The 101s: Cybersecurity

Cybersecurity 101 IStock 1196678010

Cybersecurity breaches and cybercrimes are increasing as more and more companies and people connect online. At its heart, cybersecurity is the protection of data using a system of policies, procedures, and software to stop unauthorized access or misuse of personal or company electronic data or information.

A strong cybersecurity program will protect computer data centers, equipment and data networks, desktop and laptop computers, software programs, mobile apps, and your cell phone from an attacker trying to gain access.

A cybercrime is criminal activity where the purpose is to gain unauthorized access to equipment and data online. These attackers are people that have illegally gained access through the internet or other means, to your home computer, cell phone, or company computer in order to steal personal or business information.

The goals of a company’s cybersecurity program are:

  • To protect the company’s intellectual property.
  • To protect employee, company, and customer information.
  • To protect the company’s financial information.
  • To ensure the company is meeting government required security compliance.
  • To prevent the interruption of business operations and services.
  • To protect you and your company from becoming a victim of a cyberattack.

Cyberattacks include social engineering, phishing (also called email phishing), spear phishing, malware, and ransomware.

Let’s take a look at each.

  • Social engineering is any act that influences a person to take actions that may not be in their best interest or the best interest of their company.
  • Email phishing is the most common form of social engineering. As the name implies, email phishing uses emails that appear to come from a legitimate source.
  • A phishing email is designed to put the recipient into an emotional state that compels them to provide personal or business information or click on a link or open an attachment without thinking.
  • Spear phishing is email phishing, that is targeted specifically to an individual to make the phish seem more real. Key employees with access to critical and confidential company data or company finances are often the target of spear phishing attacks.
  • Malware, short for “malicious software,” is any program introduced into a computer with the intent to cause damage or gain unauthorized access. Types of malware include viruses, worms, Trojans, ransomware, and spyware.
  • Ransomware is used to infect your computer or cell phone with malware and, as the name suggests, demand a ransom. Ransomware can be used to lock you out of your computer and demand money in exchange to regain access, or it can threaten to publish sensitive personal or company information, such as social security numbers and bank account information, if you don’t pay a specified amount.

So, what can you do to protect yourself and your company?

First, use strong passwords. Creating strong passwords makes it difficult for attackers to gain access. Remember to protect your password. No leaving it on a sticky note stuck to your monitor!

Second, know what a phishing email looks like. Being able to identify a phishing email is key to not be scammed.

Third, know how to safely use social media. Learning how to protect yourself when using social media will help you avoid scams.

Fourth, understand mobile device security. Learn how to protect your personal information stored on your phone.

And fifth, know how to report an incident. This will help your IT department keep your company’s cybersecurity program current.

Being aware and recognizing the signs of a cyberattack are key to keeping your data safe.