Purpose

In this module, you will learn the basic practices used to protect computers, networks, and personal information.

Security is an important part of working in technology. Technical support professionals are often responsible for helping users follow safe computing practices and protecting systems from threats.

You should understand:

• why cybersecurity is important
• common types of security threats
• simple practices that protect systems and data
• how users can reduce security risks

Why Security Matters

Modern computers store large amounts of personal and business information.

This information may include:

• passwords
• financial information
• health records
• personal identity information
• company data

If systems are not properly protected, attackers may gain access to sensitive data or disrupt systems.

Security practices help reduce these risks.

Common Security Threats

Several common threats can affect computers and networks.  

Malware Types

Virus

A virus is malicious software that attaches itself to a legitimate file or program and spreads when the file is executed. It can damage files, corrupt systems, or spread to other computers.

Worm

A worm is malware that spreads automatically across networks without needing a user to run a program. Worms can replicate rapidly and consume system or network resources.

Trojan

A Trojan (Trojan horse) is malware disguised as legitimate software that tricks users into installing it. Once installed, it can create backdoors or steal information.

Ransomware

Ransomware encrypts a victim’s files or locks their system and demands payment to restore access. Attackers typically request payment in cryptocurrency.

Spyware

Spyware secretly collects information about a user or system and sends it to attackers. It may track browsing activity, passwords, or personal data.

Adware

Adware automatically displays unwanted advertisements on a system. While sometimes legitimate, malicious adware may track user behavior or install additional unwanted software.

Rootkit

A rootkit is malware designed to hide deep within an operating system and avoid detection. It often gives attackers privileged access to a computer.

Keylogger

A keylogger records the keys a user types on their keyboard. Attackers use this information to steal passwords, credit card numbers, or other sensitive data.

Logic Bomb

A logic bomb is malicious code that activates when specific conditions are met, such as a certain date or event. It can delete data or disrupt systems when triggered.

Backdoor

A backdoor is a hidden method of bypassing security controls to access a system. Attackers may use backdoors to maintain persistent access after compromising a system.

Bot / Botnet

A bot is a compromised computer controlled by an attacker. A botnet is a network of many infected computers used to perform coordinated attacks such as spam campaigns or distributed denial-of-service attacks.

Social Engineering Attacks

Phishing

Phishing is a social engineering attack where attackers impersonate a trusted organization to trick users into revealing sensitive information such as passwords or financial data.

Spear Phishing

Spear phishing is a targeted phishing attack aimed at a specific individual or organization. Attackers often research their targets to make messages appear more convincing.

Whaling

Whaling is a phishing attack directed at high-level executives or important individuals within an organization.

Vishing

Vishing (voice phishing) is a social engineering attack conducted through phone calls. Attackers impersonate trusted entities to obtain sensitive information.

Smishing

Smishing (SMS phishing) uses text messages to trick victims into clicking malicious links or revealing information.

Impersonation

Impersonation occurs when attackers pretend to be a trusted person such as an employee, technician, or authority figure to gain access to systems or information.

Shoulder Surfing

Shoulder surfing involves observing someone’s screen or keyboard to steal sensitive information such as passwords or PINs.

Tailgating

Tailgating occurs when an unauthorized person follows an authorized individual into a restricted area without proper authentication.

Dumpster Diving

Dumpster diving involves searching through discarded materials such as trash to find sensitive information like documents or hardware.

Security Threats & Attacks

Brute Force Attack

A brute force attack attempts to guess passwords by systematically trying many possible combinations until the correct one is found.

Dictionary Attack

A dictionary attack is similar to a brute force attack but uses a list of common words or passwords to guess credentials more efficiently.

Denial of Service (DoS)

A Denial of Service attack floods a system or network with traffic so legitimate users cannot access services.

Distributed Denial of Service (DDoS)

A DDoS attack uses many compromised systems (often botnets) to overwhelm a target system or network.

Man-in-the-Middle (MITM)

A man-in-the-middle attack occurs when an attacker intercepts communication between two systems to eavesdrop or alter the data being transmitted.

Zero-Day Attack

A zero-day attack exploits a software vulnerability before developers have released a patch or fix.

Password Attack

A password attack attempts to gain unauthorized access by stealing or guessing user passwords.

Credential Harvesting

Credential harvesting involves collecting usernames and passwords through fake websites, phishing pages, or malware.

Physical Security Threats

Eavesdropping

Eavesdropping occurs when attackers secretly listen to private conversations or communications.

Data Theft

Data theft involves unauthorized access to confidential information stored on a system or network.

Hardware Theft

Hardware theft occurs when physical devices such as laptops, servers, or storage drives are stolen.

Weak Passwords

Simple or reused passwords make it easier for attackers to gain access to accounts.

Strong passwords help protect systems and data. Strong passwords include random letters, numbers, and special characters of various case sizes. It’s often a good idea to use a password generator to create these passwords so that they are randomly generated and not easy to guess.

Strong Password Practices

A strong password should:

• be long
• include a combination of letters, numbers, and symbols
• avoid personal information
• not be reused across multiple accounts

Password managers can help users securely store and generate passwords.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds an additional layer of security when logging into an account.

Instead of only using a password, MFA requires a second form of verification.

Examples include:

• a code sent to a phone
• a mobile authentication app
• biometric verification such as a fingerprint

This makes it much harder for attackers to access accounts.

Software Updates

Software updates are an important part of security. They often change the interface you experience when using the software, but it’s critically important that these updates are done. 

Updates often fix security vulnerabilities that attackers could exploit.

Keeping operating systems and applications up to date helps protect systems from known threats.

Safe Internet Practices

Users can reduce security risks by following safe browsing habits.

Examples include:

• avoiding suspicious email attachments
• verifying website addresses
• not clicking unknown links
• downloading software only from trusted sources

These habits help prevent malware infections and phishing attacks.

Protecting Sensitive Data

Organizations must protect sensitive personal information.

Examples of sensitive data include:

• financial information
• medical records
• identification numbers

Proper security practices help protect this data from unauthorized access.

Important Acronyms for This Module

PIN — Personal Identification Number - 
A numeric password used to verify a user's identity when accessing a system or device.

PII — Personally Identifiable Information
Information that can be used to identify a specific individual, such as a name, address, or social security number.

PHI — Personal Health Information
Sensitive medical information related to an individual’s health records or treatment.

SSL — Secure Sockets Layer
A security protocol that encrypts communication between a web browser and a website.

SSH — Secure Shell
A secure protocol used to remotely access and manage computer systems.

GDPR — General Data Protection Regulation
A data protection law that regulates how personal information is collected and used.

ESD — Electrostatic Discharge
The sudden release of static electricity that can damage sensitive computer components.

EMI — Electromagnetic Interference
Disruption caused by electromagnetic signals that can interfere with electronic devices.

Key Takeaway

Security best practices help protect computers, networks, and personal information from threats.

By following safe computing habits and using tools such as strong passwords, software updates, and multi-factor authentication, users can significantly reduce security risks.

Security threats usually fall into three main categories:

Malware – malicious software that infects systems
Social Engineering – attacks that manipulate people
Network Attacks – attempts to disrupt or intercept systems and data