Impact of Security Risks and Threats
Viruses, worms, and Trojan horses can corrupt data on a user’s computer, infect other computers, weaken computer security, or provide back doors into protected networked computers. Although seemingly less dangerous than viruses that can corrupt digital content on a user’s computer, spyware, adware, and other forms of security risk also represent a significant problem to small businesses, their users, and the company networks. All types of threat and security risk can seriously impair business operations, network use, and computer performance while performing many tasks unknown to the user of an infected computer. Some of the areas of impact are discussed here.
All software operating on a computer consumes a portion of the host computer’s resources, whether its hard drive storage, CPU processing power, computer memory, or network bandwidth. Any threat or security risk resident on a computer can seriously impair the performance. They add to the load placed by normal use by consuming additional memory, processor or network resources as they perform their task, monitoring keystrokes, searching for private information, and possibly sending that data to a central location. In addition to this, the threat could be a virus or worm attempting to propagate or launch an attack against another computer or network
In addition to time lost because of operational slowdown caused by the weight of a computer’s parasitic population, computer users could lose time clicking to close the endless stream of advertisements that suddenly appear, or while attempting to navigate back through a redirected session to find meaningful Web content. Administrative staff are also overburdened responding to user issues stemming from the security risks and threats prevalent on computers.
A myriad of pop-up advertisements and browser redirection by various security risks often expose users to undesirable content, notably graphic images inappropriate in the workplaces. Distracting materials or contraband images can, at best, be an impediment to a user’s focus on work and can, at worst, present legal liabilities for the organization.
Data-harvesting is particularly troubling within the modern corporate setting because many different legal requirements exist to mandate protection of client information in a number of different industry settings. As mentioned earlier, legislative requirements in the U.S. include the Children’s Online Privacy Protection Acts (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Educational Rights Protection Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), and a wide assortment of other privacy and information-control laws. Violations of these provisions, even when inadvertently caused by spyware data harvesting, can carry heavy penalties for both individual users and their companies’ owners and board members.
Users must also be concerned about data-harvesting programs when their own private information is being distributed without their knowledge; such data can be used in a number of different scams to drain users’ bank accounts, make use of their credit, or enact identity-theft crimes. These are merely some of the threats posed by data-harvesting programs that might have meaning to the user and their employer. Businesses conducting research, operating under protected network mandates, or involved in protecting trade secrets or other valuable information might find that unexpected spyware programs are busily transferring sensitive data elsewhere beyond their control.
Security risks such as spyware can perform any number of actions without the user’s knowledge once installed, with or without the knowledge of the user. Because of this, these programs can cause almost any type of security breach. Coupled with viral threats, automated computer-profiling utilities, and many other tools employed by hackers, a seemingly innocuous game, screen saver, animated cursor, or toolbar could open the door wide to any type of mischief desired by the software’s author.
Instability of computer systems infected by security risks and threats could be an intentional effect desired by the program’s author, in the case of a malicious program, or a side effect of these unwanted applications competing for similar resources, along with the fact that they are often not well written or tested as with most commercial software. In addition to these difficulties, spyware can compromise computer operations through hijacking and browser redirection or when replacing normal components of the operating system.