Lesson video

Hello, my name is Mrs. Holborow, and welcome to Computing.

I'm so pleased you've decided to join me for the lesson today.

In today's lesson, we'll be learning about how we can protect computer systems against malware infections, and ways in which we can improve security.

Welcome to today's lesson from the unit Cyber threats and security.

This lesson is called "Defence against malware," and by the end of today's lesson, you'll be able to describe how to defend against malware and suggest ways to improve security.

Shall we make a start? We will be exploring these keywords throughout today's lesson.

Shall we have a look at them now? Cyberattack.

Cyberattack: a deliberate attempt to damage, disrupt, or gain unauthorised access to computer systems, networks, or data.

Sanitization.

Sanitization: to check and clean user input to stop harmful code, or to delete data to stop it being recovered or misused.

Operating system.

Operating system: the main software that manages a computer's hardware and allows other programmes to run.

Vulnerabilities.

Vulnerabilities: weaknesses in a system, software, or network that can be exploited by attackers to gain unauthorised access, cause damage, or steal data.

Look out for these keywords throughout today's lesson.

Today's lesson is broken down into two parts.

We'll start by describing ways to defend against malware infections.

We'll then move on to suggest ways to improve security.

Let's make a start by describing ways to defend against malware infections.

Jun says, "I've just found a great game online.

It asks you to type in information like pet/family names and then makes up silly names." Sam looks a bit worried.

He says, "That sounds like social engineering, Jun.

You should definitely stop playing that game as it might be trying to steal your private information and get into your accounts." What type of social engineering cyberattack is happening to Jun? Maybe pause the video whilst you have a think.

Did you spot it? That's right, it's a name generator attack.

Malware is designed to undertake a cyberattack.

A cyberattack is a deliberate attempt to cause damage, disrupt, or gain unauthorised access to a computer system, networks, or data.

It can sometimes seem difficult to defend against cyberattacks such as malware infections because cyber criminals are always creating new ways to attack.

Fortunately, there are a number of ways that software can be designed to protect organisations from cyberattacks.

There are a number of ways that software can be designed to defend against malware infections.

These include encryption, automatic software updates, input sanitization, code reviews, modular testing, and passwords.

Time to check your understanding.

A deliberate attempt to damage, disrupt, or gain unauthorised access to a computer system is known as A, cybersecurity; B, encryption; or C, a cyberattack.

Pause your video whilst you have a think.

Did you select C? Well done.

A cyberattack is a deliberate attempt to damage, disrupt, or gain unauthorised access to a computer system.

Encryption is the process of encoding data or a message so that it cannot be understood by anyone other than its intended recipient.

The data or message is encrypted using an encryption algorithm.

The opposite of encryption is decryption.

Encryption is used to defend against cyberattacks because it protects data, even if attackers managed to access it.

It scrambles the information so that it becomes unreadable without a special key or password.

Automatic updates are software updates that are downloaded and installed without the user needing to do anything.

They usually apply to operating systems, apps, programmes, antivirus, and security software.

Automatic updates can help defend against malware infections by fixing bugs and closing security vulnerabilities quickly.

They ensure a system is up to date with the latest protection.

A code review is the process of checking and evaluating someone's computer code.

The code review is usually undertaken by another developer before it is added to the main project or software.

Code reviews help to defend against malware by catching a mistake or malicious code before it becomes part of the final software.

Code reviews help to discover and remove vulnerabilities in programmes before cybercriminals can find and exploit them.

Input sanitization is the process of cleaning and checking data entered by a user before it is used on a computer programme or system.

Input sanitization is like a filter that checks and cleans what the user types to keep systems safe from harmful and invalid data.

Sanitization protects systems from malware because it makes sure all user input is clean and safe, preventing it from being used to launch an attack.

Modular testing is soft.

Modular testing is a software testing method where individual parts of a programme are tested separately to make sure each one of them works correctly on its own.

The point of doing modular testing is not to demonstrate that the module works, but to look for errors in it.

Modular testing defends against malware because it can help reveal vulnerabilities that could be exploited by cyber criminals in a cyberattack.

A password is a secret string of characters that may include letters, numbers, and symbols.

A user creates a password to prove their identity and gain access to systems, accounts, or data.

Passwords restrict access to important systems and data, making it harder for malware to take control or spread.

Passwords are one of the most basic but important tools in cybersecurity.

Time to check your understanding.

What scrambles information so that it becomes unreadable without a special key or password? Is it A, sanitization; B, encryption; or C, passwords? Pause the video whilst you have a think.

Did you select B, encryption? Well done.

True or false? Code reviews help discover and remove vulnerabilities in programmes before cyber criminals can find or exploit them.

Pause the video whilst you have a think.

Did you select true? Well done.

Okay, we're moving on to our first task of today's lesson.

I'd like you to describe two to three ways in which software can be designed to protect against malware infections.

Pause the video whilst you have a go at the task.

How did you get on? Did you manage to describe two to three ways in which software can be designed to protect against malware infections? Well done.

Let's have a look at a sample answer together.

Designing software with input sanitization, password protection, and encryption, will make it much harder for malware to infect or damage a system.

Input sanitization is used to clean and check user input and prevent it from being used to launch a cyberattack.

Password protection restricts access to important systems and data.

This makes it harder for malware to infect a system and spread.

Encryption protects data from malware and cyberattacks because it scrambles information and makes it unreadable to anyone who doesn't have a password or key.

Remember, if you need to pause the video and add any detail to your answer, you can do that now.

So we've described ways to defend against malware infections.

Let's now move on to suggest some ways to improve security.

Andeep says, "I've installed antivirus software on my phone and computer.

I'm sure it doesn't matter too much if my password is a simple word that helps me remember it." Do you agree or disagree with Andeep? Antivirus software is only one part of a broader defence strategy.

Passwords should always be strong and unique to reduce vulnerabilities and protect against cyberattacks.

In the real world, even strong passwords leak, new viruses appear, and new ways to attack victims are created.

Cybersecurity is not a one-time fix.

It's an ongoing process of improvement and adaptation to ensure vulnerabilities are reduced.

The risks of not looking for ways to improve security are high for individuals, businesses, schools, and even entire governments.

As technology continues to become more central to our lives, cyber threats are becoming more common, more advanced, and more damaging.

Password security can be improved by making passwords strong, unique, and well-protected.

But what do we mean by a strong password? It's recommended that passwords should be at least 12 characters long, include upper and lowercase letters, numbers, and symbols.

Passwords should be changed every six months or after a data breach.

Do you do this regularly with your passwords? To improve security even further, multifactor authentication, or MFA, can be used.

When a password is correctly entered, the user will be asked to prove their identity in another way.

They may be asked to enter a unique code that has been sent via text message to their mobile phone.

They may be asked to prove their identity by using biometric security such as facial recognition or fingerprint scanning.

They may be asked to verify their identity by checking an email.

Multifactor authentication improves security by requiring more than just a password to prove who you are.

This makes it much harder for attackers to break into systems even if they have your password.

Regular user training is one of the most effective and affordable ways to strengthen and improve a system's security.

It reduces the potential for human error by teaching people how to recognise threats, use systems safely, and respond correctly to potential attacks.

It is recommended that user training is completed at least every 6 to 12 months to reduce vulnerabilities.

Note that if new threats emerge, users should be updated as soon as possible.

Access control is a security method used to restrict who can view or use resources on a computer system or network.

It ensures that only authorised users can access certain data, systems, or functions.

Access control can improve security because it reduces the number of people who could cause a security breach, either on purpose or by accident.

For example, on your school network, you are likely to have a different level of access compared to your teachers or IT network managers.

Time to check your understanding.

What security measure checks the identity of a user in more than one way? Is it A, multifactor authentication; B, user training; or C, password? Pause the video whilst you have a think.

Did you select A? Well done.

Multifactor authentication checks the identity of a user in more than one way.

Which password is likely to be most secure against a cyberattack? Is it A, B, or C? Pause the video whilst you have a think.

Did you select B? Well done.

B's password is a combination of upper, lowercase letters, numbers, and symbols, so that makes it more secure than password A and C.

True or false? System users should be trained and updated as soon as possible if a new threat to security is identified.

Pause the video whilst you have a think.

That's right.

This is true.

It's really important to make sure that users are trained and updated if there are new security breaches.

Okay, we are moving on to our second task of today's lesson, and you're doing a fantastic job so far, so well done.

TechStart Solutions is a small but growing IT services company.

It employs 25 people and handles client information, project plans, and financial records.

There are currently no password requirements for staff, and they're allowed to use simple passwords like Welcome123.

Because the company has grown quickly, they've employed many new members of staff who have not yet had any cybersecurity training, and every member of staff has full access to all company files.

Write a paragraph to suggest two to three ways in which TechStart Solutions could improve the security of their systems. Pause the video whilst you have a go at the task.

How did you get on? Did you manage to think of two to three ways in which TechStart Solutions could improve their security? Well done.

Let's have a look at a sample answer together.

There are several ways the company could improve security.

Firstly, I would suggest that they improve the strength of passwords that staff use and ensure that there are at least 12 characters, use upper and lowercase letters, as well as numbers and symbols.

I would also recommend they require staff to use multifactor authentication to add an extra layer of security.

Because it is unlikely that all staff need access to all files in the company, I would suggest they should use access control to ensure that staff only have access to the files they need to do their job role.

Lastly, I would suggest that staff receive cybersecurity training at least every 6 to 12 months to ensure that the risk of human error is reduced and that they can recognise threats and use systems safely.

Did you have some similar ideas in your response? Remember, you can always pause the video and add some extra detail to your answer if you want to.

Okay, we've come to the end of today's lesson, "Defence against malware," and you've done a fantastic job, so well done.

Let's summarise what we've learned together in today's lesson.

Software can be designed and updated to prevent cyberattacks using techniques like input sanitization, modular testing, and code reviews.

Encryption protects data by making it unreadable without the correct key.

Strong passwords and multifactor authentication add important layers of security against unauthorised access.

Regular user training strengthens and improves a system's security.

I hope you've enjoyed today's lesson, and I hope you'll join me again soon.

Bye.