The ABCs of Cybersecurity - Part II

In a continued celebration and honoring of National Cybersecurity Awareness Month, we will take a look at some of the key elements of cybersecurity associated with the letters I through Q in part two of the three-piece blog, “The ABCs of Cybersecurity”.

‍

IoT or the Internet of Things is the catch-all term used to describe the interconnected network of devices. An item is considered to be a part of the IoT world if it is able to connect to the Internet. While we first think of accessing the Internet from our phones or laptop computers, there are so many items in our personal and professional lives that can be connected to the Internet due to innovations and modernizations across industries. Examples of IoT in our everyday lives range from smart watches, fitness trackers, Wi-Fi-connectable baby monitors, smart thermostats, smart security systems, smart insulin pumps, smart cars, and so much more! As more and more of the world around us becomes Internet-capable, the scope of IoT grows and grows as well. 

Java describes the language that is foreign to most of us but that so many cybersecurity professionals are fluent in. Java is a programming language used to create websites and applications in order to make them function in ways that are clear to people who do not understand this technical language. It’s a building block for many computer programmers today!

Key, in terms of cybersecurity, refers to the code or password used to gain access to certain networks or pieces of information. A key is an essential part of authentication and verifying that a user trying to view or edit something is allowed to do so.  

At first glance, least privilege sounds like it is something negative, but it is certainly an important and positive element in having strong cybersecurity defenses. Least privilege refers to the practice of only allowing users access to the things which are essential for their job functions. Granting excess access above and beyond “least privilege” not only puts the entity which owns the data at risk of attack but it puts the user in a risky situation where they may compromise their own security. It is better for everyone involved if least privilege is the common practice when approaching cybersecurity. 

Multi-factor authentication refers to the process in which a user receives a one-time code when logging into their account. This is an added step on top of entering the unique login credentials (username and password) set up for the given account. By using multiple factors to gain access to your accounts, you are protecting your data from cybercriminals who might try to sneakily access your information following a data breach or other exploited vulnerability. This helps to further verify that a user is authorized to access a given account and is a short, sweet step that can be implemented for all users today!

Network security is the term which describes the sect of cybersecurity focused on protecting networks. Protection encompasses preventing and blocking data breaches, malware attacks, vulnerability exploitations, and other threats to your network. Network security, cloud security, operating system security, and information security are the commonly cited elements which make up a holistic view of cybersecurity. 

As just mentioned, operating system security (OS Security) is one of the key elements which makes up a complete view of cybersecurity. This refers to the protection of physical devices such as computers, phones, and other devices (think IoT!). Protecting the operating system is critical to keeping a device safe to use. Be sure to update your OS as updates are pushed out by the manufacturer throughout the year. 

PII stands for personally identifiable information. This is among the most important data that is held by any entity out there. PII includes the private information for customers, employees, vendors, and more and encompasses information such as a person’s name, contact information such as phone number or email address, social security number, financial details such as credit card numbers or bank account information, home or mailing addresses, and more. It is valuable information to the people whose data it is and the company who possesses it, but is also unfortunately highly attractive to malicious actors out there as they can take this information and use it in a ransomware attack or sell it on the dark web for money.

Quarterly might not sound like a big cybersecurity term and more like something out of the world of finance; however, an important element of cybersecurity is keeping things updated and taking an inventory of our technology and online presence. On a quarterly basis, be sure to take the following steps to refresh your own personal cybersecurity. 

• Change passwords, particularly for your frequently accessed accounts. 

• Tip: Make the process of keeping up with your updated passwords easier on yourself by using a free password manager. 

• Update all operating systems.
• Sift through your connections on social media and get rid of any suspicious “friends” and unfollow accounts that you are no longer interested in. 
• Check which subscriptions and accounts you still have out there and delete any that you no longer need. 
• Clean up your inbox by unsubscribing to websites that you no longer wish to interact with. 

‍

Image by rawpixel.com for Freepik. 

‍