What is Cybersecurity?
Cybersecurity is the process of protecting networks, applications, and devices from cyber-attacks or malicious hackers. Malicious hackers use these attacks to access or destroy sensitive information, data, or even hold this data for ransom.
Why is Cybersecurity Important?
Everyone and everything are connected. Digitally, physically, you name it, it’s all connected. This means that in today’s electronically connected world, every person benefits from advanced cyber defense programs and cybersecurity. From identity theft, loss of data or family photos, to attacks on our critical infrastructures – hospitals, banks, powerplants, etc. we all rely on cybersecurity and ensuring that our families, our companies, our infrastructures, are secure.
Basic Types of Cybersecurity Threats and Attacks
Ransomware: Is the digital version of kidnapping. Consequently, it is a type of malicious software that is here to damage or control your computer system. You must pay the hacker to get your files back. The recovery and restoration of your files and system are not guaranteed if you pay the ransom.
Malware: Is a type of software designed to gain unauthorized access, or to cause damage to a computer.
Social Engineering: Where you hack a human. Attackers use this tactic to trick company personnel into revealing sensitive information. Social Engineering can be combined with any of the threats listed in this blog, and more, to make you more likely to click on unknown links, download malicious malware, or even to trust an untrusted source.
Phishing: Another form of hacking a human. Phishing is the practice of sending fraudulent emails that look like emails from someone you trust, or an organization that you’ve heard of or done business with. The end game for this type of attack is to steal sensitive data like login information, social security numbers, and credit card numbers. It is one of the most common forms of a cyber-attack. This is also the easiest attack to avoid/prevent with the proper cyber education and technology solution that could filter out these malicious emails.
People’s Roles in Cybersecurity
When we speak with business owners and managers about cybersecurity, they either get excited, or overwhelmed, and want to get into the dirty details about the latest cyber breach or latest invention to help stop cyber-crime. Our reality is that these businesses need to take a step back and reevaluate. Let’s backtrack our cybersecurity efforts and get back to the basics.
Company personnel need to understand and comply with basic data security principles like hovering over a link before clicking, notifying their IT department about a suspicious email (without clicking on any links), or even something as simple as choosing strong passwords.
The Process Behind Cybersecurity
When companies are reevaluating their cybersecurity plans and processes, you need to incorporate a framework for how to deal with an attempted attack, and a successful cyber-attack. Your cyber security plan should be able to guide you in all situations – before, during, and after an attack. It should explain how you can identify attacks, protect your systems, detect and respond to threats, as well as, recover from successful attacks.
Make sure your cybersecurity plan has a process setup to patch monthly, and if not monthly, then more often than that. If you do not have a process in place, then you are just doing something as you remember to do it. This is extremely problematic for you and your organization. A process will make sure you get it done on time, every time, without leaving the lights on for hackers and attackers.
Have a process in place for updating firmware for the firewalls or switches. Attackers love outdated, vulnerable firmware, so be sure to patch it just like everything else.
Being prepared and having a plan in place to keep your people, your network, your firmware, your software, and everything associated, up to date, will allow you to build a more secure and stable infrastructure.
Making money is the goal, not losing it.
The Technology
We all know that without technology, there wouldn’t be a need for cybersecurity. Technology is essential in assisting companies and individuals. When backtracking and creating your cyber security plan, keep in mind the technology associated with your organization. Common technologies that are exposed in a cyber-attack: computers, smart devices, routers, networks, the cloud. You also need to keep in mind the common technology that is used to protect these entities: firewalls, malware protection, antivirus software, email security solutions, and more. All these protections, and it’s still not enough. Keep them updated, keep them connected, keep them secure.
Implementing effective cybersecurity measures is especially challenging today because there are more devices than people, and malicious hackers are getting smarter every day.
Common Terms and Definitions
-
Cloud
– A technology that allows users to access files, data, or services, through the internet from anywhere in the world.
-
Software
– Set of programs that tell a computer to perform a task. For example, Microsoft Office is an application software.
-
Domain
– A group of computers, printers and devices that are interconnected and governed. For example, your computer is usually part of a domain at your workplace.
-
Virtual Private Network (VPN)
– A tool that allows the user to remain anonymous while using the internet by masking the location and encrypting traffic.
-
IP Address
– An internet version of a home address for your computer. For example, connecting to the internet (a network of networks).
-
Exploit
– A malicious application or script. Its purpose is to take advantage of a computer’s vulnerability.
-
Breach
– The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.
-
Firewall
– A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software based.
-
Malware
– An umbrella term that describes all forms of malicious software designed to wreak havoc on a computer. Common forms include viruses, trojans, worms and ransomware.
-
Virus
– A type of malware aimed to corrupt, erase or modify information on a computer before spreading to others.
-
Ransomware
– A form of malware that deliberately prevents you from accessing files on your computer – holding your data hostage. It encrypts files and requests that a ransom be paid in order to have them decrypted or recovered.
-
Trojan Horse
– A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.
-
Worm
– A piece of malware that can replicate itself to spread the infection to other connected computers.
-
Bot/Botnet
– A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers are known as a “botnet.” The hacker, or “bot-herder”, controls this.
-
DDoS
– An acronym that stands for distributed denial of service – a form of cyber-attack. This attack aims to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources.
-
Phishing
– A technique used by hackers to obtain sensitive information. For example, using hand-crafted email messages designed to trick people into divulging personal or confidential data such as passwords and bank account information.
-
Open Wi-Fi
– Unencrypted Wi-Fi networks; most commonly used in public places; they are not password protected.
At MainNerve, we strive to ensure our clients are educated. We also provide stellar service. If you would like to learn more about how we can help you, contact us today.