Editing End user (section)

==Security==
{{see also|User (computing)}}
In the 2010s, there is a lot of emphasis on user's security and privacy. With the increasing role that computers are playing in people's lives, people are carrying [[laptop]]s and [[smartphone]]s with them and using them for scheduling appointments, making online purchases using credit cards and searching for information. These activities can potentially be observed by companies, governments or individuals, which can lead to breaches of privacy, [[identity theft]], by, [[blackmailing]] and other serious concerns. As well, many businesses, ranging from [[small business]] [[startup company|startups]] to huge corporations are using computers and software to design, manufacture, market and sell their products and services, and businesses also use computers and software in their [[back office]] processes (e.g., [[human resources]], [[payroll]], etc.). As such, it is important for people and organizations to know that the information and data they are storing, using, or sending over computer networks, or storing on computer systems, is secure.

However, developers of software and hardware are faced with many challenges in developing a system that can be both [[user friendly]], accessible 24/7 on almost any device, and be truly secure. Security leaks happen, even to individuals and organizations that have security measures in place to protect their data and information (e.g., [[firewall (computing)|firewall]]s, [[encryption]], [[strong password]]s). The complexities of creating such a secure system come from the fact that the behaviour of humans is not always rational or predictable. Even in a very-well secured computer system, a malicious individual can telephone a worker and pretend to be a [[private investigator]] working for the software company, and ask for the individual's password, a dishonest process called [[phishing]]. As well, even with a well-secured system, if a worker decides to put the company's electronic files on a USB drive to take them home to work on them over the weekend (against many companies' policies), and then loses this USB drive, the company's data may be compromised. Therefore, developers need to make systems that are intuitive to the user in order to have [[information security]] and system security.<ref>{{Cite journal|title = Analysis of end user security behaviors|journal = Computers & Security|date = 2005-03-01|pages = 124–133|volume = 24|issue = 2|doi = 10.1016/j.cose.2004.07.001|first1 = Jeffrey M.|last1 = Stanton|first2 = Kathryn R.|last2 = Stam|first3 = Paul|last3 = Mastrangelo|first4 = Jeffrey|last4 = Jolton}}</ref>

Another key step to end user security is informing the people and employees about the security threats and what they can do to avoid them or protect themselves and the organization. Clearly underlining the capabilities and risks makes users more aware and informed whilst they are using the products.

Some situations that could put the user at risk are:
* Auto-logon as administrator options
* Auto-fill options, in which a computer or program remembers a user's personal information and [[HTTP cookie]]s 
* Opening [[E-mail spam|junk]] emails of suspicious emails and/or opening/running attachments or computer files contained in these 
* Email being monitored by third parties, especially when using Wi-Fi connections
* Unsecure [[Wi-Fi]] or use of a public Wi-Fi network at a coffee shop or hotel
* Weak [[password]]s (using a person's own name, own birthdate, name or birthdate of children, or easy-to-guess passwords such as "1234")
* Malicious programs such as viruses

Even if the security measures in place are strong, the choices the user makes and his/her behavior have a major impact on how secure their information really is. Therefore, an informed user is one who can protect and achieve the best security out of the system they use.<ref>{{Cite web|url = https://www.cs.hmc.edu/~mike/public_html/courses/security/s06/projects/ben.pdf|title = End user security|date = 2007|access-date = 2015-11-04|website = Computer Security|publisher = Harvey Mudd College|last = Tribelhorn|first = Ben}}</ref> Because of the importance of end-user security and the impact it can have on organizations the UK government set out a guidance for the public sector, to help [[civil servant]]s learn how to be more security aware when using government networks and computers. While this is targeted to a certain sector, this type of educational effort can be informative to any type of user. This helps developers meet security norms and end users be aware of the risks involved.<ref>{{Cite web|title = End User Devices Security Guidance: Introduction – GOV.UK|url = https://www.gov.uk/government/publications/end-user-devices-security-guidance-introduction/end-user-devices-security-guidance-introduction|website = www.gov.uk|access-date = 2015-11-04}}</ref>
Reimers and Andersson have conducted a number of studies on end-user security habits and found that the same type of repeated education/training in security best practices can have a marked effect on the perception of compliance with good end-user network security habits, especially concerning malware and ransomware.<ref>K. Reimers, D. Andersson (2017) POST-SECONDARY EDUCATION NETWORK SECURITY: THE END USER CHALLENGE AND EVOLVING THREATS, ICERI2017 Proceedings, pp. 1787–1796.</ref>