As the world is more connected and we rely on technologies more than ever, Cyber attacks often become headlines in news. Cybersecurity is brought up each time when incidents occur. For example, Colonial Pipeline was ransomed for $4.4 million in 2021.
What is Cybersecurity?
Cybersecurity is the practice that protects users’ digital information from loss and unauthorized access. A few examples of digital information:
- Username & Passwords to login websites
- Social Security Number
- Bank account information
- Credit card information
Cybersecurity leverage all available technologies to prevent Cyber attacks from succeeding. An anti-virus software on your computer is no longer sufficient for protecting you today.
Academically Cybersecurity includes but not limited to Application Security, Cloud Security, Infrastructure Security, Network Security and Internet of Things (IoT) Security.
Why is Cybersecurity important?
Let’s see what damages Cybercrimes can cause.
- If they steal your identity, log on websites, your reputation can be ruined.
- If they steal your banking and credit card information, they can steal your money.
- If they attack your network, make your IT systems stop working at all, your business is halted, you endure loss of revenue, your clients’ confidence in you, as well.
- If they lock your IT systems, they can extort for money – some businesses go bankrupt because of this.
- If they steal your sensitive business information and sell them, you’ll suffer a loss.
- If they steal your clients’ sensitive information, you might have legal consequence.
Why is Cybersecurity important? You don’t want any of these happen to you. Your investment to Cybersecurity keeps your business operating.
Report said that $6.9 billion was lost to Cybercrimes in 2021.
Today, Cloud technologies are widely adopted, smartphones are popular, IoT devices are deployed more and more. All these mean that our digital information are everywhere on the Internet. If they are not safeguarded properly, we are waiting for disasters to happen.
No one is immune to Cybercrimes. Put it this way: it’s not if but when you will fall victim of Cybercrimes.
What businesses can do about their Cybersecurity?
Cybersecurity leverages lots of technologies, each aiming at different goal. NIST & CIS frameworks help to systematically understand them.
National Institute of Standards and Technology (NIST) put Cybersecurity technologies in 5 functions: Identity, Protect, Detect, Respond and Recover, each function contain multiple categories.
Center for Internet Security (CIS) organizes Cybersecurity technologies from different view by introducing 3 Implementation Groups, IG1 is defined as “essential cyber hygiene”, IG2 builds upon IG1, and IG3 is comprised of all the Controls and Safeguards.
If you want to have a gist of actions you can take before learning about NIST and CIS Cybersecurity frameworks, here’re a few examples.
Educate all team members about the Cybersecurity
Keep educating them Why Cybersecurity is important. Make the education a routine.
Enforce a Password Policy in your organization
Create complex and unique passwords; use a Password Manager.
Set up Multiple Factor Authentication (MFA)
Set MFA up on all IT systems applicable.
Deploy Endpoint Security software
Deploy on all computers.
Backup three copies or more, using different technologies, different hardware, and different vendors.
CIS Critical Security Controls Version 8
What Cybersecurity Measures Small Businesses Should Implement