Computer Security and Protecting Its Data and Information: Proper Measures and Strategies - Research Paper Example

 Introduction Computer security is an important feature that should be enhanced to ensure that data and information are protected. Computer systems face many challenges that make them vulnerable to information security risks. According to Halibozek (2008), the most common risks to computer security include and not limited to computer viruses, hackers and crackers, vandalism, environment and depreciation. Once the computers experience these risks, they become susceptible and eventually break down completely. To ensure that these risks are controlled and prevented from damaging the systems or compromising the integrity of the organization, proper measures and strategies should be put into place to protect the systems. This essay is an evaluation of threats to computer systems and the relevant measures and plans which can be used to secure the computer systems. Secure Computer Systems Computers are the main data storage facilities in most of the organizations and businesses. Halibozek (2008) attributes this to their ability to store voluminous data and quick access to information through macros, queries and other short cuts that can be defined by the user. Their main disadvantage is that they are vulnerable to information security risks that may result to loss or damage of important information. Harley (2007) defines a Computer virus as a program that is created by a malicious person with an intention of causing harm to computers that are infected. They are designed in such a way that enables them to attach themselves to files in a database and also replicate themselves eventually corrupting files. In extreme cases, they cause total failure of the machines leading to loss of information that cannot be recovered. Once they attach themselves on a machine or a removable storage media, the viruses can be transmitted to other computers which are not virus protected. In computer networks, the risk of virus infection is higher than any other information system due to the activities that are carried out within the networks. Borchgrave (2001) observes that many organizations have connected their local computer networks to other global networks for the purpose of sharing and accessing information from any source through out the world. This is done through their websites which they use to advertise and conduct online shopping. This mode of doing business is proved to be advantageous to the businesses as it enables them to compete and trap the available market provided by those customers and suppliers who buy and sell their commodities through the internet. On the contrary, Borchgrave (2001) discredits this mode of conducting business due to its exposure of the computer systems to internet threats that are risky to information security. The designers of viruses usually attach their rogue programs to the web sites such that any one who visits the site and downloads information does it together with the viruses The viruses are then spread to other machines in the company’s network infecting files and data bases. To secure the computer systems from the risk of virus infection, Jones (2005) proposes that the system analysts should ensure that all computers in the network are installed with antivirus software such as Norton antivirus, MacAfee etc which should be updated on regular bases. The antivirus software protects the computers from virus infection by scanning suspicious materials and removing the threat if it is found. Updating the antivirus software regularly ensures that the software is kept to date with the changing tactics of the computer virus developers. Harley (2007) attributes this to the continuous change in design techniques of computer viruses that makes them more resistant to the available antivirus software. The developers of the antivirus react to this by advancing their techniques in order to counter the threats. This is why it is necessary to update the antivirus installed in computers. This can be facilitated by subscribing to automatic updates from the provider of the software installed on the computers in the network. The computer users should also be trained on the dangers of connecting removable storage devices on computers before scanning them with the antivirus software to reduce the chances of transmitting the viruses from other computers. They should also be advised not to download or visit sites that are suspicious especially those that offer free software which are used as a bait to attract the site visitor into downloading the virus. This controls the possibility of downloading viruses from the internet. Due to advancement in technology, it has become possible for many employers to allow their employees to work from remote locations i.e. telecommuting and send the completed work directly to the database through the company’s network. This has improved the performance of the employees since they are able to work from the comfort of their personal computers during their free time. By doing this, computer security is compromised due to the possibility of exposing information which is important to hackers. Borchgrave (2001) defines a hacker as someone who breaks into computer networks, steals information and uses it to cause malicious damage either for personal benefit or as agents of competitors or press who would use the information to ruin the company’s image. The hacking process can occur between the periods the sender transmits the information and before it gets to the receiver. The employees could also take advantage of the access to the databases and interfere with the data or copy the data to their machines and later sell it to interested people who may use it to enhance their attack on the organization. To prevent this, mechanisms to restrict access to certain areas in the database which are valuable to the company should be provided. Hackers also use their tactics to steal passwords that may help them to access confidential information relating to a person or a company. This could be risky especially to those people who transfer funds through the electronic money transfer or those who conduct online shopping. Hackers could access their credit card numbers and other information which could help them in committing fraud. This can be controlled by ensuring that data sent via network is encrypted. Encryption is the encoding of data into special codes that can only be understood by the sender and receiver of information. Borchgrave (2001) advises users to avoid availing their personal details to requests from sources that have not been authenticated. This knowledge is necessary because there are websites that request one’s details in order for him to login to the site. They could even ask for financial information, credit card numbers and bank account details and in return the user would benefit from registering. These actions have made the use of computers unsafe for it might be hard for one to tell when he is giving information to the wrong person. Jones (2005) suggests that instead of using software based protection, hardware enhanced security protection would be more efficient in controlling and restricting access to information from computers thus reducing the chances of hacking. Hardware restricted access controls the log in and log out operations by defining the user first so as to determine the scope of operations that the user can be permitted to perform. Different groups of users are given different privileges that determine which data they are allowed to access and the types of changes he can make to files and documents. This means that there are those who access data that is read only and others are allowed to read and write, (Patterson 2005). The users are also supposed to know their responsibilities in promoting computer security. They should restrict their operations to those that are permitted to them and avoid doing any other activity that may result to security breach. These activities include changing administrator settings or tampering with data bases. Computers are also faced by physical threats that result from damage resulting from environmental factors and human interference. Many organizations entrust their employees with the responsibility of using the computers without supervision or restriction. As a result, they end up vandalizing the computers by removing parts of hard ware for personal use. This results to loss of data and the crippling of computer operations. This threat can be controlled by ensuring that the usage of the computers is monitored by installing equipment for security surveillance so that such incidences can be noticed on time. All the storage devices should be stored in lockable shelves where they cannot be reached or removed without authorization. Creating back ups for all the data should be done regularly so that the process of recovering stolen or lost data could be made easier, (Halibozek 2008). The computer rooms should also be installed with strong doors which should be locked once all the computer users have left to prevent entry of persons with the intention of vandalizing the machines. Every computer user should also be provided with pass words which would ensure accountability if the machines are damaged. This would make the users more responsible and protective towards the machines. Environmental factors that may compromise computer security are for example floods. Where cases of floods are common, computer labs are supposed to be designed in such a way that reduces the chance of water reaching the machines. Dusting and cleaning of the machines should also be done regularly to slow down the rate of depreciation that can result to breaking down of machines. Dust particles result to memory damage that can make the computer operate at a lower speed than it is supposed to. If this happens, the computer may take long to load programs or to execute commands which could be irritating to the user. Extra hardware should also be installed to ensure that there is constant supply of power for the computers. Power generators and uninterruptible power supply (UPS) should be used to provide power whenever there is power failure, (Patterson 2005). The UPS is equipment that stores power which can be used to run the machines for approximately thirty minutes after power loss. Surge protectors can also be installed to protect the computers from damage caused by power surge. These installations safeguard the computers from memory corruption that results from inconsistent power supply leading to loss of data that could be stored in the RAM section of the computer memory while working. Conclusion Computer security is an important feature that should be enhanced to ensure that information and data are not lost or damaged. Planning for ways to improve the security requires first that the possible threats are identified so as to come up with viable solutions to the threats. The various threats include computer viruses that are programs designed by rogue programmers to cause damage to the infected computers. They have the capability of replicating themselves in the files that they attack and can also be spread from one computer to the other. The spreading can be through networks or any infected removable storage media. This can be solved by installing antivirus software which should be updated regularly. Maintenance of the computers should also be done on regular bases to slow down the rate of depreciation. Power supply should also be kept constant to prevent memory damage and loss of unsaved data that is still in the RAM section of the computer memory. These most common equipments suitable for this function are and not limited to power generators, UPS and surge protector. References Borchgrave, A. (2001). Cyber Threats and Information Security, Center for Strategic & International Studies, pp 44-100 Halibozek, E. (2008) Introduction to Security, Butterworth-Heinemann, pp 24-60 Harley, D. (2007) Avien Malware Defense Guide, Syngress, pp 16-80 Jones, A. (2005). Risk management for computer security, Butterworth Heinemann, pp 90-110 Patterson, D. (2005) Implementing Physical Protection Systems, Asis International, pp 45-60 Read More