upgrade
Fiveable

💼Intro to Business Unit 13 Review

QR code for Intro to Business practice questions

13.5 Protecting Computers and Information

💼Intro to Business
Unit 13 Review

13.5 Protecting Computers and Information

Written by the Fiveable Content Team • Last updated August 2025
Written by the Fiveable Content Team • Last updated August 2025
💼Intro to Business
Unit & Topic Study Guides

Protecting Computers and Information

Every business stores valuable data digitally, from customer records to financial information. Protecting that data from cyber threats, breaches, and accidental loss is a core responsibility. This section covers the tools, policies, and practices businesses use to keep their systems and information secure.

Protecting Computer Systems and Data

Firewalls, Antivirus Software, Encryption

Firewalls monitor and control incoming and outgoing network traffic. Think of a firewall as a security gate between a company's private network and the public internet. It filters traffic based on predefined rules, blocking anything suspicious before it reaches internal systems.

Antivirus and anti-malware software detect, prevent, and remove malicious software. These programs regularly scan systems for threats like viruses, trojans, and spyware. They also update their virus definitions frequently so they can recognize newly created threats.

Encryption converts data into a coded format using mathematical algorithms so that only authorized parties can read it. This protects sensitive information like financial records and customer data both when it's being transmitted over a network and when it's stored on a device. Even if someone intercepts encrypted data, they can't make sense of it without the decryption key.

Firewalls, Antivirus Software, Encryption, Strong Data Encryption Protects Everyone: FPF Infographic Details Crypto Benefits for ...

Access Controls, Software Updates, Employee Training

Access controls and authentication restrict who can reach specific systems and data. Businesses verify user identities through strong passwords, multi-factor authentication (combining a password with a security token or phone code), or biometric identification (fingerprint or facial recognition). Each user's access is tied to their role, so a marketing intern doesn't have the same permissions as the CFO.

Regular software updates and patches fix known vulnerabilities and security flaws. When software companies discover a weakness, they release a patch. Businesses that delay installing updates leave themselves exposed to threats that attackers already know how to exploit.

Employee training and awareness may be the most underrated layer of defense. Staff learn security best practices like creating strong passwords, spotting phishing emails, and following company policies. A well-trained employee who recognizes a suspicious email and reports it to IT can prevent a breach before it starts.

Strong Passwords, Security Audits, Least Privilege

Strong password policies require passwords with a mix of uppercase letters, lowercase letters, numbers, and symbols. Many companies enforce regular password changes (for example, every 90 days) and prohibit sharing passwords among employees.

Security audits and penetration testing help businesses find weaknesses before attackers do. In a penetration test, security professionals deliberately try to break into the company's systems using the same techniques a hacker would. The results reveal which defenses are working and which need improvement.

The principle of least privilege means granting each user only the minimum level of access they need to do their job. If an employee's account gets compromised, the damage is limited because that account can't reach data or systems beyond its narrow permissions.

Firewalls, Antivirus Software, Encryption, چگونه با ویروس های کامپیوتری بجنگیم؟ - تسنیم

Network Segmentation, Intrusion Detection, Data Backups

Network segmentation divides a company's network into smaller, isolated subnetworks. For example, the accounting department's network might be separated from marketing's. If malware infects one segment, segmentation prevents it from spreading across the entire organization.

Intrusion detection and prevention systems (IDPS) monitor network traffic for suspicious activity, such as multiple failed login attempts or unusual data transfers. When the system spots a known attack pattern, it alerts administrators and can automatically block the threat.

Data backups and disaster recovery plans ensure a business can bounce back from the worst-case scenario. Companies regularly create backup copies of critical data (customer databases, financial records) and store them in a separate, secure location. If a ransomware attack encrypts the main systems or a natural disaster destroys hardware, the business can restore its data and resume operations.

Data Collection, Minimization, Security

Privacy protection starts with how data is gathered and handled.

  • Data collection and consent means obtaining explicit permission from individuals before collecting personal information like names, emails, or addresses. The business must clearly communicate why it's collecting the data and how it will be used (for marketing, research, etc.).
  • Data minimization and purpose limitation means collecting only the minimum amount of personal information needed for the stated purpose. If you collected email addresses to send order confirmations, you shouldn't use those addresses for unrelated marketing without getting additional consent.
  • Data security and protection requires putting technical and organizational safeguards in place. This includes encrypting sensitive data like credit card numbers and Social Security numbers, and restricting access to authorized personnel only.

Data Retention, Transparency, Third-Party Sharing

  • Data retention and disposal means keeping personal information only as long as it's needed for its original purpose (customer service, legal requirements). Once data is no longer necessary, it should be securely deleted or anonymized.
  • Transparency and individual rights require businesses to publish clear, accessible privacy policies that explain their data practices. Individuals have the right to access, correct, or delete their personal information upon request.
  • Third-party data sharing requires careful evaluation. Before sharing personal information with service providers or business partners, a company should verify that those third parties have adequate privacy and security measures, often through data processing agreements and security audits.

Compliance with Privacy Regulations and Standards

Businesses must follow the privacy laws that apply to their industry and location. Key regulations include:

  • GDPR (General Data Protection Regulation) covers businesses that handle personal data of European Union residents
  • CCPA (California Consumer Privacy Act) gives California residents rights over how their personal data is collected and used
  • HIPAA (Health Insurance Portability and Accountability Act) sets strict rules for protecting patient health information in the healthcare industry
  • PCI-DSS (Payment Card Industry Data Security Standard) applies to any business that processes credit card payments

Failing to comply with these regulations can result in significant fines and loss of customer trust, so businesses treat regulatory compliance as a baseline requirement rather than an optional goal.