How can systems and data be protected against cyber threats?
Describe technical and behavioural methods of protecting systems and data, including passwords, firewalls, antivirus, encryption, updates and user training.
A focused answer to the WJEC GCSE Digital Technology content on protecting systems and data, covering passwords, two-step verification, firewalls, antivirus, encryption, software updates, backups, access rights and user training.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
WJEC asks you to describe the ways systems and data are protected against the threats in the previous dot point, covering both technical measures (such as firewalls and encryption) and behavioural ones (such as user training). The exam form is "describe N protection methods", so you need a clear method-plus-how-it-helps for several distinct controls.
Passwords and authentication
Controlling who can log in is the first line of defence.
Firewalls and antivirus
These guard against network threats and malware.
Encryption and updates
These protect data itself and close known holes.
Backups, access rights and training
These limit damage and address the human factor.
Choosing protection for a scenario
The exam rewards matching methods to threats.
Physical security and access control
Technical and behavioural methods are the focus, but a complete answer also recognises physical security and access control. Physical security protects the hardware itself: locked rooms and cabinets, secured premises, and supervision stop someone simply stealing a device or walking up to a logged-in computer. Access control decides who may enter areas or systems: door locks, swipe cards or biometrics for rooms, and user accounts with access rights for data, so each person can reach only what they need. Locking the screen when away from a desk is a simple but important habit. Including physical security and access control alongside passwords, firewalls and encryption shows that protection covers premises and people, not only the network, which is exactly the rounded view markers reward.
Why this matters
Protection is the practical heart of cyber security and is closely examined: knowing both technical and behavioural methods, and matching them to threats, is exactly the applied reasoning WJEC rewards. It connects to the systems topic (firewalls, antivirus and backup are utility software; access rights and logins are operating-system features) and to the law, since keeping personal data secure with measures like encryption is a legal duty under data protection legislation. In real life, layering several of these methods is how individuals and organisations stay safe.
Exam-style practice questions
Practice questions written in the style of WJEC exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
WJEC-style4 marksDescribe four methods an organisation could use to protect its computer systems and data from cyber threats.Show worked answer →
Strong passwords and two-step verification: requiring strong, unique passwords and a second check (such as a code to a phone) makes unauthorised access much harder.
A firewall: it monitors and controls network traffic, blocking unauthorised or suspicious connections.
Antivirus software: it scans for, detects and removes malware, helping prevent infection.
Keeping software up to date: installing updates and patches fixes known security flaws so they cannot be exploited.
(Other valid methods include encryption of data, regular backups, access rights/permissions, and user training to spot phishing.)
Markers award one mark for each method correctly named and described, up to four marks. The description must say how the method protects the system, not just name it.
WJEC-style3 marksExplain what encryption is and why an organisation would encrypt sensitive data.Show worked answer →
Encryption scrambles data using a key so that it becomes unreadable to anyone who does not have the correct key to decrypt it.
An organisation encrypts sensitive data so that, if the data is intercepted during transfer or stolen (for example a lost laptop), it cannot be read or used by the attacker.
This protects confidentiality and helps the organisation meet its legal duty to keep personal data secure.
Markers award one mark for what encryption does (scrambles data, unreadable without the key), one for the benefit (stolen/intercepted data is useless), and one for a relevant context such as protecting personal data or meeting the law.
Related dot points
- Describe the main cyber threats (malware, phishing, social engineering, hacking, denial-of-service) and the vulnerabilities that attackers exploit.
A focused answer to the WJEC GCSE Digital Technology content on cyber threats, covering malware, phishing, social engineering, hacking and denial-of-service attacks, and the vulnerabilities that attackers exploit.
- Describe the consequences of cyber attacks and data loss for individuals and organisations, and explain how backups and business continuity support recovery.
A focused answer to the WJEC GCSE Digital Technology content on the consequences of cyber attacks and data loss, and how organisations recover through backups, disaster recovery and business continuity planning.
- Describe the main laws affecting digital technology (data protection, the Computer Misuse Act and copyright law) and explain the duties and offences each defines.
A focused answer to the WJEC GCSE Digital Technology content on legislation, covering data protection law, the Computer Misuse Act and copyright law, with the rights, duties and offences each one defines.
- Describe the purpose of utility software and the function of common utilities such as antivirus, backup, compression and disk maintenance tools.
A focused answer to the WJEC GCSE Digital Technology content on utility software, covering its purpose and the function of common utilities: antivirus, firewall, backup, file compression and disk maintenance tools.
- Describe the purpose of an operating system and explain its main functions, including managing hardware, memory, files, the user interface and security.
A focused answer to the WJEC GCSE Digital Technology content on operating systems, covering their purpose and main functions: managing hardware, memory, processes, files, the user interface, users and security.
Sources & how we know this
- WJEC GCSE Digital Technology specification — WJEC (2021)
- WJEC GCSE Digital Technology Unit 1 guide — WJEC (2020)