The short answer: Because your data is not safe! You could lose all of it. OR, all your personal information could get stolen!
Our work and social lives have changed!
2020 saw a major disruption in the way we work, learn, and socialize. Our internet-connected environments are scaling at a pace we’ve not seen before.
Connectivity is increasing at alarming rates!
The ability to connect to our office networks, cloud storage, and email from anywhere is incredible and has allowed us to stay productive and achieve more. However, this increasing connectivity introduces a whole new set of vulnerabilities of which users must be conscious.
October is Cyber Security Month but we should worry about it EVERY month.
It’s Cyber Security Awareness Month and we’re focusing our efforts on educating businesses and individuals on steps they can take to protect their internet connected devices (computers, servers, printers…).
How safe are you? Do you think you know a lot about cyber security?
How much do you think you know about cyber (internet) security? Are your business (or personal) devices safe from hackers and ransomware?
There are six essential elements of cybersecurity for your business.
We’ll explore them in some detail below.
- Application security
- Information Security
- Network Security
- Disaster Recovery Planning
- Operational Security
- End User Education
Application security includes measures taken to improve the security of an application, or software product often by finding, fixing and preventing security vulnerabilities. An application security system will protect websites and web based application from different types of cyber security threats which exploit vulnerabilities in the application that were either left open or become exposed down the road once it stops receiving updates and patches.
Examples of application security is firewalls, anti-virus software, encryption technology, and web application firewalls (WAF).
Information security (IS) refers to the process of preventing unauthorized access, use, disclosure, disruption, modification, or destruction of information.
The information can be can be anything, such as your personal details, login credentials, network details, profiles on social media, or your mobile phone etc.
Information that is vulnerable to attack include:
- Name, date of birth, age and address
- Contact information
- Bank account details
- Professional information
- Email account details
- Social Media Profile
- Medial record and
- Family information
Any of these, if compromised, could lead to a major loss.
Network security is the process of preventing and protecting against unauthorized access into a computer network.
There are many tools used to improve network security including:
- Antivirus Software
- Email Security
- Virtual Private Network (VPN)
- Web Security
- Wireless Security
- Endpoint Security
- Network Access Control (NAC)
A Disaster Recovery Plan is a set of plans and procedures and procedures that details how business can be resumed quickly and effectively after a disaster such as a major data loss.
A disaster recovery strategy should include plans to determine which applications are most important to running the organization and a view of how to implement recovery in the event of disaster.
Here are four types of disaster recovery plans. Depending on the nature of your business, one of these may suit your needs better than the others.
- Data Center Disaster Recovery
- Cloud-Based Disaster Recovery
- Virtualization Disaster Recovery
- Disaster Recovery as a Service
Operational security (OPSEC) is an analytical and risk management process that identifies the organization’s critical information and then develops a protection mechanism to ensure the security of sensitive information.
To develop an effective operations security program, the organization’s OPSEC officers first find out and define the possible threats and then plan necessary action steps.
There are five steps to process the operational security program, which are as follows:
- Define the organization sensitive information
- Identify the categories of threats
- Analyze security holes and vulnerabilities
- Assessment of Risks
- Implementation of appropriate countermeasures
End User Education
End user education is the most important element of Computer security. End users are becoming the largest security risk in any organization because it can happen anytime.
There are many entry points for security breaches, including end user gateways such as:
- Social Media Use
- Text Messaging
- Apps Download
- Email Link Clicking
- Password Management
To prevent data breaches, it’s recommended to have a cyber security training program in place to educate users on the following:
- Cyber Security and its importance
- Different types of Cyber Threats
- How to use the Internet safely
- Email Phishing and Social Engineering attacks
- Device Security
- Password hygiene