Cyber Security Basics

Note: Zing is NOT a cybersecurity firm. We are simply sharing the best practices and methodologies from clients and partners from the cyber secure worlds of manufacturing, e-commerce, insurance, and defense.

Does your organization or business have what it takes to successfully defend itself? Read on to learn about what cyber security is, what to watch out for,  a few best practices to ensure your data is protected, and hiring a professional or company.

What Is Cybersecurity?

First and foremost, it’s important to define what cyber security is and what it is not.

Cyber security is about protecting an organization’s data from theft and corruption from either/both corrupt internal and external forces. How do cyber-attacks happen and what can your organization do to prevent them?

Cybersecurity is a defensive posture—instead of relying solely on technology to keep your organization safe, you incorporate a variety of best practices and security measures to ensure that your data and operations are safe from potential threats. A successful cyber security strategy ensures that you’re constantly improving your cybersecurity by always being aware of threats and implementing strategies to reduce them.

Cybersecurity is NOT static; a company cannot set up a strategy, implement it once, and call it done. Defending against these threats isn’t something that can be done once and for all—it requires continual monitoring of internet threat indicators to identify new threats, information-gathering, creation of security measures, and then ongoing implementation of the security measures you’ve put in place. This is done through having a centralized cybersecurity team consisting of analysts, security personnel, an entire cyber security department, and an IT department who can effectively help with maintaining a safe and secure internet infrastructure.

The types of cyber threats vary from the typical malware attack, like ransomware, to a data breach, like a customer data breach or malware. Cybersecurity includes a wide spectrum that includes an internal network breach, external hacking, and everything in between.

Ransomware is a form of malicious software that restricts access to the victim’s computer system until a ransom is paid. It works by infecting legitimate applications or sectors of data (like Concordia Pipeline’s billing system), then encrypts certain files on those systems, making them unusable until a payment is received. Once payment is received, the hacker or ransomware user releases the encryption key to unlock the hijacked systems or software.

The major threats to an organization come from external hacking and faulty internet infrastructure. With cyber-attacks, there are always lessons to learn. The double-edged sword of cyber-attacks is that you can’t ever know if you have done everything in your power to stop hackers. In this way, cyber security is like a never-ending game of cat and mouse, and hackers continuously keep testing different ways to get into your company.

An appropriate amount of digital security training is provided for all employees by their company. If done correctly, the training reinforces the importance of keeping your company’s information and data private, secure, and as protected as possible. In the world of cybersecurity, a lot of hacking is about social engineering. Hackers will try to trick people into giving up their passwords by sending them emails that look like they’re coming from friends or family. They’ll try to get your contact information through email so they can call you and con you into giving up private details. According to the 2018 Verizon Data Breach Investigations Report, 80 percent of breaches involve stolen or weak passwords. The second most common cause of breaches was cyber criminals using malware and malicious software to infect endpoints (computers, cell phones, and other connected devices), followed by phishing attacks.

Most organizations require the installation of software programs to push practices like internal air/traffic filtering, firewall, and virus protection into place. Hopefully your company’s internal IT team has already done this, and if not, it’s probably on the to-do list for when the time comes for a big data breach. Against targeted attacks, a software program is like a property insurance policy that will shield your information from the cold hard cyber wind until it finds its way into the hands of a cyber criminal.

When developing a cybersecurity strategy, the first thing to make sure you know is the overall research stage your organization needs to go through to ensure you’re ready to have a successful attack prevention strategy.

However, it’s important to note that even software that relies on software controls to provide its protection can be overrun now and then by malware and other hacking activities via viruses, Trojans, and any other network-based anomalies. (Remember, the FBI just dubbed the hacking of ATMs “Bot-less Finance.”)

Private personal data systems (IE: E-Commerce records, employee records, banking records, Electronic medical records) are a goldmine for hackers since this is where customers and clients’ private information is stored. All it would take is one breach to compromise the information of millions of people. That’s why it’s crucial to keep your medical records secure, and to make sure that your medical records are as safe as possible. A lot of the time, third party vendors are the weak spot when it comes to cybersecurity. They don’t necessarily have the same level of security in place as a company would have, so a lot of times a hacker will go after a third-party vendor that has access to your company’s data and use them to get into the company.

While not technically part of the software field, an organization’s main IT security is scheduled to Cyber Security Risk Mitigation (CSM) and is almost always performed using software. They include such tools as antivirus software, firewall, and IP blocking.

Hiring a Cybersecurity Person or Company

The best way to work out if a cybersecurity specialist is any good is to ask for references from previous customers and to ask them how they would describe the relationship between you and their firm.

When hiring a cybersecurity specialist, look for these key traits.

First, they need to be adaptable. The cybersecurity landscape changes rapidly, so you want someone who’s able to adjust their strategy when it comes to defending your network this also means they have a high level of technical ability with which to start, so they can understand the vulnerabilities in your system and come up with a solution

Second, you need someone who is a self-starter. Successful people in the cybersecurity field are constantly monitoring systems and maintaining their focus on protecting those systems. You DO NOT want to have a ransomware popup, or a breach be the only time your people clock in.

Third, make sure they have experience dealing with the law. If a specialist is a self-proclaimed “white hat hacker” looking for remote access to your computer, that’s a red flag.  Here are some more red flags to watch out for: -The cybersecurity specialist has very few or no social media or online presence at all. -The cybersecurity specialist is not willing to disclose their qualifications or certifications.

We also recommend that you find a cybersecurity specialist who is willing to sit down with you, learn about exactly what your company does, and figure out the best way to help you keep your systems safe. Security specialists should be able to communicate well with their clients. They should be able to articulate the potential risks and threats, in a way that’s easy to understand and straight forward to implement. They should also be able to communicate well with their team, and be able to teach them how to identify and mitigate security vulnerabilities.

While Zing is NOT a cybersecurity company, we hope that these best practices will keep you a little safer in the future.  We just went a mile wide and an inch deep into this world. Before you start any cybersecurity program, contact a computer systems and security specialist (maybe hire them using the advice above).