Chris is a freelance writer in the self-help and personal development niche. His interests also vary from anime to zodiac signs.
When you think of cyber security, what do you imagine?
Is it a lone figure in a darkened room, typing manically over several rows of keyboards while a long series of codes appear on multiple screens?
Blame the movies for putting that image in your brain.
As a result, you got the idea that cyber security is a complex, unexplainable concept fit only for nerds and computer experts.
But, in reality, cyber security can involve someone as common as a person accessing his Facebook account while on the street.
In this post, I'll explain to you the what, why, and how of protecting your computers and online activities. Cyber security explained is perfect for beginners who just recently became aware of it. Whether you're an individual, a small or large business owner, learn why cyber security matters.
What exactly is cyber security?
It helps to break it down into two concepts.
Technically, the word cyber pertains to the "internet" or “virtual reality”.
But cyber can also loosely pertain to computers and anything computer-related (software, hardware, network systems, etc.). That includes your phones, social media accounts, and websites. Because behind the scenes, software and network systems run your personal devices and everything else that you do online.
Security simply means protection.
On a high level, cyber security is the manner of protecting your computers and anything else that's connected to computers.
Information Technology (IT) security vs Cyber security
It’s common for people to interchange IT security and cyber security. The two are closely related and slightly different.
For one, IT security is much broader and encompasses not only the protection of your virtual information but also of your physical information (e.g. physical access to buildings and sites to prevent theft/loss of data).
Cyber security, on the other hand, includes only the protection of your virtual information, networks, and computer systems.
But protect from what?
Many threats exist to attack your cyber world. You may or may not be aware of these threats. Your lack of knowledge becomes part of the danger.
For the purpose of illustration, imagine yourself as the general of a fortress. Your fortress is your computer or online space. You're about to launch a defend-the-fortress strategy.
What would be your tactics for winning?
First, know your enemy. What are the types of cyber security threats?
Your computer or online activities may be vulnerable to these threats:
Whenever you go online, you occupy space on the world wide web. Normally, you would use known and valid entry points (such as your log-in credentials). A backdoor can bypass such entry points. As a result, someone else who might have malicious intent may invade your space without your knowledge or permission.
Think of your fortress now. Does it have secret doors or passages where someone can enter and surprise you?
Denial of service (DOS) attacks
You might be a victim of DOS attacks if your systems or network resources are unable to process information from valid users. An attacker causes it by flooding and overloading your systems, servers, and networks. The attack may come from a single IP address or it can be distributed from several infected host machines.
For example, you want to admit survivors inside your fortress. But your enemy decides instead to drop a horde of zombies near your main gate. Thus, making it impossible for the survivors to approach and enter.
Malware is your many-faced enemy. It can come in the guise of viruses, trojans, worms, ransomware, and spyware.
Viruses, just like in biology, cause infections. It can attach, spread, and replicate inside your computer and its systems. It might cause paralysis (frequent hanging) and ultimately result in the blue screen of death.
Trojans were named after the infamous strategy used by Greeks to invade the city of Troy. One day, a large wooden horse arrived as a gift. But the horse contained Greek soldiers. They opened the city gates for their comrades. You can deduce what happened next.
Worms, burrow inside your networks and computers, often through email attachments.
Ransomware locks you out from your account and demands a hefty sum (the ransom) from you. Or else, the attacker will publish or delete your data.
Spyware collects information from you through your browsing habits. Then, the attacker will use the information to blackmail you or to perform other evil intent.
Phishing involves sending mass emails that ask unsuspecting users to visit a website (that on first look appeared legitimate). But the truth is, that website is just masquerading. By posing as a seemingly trusted and legitimate site, it will be able to collect your credentials or log-in details.
Going back to your fortress, your enemy might wisely stop the zombies. Thus, the survivors will be able to finally enter your fortress. But along the way, your enemy inserted a zombie masquerading as a human (how the enemy will achieve this is up to your imagination).
The zombie will gain your trust (especially if it's someone you already know). And after your trust was gained, you willingly gave the keys to your kingdom.
(Effective phishing sites are smart enough to gain your trust and make you give up your credentials).
In here, the attacker inserts himself in the online transaction between you and another party. You might think that you're sending data to a legitimate receiver. In fact, a middleman already arranged to divert your data elsewhere.
This is the most widespread threat. If you're the type to use common, easy-to-guess passwords, password attackers will love you.
Because then, they don't have to use more complex methods to obtain your password such as social engineering, gaining access to password databases, or mining unencrypted passwords.
They simply have to guess it. And you made it easy for them to do so.
Other less common threats exist such as cross-site scripting, rootkits, and Internet of Things (IoT) attacks. But for the purpose of this post, the six mentioned threats above are the most common.
Now that you're aware of the threats, what can you employ as tactics for protecting your computer and anything related to it?
You must understand that cyber security involves many layers and accountability.
The ideal approach for cyber security is to identify all of your weak points. Then, either eliminate or provide a defense against attackers.
But in practice, it's not that easy. Most of the times, the weakest link is the people using the computers and network systems. Hence, information and awareness are one of your best weapons.
Here are some best practices to protect yourself from cyber security attacks.
If you're an individual user:
- Educate yourself.
- Do not click links or open suspicious emails.
- Always update your phone's operating systems.
- Do not use public Wi-Fi for private and personal transactions (especially if it involves money).
- Regularly update your passwords. Don't use weak and common passwords.
If you're a small business owner:
- Educate yourself and your people about cyber security.
- Set up a back-up system for your data (If data is small, a reliable external hard drive stored in an offsite secure location might be enough).
- Regularly update your computer systems and change passwords.
If you're a large entity owner:
- Educate yourself and your people about cyber security.
- Always review and update your system policies and procedures.
- If workers are doing remote work, provide a virtual private network (VPN).
- Set a system in place where critical data can be wiped out in case your work devices got lost or was stolen.
- Perform a regular internal audit of systems. Coordinate with the external audit to identify system weak points that need protection.
- Invest in new technology and advanced cyber security tools.
The bottom line
When you become aware of what cyber security is, the threats and its importance, the tendency is to be more conscious of how you navigate the online space.
You need not be afraid of the threats if you're prepared to deal with them. But with the constant evolution of technology, the threats also morph into new, stronger enemies.
Whether you're an individual, small, or large business owner, you have to be alert and learn to keep up.
You don't need to be a nerd or computer expert to understand cyber security. You just need presence of mind when engaging online so that you don't fall into the trap of most cyber attacks.
Did you experience a cyber attack before?
Let me know your stories below and share some advice or tips on how you handled it.
This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional.
© 2020 Chris Martine