Unencrypted laptops: Stolen and data easily accessed
Shared passwords: Multiple people using same account
Prevention: Training, enforcement, encryption
Physical Security Threats
Theft: Computers, servers, storage devices
Shoulder surfing: Looking over someone's shoulder
Dumpster diving: Finding discarded documents
Unauthorized access: Accessing locked server rooms
Prevention: Locks, badges, surveillance
Environmental Threats
Natural disasters: Floods, earthquakes, fires
Power failures: Blackouts, surges
Hardware failure: Drive crashes, overheating
Connectivity loss: Internet outage
Prevention: Backups, redundancy, disaster plans
Impact of Data Threats
Business Impact
Financial loss
Operational downtime
Legal liability
Reputation damage
Customer trust loss
Individual Impact
Identity theft
Financial fraud
Privacy violation
Personal data misuse
Emotional distress
Data Threat Comparison
Threat Type
Source
Detection Difficulty
Prevention
External (Malware)
Outside network
Easier (obvious signs)
Antivirus, firewalls
External (Hacking)
Remote attackers
Hard (logs needed)
Strong passwords, MFA
Internal (Intentional)
Employees
Hardest (trusted access)
Access controls, monitoring
Internal (Accidental)
Employee error
Moderate
Training, enforcement
Scenario: A healthcare employee accidentally emails patient records to the wrong address (accidental internal threat). The hospital must notify the patient (legal requirement), fix processes, and provide credit monitoring. This costs more than preventing malware with antivirus software alone.
Protecting Data
Access Control & Authentication Methods
Passwords
Best practices:
At least 8 characters
Mix: uppercase, lowercase, numbers, symbols
Unique for each account
Changed regularly (every 90 days)
Not dictionary words
Never shared or written down
Advantages:
Simple to implement
User familiar
Disadvantages:
Users forget passwords
Can be cracked
Brute force attacks
Multi-Factor Authentication (MFA)
Types of factors:
Something you know: Password, PIN
Something you have: Phone, security key
Something you are: Fingerprint, face scan
Where you are: Location verification
Examples:
Password + text code
Password + fingerprint
Password + security token
Biometrics
Fingerprint: Unique patterns, fast, can be spoofed
Facial recognition: Cameras, masks may fool it
Iris scan: Very accurate, expensive
Advantages: Can't forget, more secure
Disadvantages: Expensive, privacy concerns
User Permissions & Access Levels
Read: View files only
Write: Create and modify files
Execute: Run programs
Delete: Remove files
Admin: Full system access
Principle: Least privilege (minimum needed)
Encryption & Secure Transmission
Encryption — Securing Data
How it works:
Converts data into unreadable code
Requires encryption key to decrypt
Only authorized users can decrypt
Types:
Symmetric: Same key for encrypt/decrypt (faster)
Asymmetric: Public and private keys (slower, more secure)
Uses:
Data at rest (stored)
Data in transit (transmission)
HTTPS & SSL/TLS
HTTP: Unencrypted web traffic (port 80)
HTTPS: HTTP + encryption (port 443)
SSL: Secure Sockets Layer (older)
TLS: Transport Layer Security (newer, preferred)
Certificate: Proves website authenticity
When used: Banking, shopping, login pages
VPN (Virtual Private Network)
What is it: Encrypted tunnel for all traffic
Hides: IP address and location
Encrypts: All data from computer to VPN server
Uses: Public Wi-Fi, remote access, privacy
Advantage: Protects all applications
Disadvantage: Slower speeds
Digital Certificates & PKI
What is it: Proves identity of website/person
Contains: Public key, website info, expiration
Issued by: Certificate Authority (CA)
Prevents: Man-in-the-middle attacks
Check: Look for padlock icon in browser
Validity: Usually 1 year, must be renewed
Security Software & Tools
Antivirus & Antimalware
How it works:
Scans files for malware signatures
Monitors suspicious behavior
Quarantines threats
Updates virus definitions regularly
Features:
Real-time scanning
Scheduled scans
Automatic updates
Quarantine infected files
Examples:
Windows Defender (free)
Norton AntiVirus
McAfee
Firewalls
How it works:
Monitors incoming/outgoing traffic
Allows/blocks based on rules
Acts as barrier
Types:
Hardware: Router firewall
Software: Windows Firewall
Both recommended: Layered security
Features:
Block malicious IPs
Prevent unauthorized access
Log activity
Backup & Recovery — Data Protection
Backup Types
Full backup: Everything copied; slow, needs space
Incremental: Only changes since last backup; fast, efficient
Differential: Changes since last full backup; balance
Frequency: Daily, weekly, or continuous
3-2-1 rule: 3 copies, 2 different media, 1 offsite
Backup Locations
Local storage: External HDD (fast, not protected from disasters)
Cloud storage: Google Drive, OneDrive (secure, offsite)
Network storage: Server on network (accessible)
Off-site: Different building (disaster protection)
Important: Never only one copy
Disaster Recovery & Business Continuity
RTO (Recovery Time Objective): How quickly must service be restored?
RPO (Recovery Point Objective): How much data loss is acceptable?
Redundancy: Backup systems running in case of failure
Failover: Automatic switch to backup system
Testing: Regular test restores to ensure backups work