Cybersecurity 101

|

Defining Cybersecurity

Cybersecurity… what exactly is it? I’m really glad you asked. It takes a measure of bravery to ask a question, but it’s also a great way to learn something new! So let’s start with the basics and break down the word “cybersecurity” itself.

Bruno gets it.

The word “cyber” comes from the Greek word for “rule by law.” When it comes to modern technology, cyber refers to the use of technology to control people and things. Sounds a little dystopian, but thats a true enough statement. Specific to business technology, we can expand the scope of that definition to include data as well.

I’m going to assume you know what security means. With that in mind, let’s define cybersecurity.

Defining Cybersecurity

Cybersecurity is the process of protecting computer systems from malicious activity such as hacking, spamming, phishing, identity theft, and denial of service attacks. If you want an official definition, Here is cybersecurity according to Merriam-Webster:

Cybersecurity

Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack

https://www.merriam-webster.com/

Simple enough right? While the definition may be simple enough, understanding the scope of the problem and how to combat it can be a lot more complex. Let’s talk about applying this concept to businesses.

Understand how hackers work

Hackers use different methods to gain access to computers and networks. They might try to break into a system by using social engineering techniques, or they might attempt to crack passwords or other security measures. Once inside, they can steal personal information, disrupt operations, or even destroy data. Even worse, they can steal your customer data, which is a nightmare from a liability perspective.

In many cases, hackers encrypt your data and hold it for ransom (using ransomware) and extort you, demanding payment to give you your business and customer data back. Even if you pay the ransom, there is no guarantee they won’t leak your data or unencrypt it. They’re criminals; they’re not exactly a well-regulated industry.

In my experience, hackers are bullies.

Bullies suck.

And like most bullies, they’re looking for an easy target. A lot of your strategy should be making yourself and your business a difficult target. Do not underestimate the value of using things like a generated password and MFA to make yourself a difficult target. There a plenty of targets out there, you want to be that scrappy kid on the playground bullies avoid.

Know what to look for In a Cybersecurity Partner

There is an ocean of Managed Service Providers (MSPs) out there that are desperately trying to sell you the shiniest new cybersecurity tool. This is, in part, because we make a pretty good margin on those products. Unfortunately, my IT brethren often resort to leveraging fear, uncertainty, and doubt to do so. We call this FUD selling, and it doesn’t really work.

Not only do I hate this tactic, but they’re also not being 100% truthful with you. Tools help, but cybersecurity is a people and process issue. It doesn’t matter how many tools you have if they’re not being leveraged properly. And even if they are being leveraged properly, businesses and organizations are really just a group of humans working towards the same goal.

Imperfect, fallible, beautifully flawed humans. They (we) all make mistakes.

It’s OK buddy, we understand.

Cybersecurity is a game of minimizing and reducing risk by training people, writing repeatable and sensible processes, THEN adding the right tools in to support your team. So the next time someone tries to sell you a cybersecurity product that’s going to magically fix all your cybersecurity issues, tell them to kick rocks. They’re lying to you.

If you need help with cybersecurity, there are several ways to find an expert who can protect your organization. A good place to start is with a search engine, such as Google or Bing. Look for companies that offer services related to cybersecurity, such as intrusion detection and vulnerability assessment. IT Ninjas is one of these companies. You can also use this handy guide to outsourcing cybersecurity from DesignRush.

Personally, I like using local, American companies for my business needs. In addition to search engines, ask around at your local chamber of commerce for a reputable vendor or partner.

The basics: Protect yourself with A Layered Approach

Policies and Processes

Your best bet against cybercriminals is a layered approach. And the first layer should be training your people and having good processes and policies in place. A lot of that is considered HR and governance, and your organization should be striving to document and implement as many SOPs as it makes sense to have.

Device Security

We can start with the basics, and for device security thats anti-virus. Anti-virus software protects your computer by scanning files for viruses and other malicious code. There are two main types of anti-virus software: signature-based and heuristic-based. Signature-based programs scan each file individually, looking for known virus signatures. Heuristic-based programs use rules to identify suspicious behavior.

Both types of anti-viral software are effective at detecting malware, but signature-based software tends to be more accurate. Problem is, they’re not as effective against newly developed viruses. Note that Anti-virus software helps protect your business from cybercrime, but it is far from the last step you need to take. Many modern cyber threats parade around as legitimate software and processes. Meaning they bypass anti-virus altogether.

In addition, a modern EDR or MDR solution backed by a 24/7 Security Operation Center (SOC) can really help your business respond to incidents before they get out of hand and crush your profitability.

Email Security

Considering over 90% of cyberattacks are executed through Business Email Compromises (BEC), you’re going to want enhanced email security as a layer as well.

Be sure to select a system that includes gateway and mailbox level protection, phishing simulations (and training as a bonus), and last but certainly not least, robust reporting features.

Be aware of phishing scams

Phishing scams are one of the fastest-growing threats to online security. They are the #1 form of BEC.

They often involve emails with links to websites that appear legitimate, but actually lead to sites designed to steal personal information. These sites usually ask users to enter sensitive information such as usernames and passwords. If you receive an email asking for personal information, do not click any link inside the message, unless it’s from a verified and trusted sender.

If you don’t recognize the sender, and you have an IT department or IT service provider, give them a heads up. They can help you identify if it’s a legitimate email pretty quickly. If it is malicious, this will help them identify if that same threat has gotten to your co-workers.

There is a lOT to Cybersecurity

There’s a lot more to cybersecurity than is mentioned here, but I want to keep this article short and readable. Although this subject can be overwhelming, like anything else you just need to break it down into smaller chunks and start working on it.

Scott Augenbaum is a great resource for cybersecurity knowledge. He wrote a guest post for us that you may find interesting.

https://itninjas.tech/cybersecure-mindset/

We’ve also written an article on how to formulate an incident response time, which is a great place to start your cybersecurity journey.

https://itninjas.tech/tips-for-establishing-a-robust-cybersecurity-incident-response-plan/

If you’re not sure where to start and would like some professional advice, reach out to us! Stay safe out there, and have a great day!