Primer on security controls: A novice’s guide
If we are to reflect on our need for internet & services related to IT, our needs are becoming insatiable and our obsession for them is increasing simultaneously, these computers/PCs/laptops/mobile phones have become our life and as important as they are, the risk that anchors them cannot be neglected. In this post we’ll walk through some of the basic but important security measures to keep your digital space safe.
Here’s a little guide to the contents, in case you need to rush…
2.1 Firewalls
2.2 Antivirus
2.3 Passwords
2.4 Encryption
2.5 Two Factor Authentication (or 2FA)
3. Conclusion
Why do we need Security Controls?
As our dependence on internet systems increases, the critical role of strong security controls in safe guarding sensitive information also increases. In this intricate dance between innovation and risk, protecting our data is a major challenge. And as appalling as it may sound among the millions of people who are dependent on internet today, about half of them have no clue about the risk anchored to it. Digital literacy has been a major challenge for a long time, internet scams/frauds are increasing by every day & there are numerous websites & application that have been compromised(hacked) due to lack of proper security controls. As insatiable as our needs have become we need proper measures to keep our systems for being attacked/compromised.
Types of Security Controls!!
Now, that we have a brief insight of why security controls are needed, let’s jump to how can they help us. For instance, when you download an application or work on a website, how do you know if it’s safe or not, many applications/websites tend to store our data and sensitive information as a part of their functionality, and even if the application or website is from a trusted source sometimes as a part of their terms & conditions they tend to save our information. Not only our applications/websites are under threat but the same danger applies to the network we are using, as many offices/workstations/schools/universities are using routers/wifi for their daily work, so if the network they are working with gets compromised so will the data stored in their systems. Thus, the security controls are must for the protection of our data in such cases, not only they enhance our working ability by keeping our sensitive information out of the reach of hackers/intruders, but also build our trust on the network in use. There are various ways to protect our data without the need for professional help or knowledge. The main types of security controls are FIREWALLS, ANTIVIRUS, PASSWORDS, ENCRYPTION & TWO FACTOR AUTHENTICATION (also known as 2FA).
1. Firewalls
A firewall in general terms is a barrier that protects our network from any unauthorized access, there are mainly two types of firewalls i.e
1. HARDWARE FIREWALLS
2. SOFTWARE FIREWALLS.
Leading with HARDWARE FIREWALLS, they are specialized physical devices with embedded security controls that govern incoming and outgoing traffic to safeguard the network infrastructure. They are generally built-in routers and work independently from other systems which makes them a more reliable source, they not only control the traffic but also inspect the packets (also known as data packets. They are a safe way of transferring messages from one system to another by breaking one large message into smaller segments.) , offer a range of intrusion prevention system(IPS), virtual private network(VPN) & advanced security systems which makes it a multi-layered approach to safeguarding our network. It also has a user-friendly interface which makes it easy to use.
Moving on to SOFTWARE FIREWALLS, they are security applications installed on computers or servers to monitor and control network traffic based on specified security rules. In simpler terms, a software firewall is a tool installed on your computer or device that helps block suspicious activity and keeps your system safe. i.e unlike hardware firewalls, software firewalls are not built in routers/wifi instead they are installed on an individual computer & do not work on the entire network. To be more precise, Software Firewalls offer same functions as Hardware but on an individual level.
2. Antivirus
At present viruses seem to be the most common threats to devices, there are different types of viruses that affect different areas of our electronic devices. For instance, an activity as simple as clicking a link can spread virus (worm virus) in a system, this type of virus replicates itself and spreads till it fills the memory of the system. To eliminate the risk of viruses the ANTIVIRUS software is used, it is installed on an individual system and helps eliminate the risk of harmful viruses. [The antivirus installed should be checked beforehand as some of these software may cause harm instead of protecting from it].
Now, a general question may arise that if we have Firewalls that already protect our data why do we need an antivirus. The answer is simple….. while firewalls do their part in detecting danger, they mainly focus on the packets/data going in and out for our systems. But what about those malicious links that look safe? Who will cleanse the device after its been compromised? That’s where Antivirus plays an important role.
3. Passwords
PASSWORDS are a type of security control that we can use on an individual level, as protecting our information/accounts/devices with password can create a barrier which may prevent the intruders from accessing any information. Though passwords have a history of being compromised from time to time, using a strong combination of letters, numbers & special characters are a key to forming a strong impenetrable password.
4. Encryption
In general terms an encryption is a process that converts the data from human readable text to an incomprehensible text also known as cipher text or encrypted text. In other words, encryption is like having a secret key only the authorized parties have and can use to encrypt or decrypt text (as needed). Thus, encrypting data plays a major role in protecting it from any third party interference. Encryption in itself is a vast and evolving field. There are a number of methods that can be used while encrypting our data, we’ll take a deeper dive in encryption & ways to encrypt data in our upcoming blogs.
5. Two factor Authentication(2FA)
2FA or Two factor Authorization, is like adding an extra layer of security (generally, an OTP) with password. In simple words, when we setup passwords for our accounts/applications enabling 2FA can help in protection of data. By enabling 2FA every time you login, the account/application asks for a one time password (OTP) that only lands on your device. So, whenever anyone tries to intrude in your accounts/applications you would know.
CONCLUSION
To round things off, we can say that security controls at present are as important as our internet & electronic devices in our daily lives. Although, we are not always under attack and most people tend to think that security measures are only for those who work on a professional level or in IT sector, but it is important to remember that our security is not the service providers headache rather our responsibility as an individual. If we choose to act immature and unbothered, we are basically inviting danger that could have been easily prevented. Thus, if you think security is a choice rather than a need maybe its time you updated your mindset.
Helping you get started….
To make your task with security easier some of the best antivirus software & software firewalls are listed below:
ANTIVIRUS SOFTWARE:
- Bitdefender Antivirus Plus
- Kaspersky Total Security
- Windows Defender (Microsoft Defender Antivirus)
SOFTWARE FIREWALL:
- Norton 360 with LifeLock
- ZoneAlarm Free Firewall
- Comodo Firewall