CampaignSMS

What Is Cybersecurity? Definition & Best Practices – Forbes Advisor … – Forbes

The Forbes Advisor editorial team is independent and objective. To help support our reporting work, and to continue our ability to provide this content for free to our readers, we receive payment from the companies that advertise on the Forbes Advisor site. This comes from two main sources.
First, we provide paid placements to advertisers to present their offers. The payments we receive for those placements affects how and where advertisers’ offers appear on the site. This site does not include all companies or products available within the market.
Second, we also include links to advertisers’ offers in some of our articles. These “affiliate links” may generate income for our site when you click on them. The compensation we receive from advertisers does not influence the recommendations or advice our editorial team provides in our articles or otherwise impact any of the editorial content on Forbes Advisor.
While we work hard to provide accurate and up to date information at the time of publication that we think you will find relevant, Forbes Advisor does not and cannot guarantee that any information provided is complete and makes no representations or warranties in connection thereto, nor to the accuracy or applicability thereof. You should always check with the product provider to ensure that information provided is the most up to date.
Updated: Sep 7, 2023, 12:48pm
Reviewed By
Reviewed By
Cybersecurity is the practice of protecting networks, data (including private and sensitive data) and devices from hackers and cybercrime by taking precautions.
While cybersecurity might sound like a specialised subject that’s handled by the IT department, chances are your business uses the internet in some form to operate. Every business that uses the internet at all, large or small, should practise cybersecurity.
There are multiple ways of increasing the cybersecurity of your network, devices and data. These methods range from instaling a virus scanner on your device to hiring a whole cybersecurity consulting team. A plan of action to increase cybersecurity for your small business will factor in the different risks associated with your company and take the necessary precautions.
Read on to learn about the different types of cybersecurity risks and best practices to protect yourself and your business.

1
Avast
Starting price
Free; £35.99 first year for up to 10 devices
Inclusions
Firewall, email security and ransomware protection
Moneyback guarantee
30 Days
1
Avast
On Avast’s Website
2
McAfee
Starting price
£29.99 per year
Inclusions
Firewall, email security and ransomware protection
Moneyback guarantee
30 Days
2
McAfee
On McAfee’s Website
The risks of a cyber attack can be devastating to a business or individual. Because so much of our personal and work life live online, cybersecurity should be a vital component of internet use for both personal use and businesses.
If you are a business owner, it is essential that you consider the risks of your business from a cybersecurity perspective. Every business will be different, but unprotected networks and devices that are hacked can lead to the loss of money, time and information of your business. Risks include an attacker compromising some or all of your files and stealing sensitive information.
Another consequence of cybersecurity hacks is decreased consumer trust, which can have a devastating long-term impact on a business.
In today’s world, AI is also a crucial issue for not just corporations but small businesses. SMBs are now utilising ChatGPT among other AI for many functions, but there is a risk that this may be volatile as AI may be being built by technologists who may lack the understanding of how various laws, regulations and contractual commitments affect the technology.
Because so many companies are operating either remotely or with a hybrid model, it’s important to create a cybersecurity plan that accounts for home networks as well and implement appropriate guardrails for tools like AI if applicable.
Businesses may want to consider cybersecurity awareness training for their employees, which typically includes informing employees about how to spot/identify suspicious emails and avoid downloading malware onto a device.
Cybersecurity precautions are equally important for individual users and the risks an individual faces are equally high.
Below, we outline some common types of cyber threats and ways to protect yourself.
Cybersecurity is an umbrella term that refers to precautions for a range of cyber threats. Here are some of the common ones.
Malware is a malicious file or program that causes harm to a computer. Malware usually infects a device by prompting a user to open a fraudulent attachment, such as an email or malicious website. For example, a user may open an email with an attachment that looks similar to a Word document but is actually malware.
Ransomware is a type of malware designed to deny a user or business access to files on their computer through encryption. Those involved will demand a ransom payment to access a decryption key to access the files, which may not even work, thus posing an immediate existential threat to businesses.
Spyware is a malicious file or program designed to gather information about a user. Spyware is a type of malware that collects data without a user’s or organisation’s knowledge. Spyware runs in the background of a device, usually going undetected to the user, and can log a user’s keystrokes, browsing history, personal data and more.
Phishing is the process of sending a fake email that intends to get the user to reveal personal information about themselves. These emails will often have a call to action, or a link for recipients to click on. They may ask for the recipient’s bank info or other personal sensitive information. For example, a phishing email might tell a recipient their account status is incomplete and that they need to update it (through a malicious link).
Smishing is the process of sending a fraudulent SMS with the same malicious intent. Vishing, the practice of calling or leaving voice messages with the intent of gaining personal information for malicious purposes, is another cyber attack. Regardless of the method, the primary purpose of this type of attack is to gain sensitive information or generate immediate income.
Business email compromise (BEC) is a type of phishing attack in which the perpetrators pose as a trusted person and use email to trick a business owner or high-level exec into transferring funds or divulging confidential company info.
A cyber attack typically requires multiple pieces of sensitive information about an individual or company. “Social engineering is the process of using information to get something or to extract something out of you that could be something of further value,” Dr. Chris Mattmann, Chief Technology and Innovation Officer (CTIO) at NASA Jet Propulsion Laboratory, explained.
A hacker might have certain details about a company and use that to gain the trust of an individual who can then reveal more sensitive information that would further help to facilitate an attack. There are many ways hackers do social engineering, including through phishing, social media and phone calls.
A strong password is not a word or pneumonic, includes special characters and has 16 characters or more, according to the U.S. Cybersecurity & Infrastructure Security Agency.
It’s important to also change passwords regularly. “Standard practice corporations and consumers can follow is to change your password every 60 to 90 days across all of your accounts,” Mattmann advised.
Of course, when you are regularly changing passwords, you will need a method to remember them all. That’s what a password manager is for.
There are many password managers available online that will allow you to easily store all of your account information. Some are free and some cost money. Google Chrome provides a free password manager that will also alert you if your login information was found on the dark web.
Two-factor authentication, or 2FA, means that one of your devices must be in your physical possession in order to access your online account. Setting up 2FA will ensure that you need both your computer and your phone, for example, to access an account, thereby preventing break-ins by gaining access to only your username and password.
Firewalls protect external access to your network from malicious traffic. Firewalls can either be hardware or software. Routers may include a firewall and many operating systems will include a built-in firewall that users can enable.
An antivirus scan will help determine if your device is infected with malware. “Antivirus scans will catch malware and spyware that’s been installed on your computer. It’ll actively scan your computer for things like that. And it keeps up with a database of what those types of [viruses] look like, so that it can detect even what we call resident attacks that have been waiting for a while but haven’t been activated,” Mattmann explained.
Antivirus scans are standard for corporations, but Mattmann also recommends them for individual users.
Active dark web scans will search the dark web for your Personally Identifiable Information (PII). These tools are available either for free or as a subscription. It can be useful to enlist services that specifically handle these scans and many credit cards, such as Capital One, are now offering active dark web monitoring to users.
One of the best ways to protect yourself online is to update your software regularly. Attackers take advantage of known software vulnerabilities that are fixed in updated versions of the software. Operating systems often give users the option to update software automatically, making it easier to keep up.
If you are a business owner, any malicious email that an employee opens risks infecting the entire company-wide network. That is a big risk to take. Companies often implement awareness training to inform employees about the kind of emails that are fraudulent and what to keep an eye out for.
Cybersecurity best practices are essential both for companies and for individuals. Implementing a cybersecurity plan for a company for personal internet use will vary depending on the nature of the business and how you use the internet.
It’s important to consider the types of risks your business can face, and implement ways to protect it. The same applies to personal use.
However, best practices such as updating software regularly and using 2FA are easy to implement and are good for any company and individual to set up.

1
Avast
Starting price
Free; £35.99 first year for up to 10 devices
Inclusions
Firewall, email security and ransomware protection
Moneyback guarantee
30 Days
1
Avast
On Avast’s Website
2
McAfee
Starting price
£29.99 per year
Inclusions
Firewall, email security and ransomware protection
Moneyback guarantee
30 Days
2
McAfee
On McAfee’s Website
There are several different types of cybersecurity attacks, including malware, spyware, phishing and social engineering.
Malware is a malicious file that causes harm to a device.
Spyware is a type of malware that will collect data from a device without the user’s knowledge.
Phishing is the process of instaling that malware by sending a fraudulent email with a malicious attachment.
Social engineering is the process of gaining further information or details about an individual or organisation that an attacker does not already have by interacting with them (either by phone, email or another method).
There are many ways to protect yourself from cybersecurity threats. Cybersecurity experts say that awareness of potential threats is one of the most important parts of protecting yourself and establishing security practices.
Some of the basic methods involve installing two-factor authentication to your accounts, running antivirus scans and creating strong passwords that you change regularly.
Social engineering is the process of gaining information about an individual or a company that will be used for a cyber attack.
A hacker might have certain details about a company and use that to gain trust with an individual in the company who can then reveal more sensitive information that would facilitate an attack.
There are many ways hackers do social engineering, including through phishing, through public databases.
Leeron is a New York-based writer with experience covering technology and politics. Her work has appeared in publications such as Quartz, the Village Voice, Gothamist, and Slate.
I’ve been involved in personal finance and property journalism for the past 20 years, editing websites and writing for national newspapers. My objective has always been to offer no-nonsense information to readers that either saves or earns them cash.

source

Leave a Reply

Your email address will not be published. Required fields are marked *