Section 1 – Welcome to Cyber Self-Defense
The internet is a wild world, and the only defense for anybody is awareness. Everybody who has a device with access to the internet, which is just about everybody, needs to be following some best practices with their devices. My 6 year old has a laptop, a desktop, 2 iPads, and an old cell phone. Think of all the damage that can be done with those devices. Seriously? Yes! And I’m not talking about seriously potential damage, but seriously she has all that stuff – ridiculous. I keep her devices segregated from mine, because I don’t want anything she’s got going on to affect me. So, no I’m not telling you to lecture your 6 year olds about cyber security, they don’t care.
What you do need to understand, is the impact you can have on yourself, and others, when accessing the internet. There are many unknown threats out there, and this post is going to educate you on what threats there are, the following posts will be about how to protect yourself from those threats.
What are they looking for?
Who are “they”? The attackers of course. They want all kinds of data about your business, data about your customers, personal data, bank info, medical records, personal ID info, any intellectual property they can get their hands on! It needs to stop, and who better than you to stop it. You’re not a super hero, or a super hacker, I don’t think anyways – but you are super caring if you found yourself reading this. You are the number one defense, and those around you.
What needs to be protected?
We talked about who, now it’s time for what. What are we even protecting? Well let’s make a list:
That’s “CIA”. Confidentiality, integrity, and availability. Let’s define all of those in short form:
Protecting data about workers, and about the business
Protecting data from being corrupted, and staying accurate
Protecting the ability to access data at all times
Who is helping protect you?
Do you think anybody is out there protecting you? If you say no, you’re wrong. There are many things in place that protect your data, and they work well, but nothing is perfect. Let me reiterate that you are the best defense for personal, and business, data. What’s best for your personal data, is also best for the business – Why? Because if your personal devices are infected, there’s potential for that to spread to your business as well.
IT Support may also be protecting you, if your company has a IT department, or an outsourced IT support company. A constantly evolving security structure protects you from unknown attacks, even if you don’t notice it. There are people employed whose only purpose is protecting our companies from attacks!
Microsoft! Shazam! They’re protecting you? Little old you? F yes they are! They deploy massive updates, monitor constantly changing threats, filter emails for malware and phishing, encrypt data on your local hard drive, and provide a “security onion” that constantly monitors network activity in your business. And no, I don’t mean security onion by lingo so boring that it burns your eyes, there are literally layers of security defending networks that you don’t know about. A frickin onion with laser beams on it’s frickin head.
Humans are the weakest link, but are also the best defense! You can spot when something is wrong, and report it. If you’re not sure who to report it to, we’ll go over that in another post. It’s easy to tell when somethings wrong, is there an error that keeps popping up, an unusually slow program, you machine is unusually slow, or your antivirus keeps bugging you? It’s probably an issue that should be resolved.
New weaknesses are constantly discovered, literally daily, and old weaknesses are not being prevented if you’re not updating your computer regularly. So quit turning off windows update! Update that thing! A lot of people don’t care about these types of things, until they are attacked, then it’s too late. That’s some people’s starting point, but you should be proactive and start before it’s too late.
Who are the attackers?
Inexperienced hacker, who uses prebuilt tools to hack for fun
Black Hat Hackers
An attacker with malicious intent
A person who uses hacking as a form of activism, like an anti-pipeline protestor, an anti-democratic party, or someone who just wants to leave their mark
Disgruntled Employees or Friends
Just there to cause some trouble because they’re crabby
Leaving your computer unlocked, your phone laying around, sharing passwords
A weakness in software you use, that allows attackers to write a hack to break in or trick your computer to do something
A tool that allows hackers to achieve what they’re trying to do, normally bundled with a “safe” file
Phishing targeting you, or phishing via mass emails/text/phone calls, or verbal communication that tricks you into giving up information, or talks you in to visiting a malicious site
There are literally millions of ways you can be compromised, and that’s terrifying! For me it is anyways, maybe you don’t even care. If you don’t care, you probably wouldn’t have made it to the conclusion though. Feel free to ask questions, if you need clarity, or let me know if there’s an attack type that I haven’t covered here, or just things that people should be aware of.