By Alexander Bovell, CISSP, a seasoned IT professional with a wealth of knowledge in the field of information security.
Often, I’m asked, what is cybersecurity? Why is cybersecurity important? What job sector would it be implemented in? Cybersecurity protects computers, networks, and data from unauthorized access or damage. While most users use products as intended, others use them for nefarious activities. Cyber and information security personnel help protect against these bad actors and advise where protections should be implemented. As to where it should be implemented, my answer is that information security should be implemented everywhere, from schools, businesses, and most importantly, within the home. As computers are being utilized in every aspect of our society, protecting these assets is necessary.
Cybersecurity is essential to the way we interact with the internet today. Without it, the internet would be far more dangerous and unsecure. Information security professionals implement security measures that allow us to make secure online transactions. Without these measures, our communications would be unsecured, and it would be easy for third parties to infiltrate and to listen to our communications without our knowledge or consent.
Basic security awareness training should be implemented before people access the network in a business and any unique environment. One simple mistake by the lowest level employee can bring a company to its knees. From a personal perspective, revealing private information on the internet can ruin someone’s life. Everyone has their part to play regarding information and cybersecurity: the public, business leaders, and governments.
Businesses use tools such as firewalls, intrusion detection and prevention systems to increase their security and protect their data, but what can we do personally to increase our security? Here are three tools I often encourage people to use daily:
- A password manager. Do not save passwords in your browser.
- Use a virtual private network (VPN) when connecting to an untrusted Wi-Fi network AKA public Wi-Fi.
- Use multi-factor authentication on important online accounts.
Businesses also have a role to play. Every business (whether public or private) where a person interacts with a computer or handles sensitive information (whether physical or electronic) should receive security awareness training. This training can be as simple as watching a 15-minute video and doing a short 8-question assessment afterward. This training will teach an individual the basics of what red flags to look for in their emails and while browsing online. The training can also help to reiterate the importance of multi-factor authentication and the use of password managers in order to improve their security. These security protocols not only help members become safer while navigating the internet, but it is ultimately more beneficial to the business in the long run. It reduces the likelihood of an incident from improper use of the company’s systems.
Businesses need to take the likelihood of these incidents seriously. If there is a security incident, it can result in financial loss, irreversible reputational damage, and reduced productivity. Business continuity plans (BCP) and disaster recovery plans (DRP) are a set of documentation that can mitigate the effects of security incidents. These plans outline the steps taken to inform key stakeholders and resume the functionality of the business as soon as possible. Unfortunately, because IT departments do not directly contribute to revenue growth, many companies have difficulty justifying the investment needed to construct a useful IT and security department.
Hence, the government has a role to play. The government should ensure that they protect its citizens through laws and proper infrastructure and that businesses are making efforts that align with the government’s goals, which should protect its citizens and their information.
Governments ought to inform the public of the dangers they may face. When there is an increase in road fatalities, the government puts out notices for people to be more careful. There should be public notices for major security events (such as a flaw found in popular software or a security breach) or simple reminders (such as best practices) for the public. Providing such critical information can be done by dedicating a section in the newspaper or segments on the radio to cybersecurity awareness. By using these methods, the government can reach all demographics. The information shared would raise awareness and inform the public what best practices they should implement to avoid becoming victims.
Implementing the right security controls not only protects software and information but also protects physical infrastructure. Yes, cyber-security incidents can cause physical damage to infrastructure. Don’t believe me? Stuxnet, a computer worm (a self-replicating virus) discovered in 2010, was designed to target and interfere with Iran’s nuclear program by disrupting the centrifuges used to create the nuclear material. It was said to spread to many systems, evading anti-virus software and only attacking systems specific to the nuclear program.
Cybersecurity is a shared responsibility, and we all have a role to play. People need to be aware of the risk they face on the internet and be informed on ways to protect themselves. Businesses need to implement the right security measures to protect their data. Governments must ensure that people and businesses do what is right by enacting the right laws. Like physical security, if we all work together, we can lessen or even mitigate the effects of a cyber incident. Cybersecurity is essential.