Cybersecurity: What Is It & Why Is It Important?
Imagine if you will, you have moved into a new house. It’s a nice house, and it has some nice things in it. Your things – along with windows and doors and locks.
Now imagine you open your front door. What do you see? Is it safe? Is it a good neighborhood? Are those people joggers or are they vandals running amok? Are those shady characters checking out your house? It looks alright, but it’s hard to tell.
Would you feel comfortable leaving your front door open? What about unlocked? What if someone came to the door and asked to use your bathroom, or for a glass of water? Maybe there are some weird-looking characters wandering around. What would you do? Would you let them in?
Now, what if they came to your house one night and spray-painted it or left a flaming bag of poo on the doorstep? What if they went into your bedroom and started looking through your personal stuff? You wouldn’t be happy, and you would and should be afraid. The next day you would probably want to put in a burglar alarm with cameras, maybe get a guard dog or a bodyguard.
Your computer is like this new house, except that you can’t see the obvious outside dangers. They are however certainly around and cybersecurity for your computer should be the equivalent of the burglar alarm, guard dog, and bodyguard for your house.
This is Your Life Online – Whether You Realize It or Not.
Cybersecurity is exactly what it sounds like: “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” In other words, it is security for your online presence and activities.
Why Me? What Do I Have That is Valuable?
You have many valuable “things” on your computers, portable devices, and phones. Bad people want them. This could be your personal information, your banking info, credit cards, your social security number, access to all your company’s confidential or protected information…anything really.
But WHY Do These Problems Exist? Don’t We Have Super-smart People Writing Computer Code?
First, a little background: All devices, whether they are PCs, Macs, laptops, phones, IOT (Internet Of Things) – Internet-connected devices, all have an Operating System (OS). An OS provides the instructions to the device. As you can imagine, an OS is a very complex piece of software, typically with millions of lines of code. It is created by a group of smart people, but there are instances where one piece of code is perfectly secure, but then weakness or flaws develop when it is added to a different part of the code.
Sometimes parts of other software programs – applications, which are created by different companies – create conflicts that neither party could foresee on their own or for their own applications. Sometimes in order for a program to work, it needs to make changes that make the system less secure.
And the biggest issue – connecting to the Internet. In order to use the Internet and email, instant messages, etc., you have to ‘be online’. Once that happens, you open up ‘holes’ or ports to get that access out. Those holes allow bad things to come in…
You can lock a steel front door to your house with 3 deadbolts – which would be good protection for someone trying to get in that way. But if you don’t secure the back door, what good does it do?
Even doing in-depth quality assurance on software, testing applications extensively, and a launching large universe of anti-malware companies and communities for your network, there will still be issues.
What If Hackers Get Into The Server(s)?
There is a company outside of Washington, D.C. that had state and federal government business contracts. Just to get into the building, you had to have either a keycard for the garage or check in with a guard in the lobby. The guard would ask to see your driver’s license, note the time and date you came in, who you were there to see, and hand you a sticker with your floor number on it. Now, they also take your picture and print out your info on a plastic card that you have to wear in a visible location.
Then, suppose you went to the elevator after gaining permitted entry to the building and selected your floor. If the floor was ‘protected’, you had to wait in the lobby until someone came down and signed, authorizing you to come in. Then when you got on the elevator, that person had to enter a magnetic key card to push the button to their floor.
When you arrived at a high-security floor, there was a (bulletproof) glass wall, with an intercom. You had to speak to the receptionist and wait until someone came out and brought you back. Otherwise, you weren’t going anywhere.
Most server hosting facilities have all these protections and more – biometric scans must be always accompanied by a staff member, metal detectors, and more. These facilities make it as difficult as possible to get in.
Pretty Good Security, Don’t You Think? Wish We Had It for the Internet?
Well, ALL of these “measures” are duplicated in the online world:
Getting into the building: To get to a protected area on a website, (to shop, read medical records, etc.) we use a username password to identify the person.
Register at the front desk: Systems record the time and date you visit the site and tags you with a cookie or other code to track you as you move through the site.
Someone comes out to “vouch for you”: 2 Factor Authentication, or a secondary means to ensure that you really are who you claim to be. An example is seen when a bank texts an ID number to your phone to confirm a transaction.
All these steps are the same as setting up a Virtual Private Network (VPN). A VPN “extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across the VPN may therefore benefit from the functionality, security, and management of the private network.
A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, and/or traffic encryption. From a user perspective, the resources available within the private network can be accessed remotely.
In essence, it creates a private, encrypted connection or tunnel between your machine and the website or resource you are visiting. VPNs cannot make online connections completely secure, but they can usually increase privacy and security dramatically.
VPNs require 3 things:
- Authentication – prove who you are and that you are allowed to access the resource (through passwords, 2-factor authentication, or digital certificates).
- Confidentiality – keeping the data exchange private (by encryption of traffic).
- Integrity – a way to ensure that the data is accurate and consistent, any tampering is logged, and you are notified.
So Why Does This Matter?
The short and sweet answer: to protect you from the bad guys. From phishing scams to ransomware to zero-day threats, cybersecurity is more important than ever. Getting hacked is more than just a threat to you, it’s a threat to any confidential information you may work with as well as your clients.
So . . . treat your computer and any networks to which it is connected as your house in a dangerous neighborhood. And to make sure your computer is as secure as you would want that house, use all the cybersecurity equivalents to the protections you would bring to that house, starting with usernames and passwords, multi-factor authentication, and VPNs.
But don’t stop there. Get a secure repository for storing and collaborating with your most sensitive information – the equivalent of a safe in your house. And then, as you would with that safe, use sophisticated permissioning protocols – the equivalent of having the combination to the safe – to decide who is allowed to access the repository and what they can do, and not do, while they are there. This last step is where RegDOX can help.