device, usually without the user’s knowledge. Once installed on a device, malware can do a wide range of things: monitor the user’s activity, steal data, coordinate with other malware-infected devices, or disrupt the device’s functionality.
Another method is trickery and deception, which is sometimes called “social engineering.” A hacker may not need to get malware onto someone’s device to steal their password, if they can trick the person into simply handing over their password. This is often seen in scams with “spoofed” versions of an app or website.
What’s the difference between security and privacy?
Security and privacy are closely related. Security is primarily about preventing any type of intrusion into computing devices and networks, regardless of whether personal information is at stake. Privacy is primarily about preventing unwanted disclosure and use of personal information, regardless of how it happens.
Privacy and security
Security failures can cause privacy failures, but not the other way around. For example, if you voluntarily gave your private information to a company, and then the company’s systems got hacked and your data was stolen from them, that would be a security breach that caused a privacy breach. If, instead, the company sold your data to another company, that would be a failure of privacy, but not security.
Who works on security?
The front-line workers in computer security are IT professionals and network administrators. Security is a complex and fast-evolving field, so security is a distinct sub-specialty of the IT field.
Software developers also need a good understanding of common security threats, and how to build software that’s secure against those threats. Many security failures are only possible because of bugs in software, so preventing and fixing such bugs is crucial.
There are also researchers, both academic and corporate, who research emerging security threats, and new techniques for detecting and preventing those threats.
How can I protect my own security?
There are a few things you can do to protect your own security online.
- Always keep the software you use updated so it has the latest security fixes. This is especially important for your operating system (OS) and browser, which will often let you know when they need updating.
- Enable Safe Browsing in your Web browser. All major browsers support this feature, which warns you if you’re about to visit a known phishing or malware-hosting site.
- Be careful when clicking links in messages and emails, and also consider their source; be wary of clicking links that come from people or businesses you don’t know. If a message appears to come from someone you do know, but strikes you as unusual or out of character, it’s best to be careful: that person may have gotten a malware infection, and the malware may be trying to spread itself by sending messages to that person’s contacts.
- On mobile devices, only install apps from the official app store. On desktop or laptop devices, only install apps from the official app store, or from reputable companies.
- Where possible, try to only install browser extensions from the “official” store for those extensions, such as the Chrome Web Store. (Or, even better, try not to install extensions at all, and instead use browser-native options like Brave’s ad-blocking Shields feature.)
- Use a password manager to generate long, random, and unique passwords, and to store those passwords so you don’t have to remember them or write them down. Use a different password for every account you have, and enable two-factor authentication whenever possible.
- Only enter personal information on websites that use HTTPS (look for “https://” in your browser’s address bar), and avoid doing so in non-HTTPS sites. If you’re connected to a public or untrusted Wi-Fi network or ISP, try to use a VPN.