To most, cybersecurity means protection through technical means such as anti-virus or anti-malware software, firewalls, Access Control Lists, user-ids and passwords. Though the protection of data is a major part of cybersecurity, company data security can be attacked in many ways, including via denial-of-service attacks, direct-access attacks, spoofing, tampering, privilege escalation and more.
With October being National Cybersecurity Awareness Month and data breaches continuing to rise every year, it is important that organizations continue to educate their employees on security in the workplace. Whether it is through phishing emails or social engineering, people are still the number one way attackers get into organizations’ and personal computer systems, and we need to guard against such attacks by educating others on how to do so.
So What is Cybersecurity?
Cybersecurity has several different definitions:
- Cybersecurity refers to preventative methods used to protect information from being stolen, compromised or attacked.
- The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.
- Computer security, also known as cybersecurity or Information Technology (IT) security, is the protection of computer systems from the theft or damage to their hardware, software or information and the disruption or misdirection of the services they provide.
- Cybersecurity includes controlling physical access to the hardware and protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional or accidental, IT security is susceptible to being tricked into deviating from secure procedures through various methods.
Understanding the Impact of a Breach
Data breaches are costly for all parties involved. In fact, it has been determined that violations can cost somewhere between $150 and $250 dollars per breached record. Many companies could not tolerate such fines. However, when it comes to attacks, no one is immune: companies such as Target, Equifax, Home Depot and many more have suffered from security hacks in recent years. Due to its prevalence, you can quickly begin to see why information security is everyone’s responsibility, not just the IT department’s.
Creating a Cyber Secured Culture
Integrating the IT department’s best practices into the company culture and training as a whole is a great starting point to becoming more digitally secure. Unfortunately, almost all hacks can be traced back to human error.
From clicking on a link in an email to participating in a social engineering scam that gives away passwords, it is important for everyone in the organization to understand what potential threats exist. At a minimum, it is advised that you ensure your employees know:
- What apps, websites or sharing sites are allowed to either be installed or used, if any.
- Best practices for passwords, including those surrounding password length and strength. For example, requiring routinely updated passwords with uppercase and lowercase letters, numbers and symbols increases security.
- To back up work based on company policy.
- To lock computers when leaving them at a desk.
- To avoid letting unknown or unverified persons into the office (no tailgating).
- What to look for in a phishing email.
- To never give login credentials to anybody.
- To lock up sensitive documents in a desk or file cabinet when not in use.
- To speak up if there are strange happenings on a computer.
- If they are unsure, ask.
It is vital that organizations of all sizes continue to provide and educate their employees on the importance of cybersecurity. Further, it is essential to know that security culture extends beyond the office: the same standards apply for computer security at home as well.
For more information on National Cybersecurity Month, click here.