Today, connecting far beyond our physical reach is necessary for any business or individual to elevate. Technology has given us amazing resources to do that, such as social media platforms and even 4k cameras in handheld mobile devices. However, at what costs? Daily, you can read about an organization or individual being the victim of Malware, Phishing, Ransomware, Social Engineering, and other intricate cyber-attack. Yet, we seldom stop to think about how much information a business maintains, processes, and stores about us. Everything from Geo-tagged locations, home addresses, the routes we take, banking information, usernames, and passwords for every site we log into, our browser history, and even images of our precious loved ones are all logged, monitored, and exploited. Nevertheless, through education and improved cybersecurity habits, we can protect ourselves.
What is Cybersecurity?
The prevention of damage, unauthorized use, or exploitation of electronic and personal data.
What is Personal Data?
Information about a particular person, especially sensitive information regarding their finances, medical history, etc.
Why should I care about Cybersecurity?
The internet is a fascinating place. However, it is not as secure or private as you may believe. Very minimal, if any, controls are implemented into these apps, search engines, websites, or devices that connect to the internet. Imagine being captivated by the beauty of Positano, Italy, Denali National Park, or even Victoria Falls for a moment. While you are in awe of the landscape, all your personal belongings, including your clothes, socks, nail polish, and hair ties, are quietly and politely stripped from you and sold to a third party. Now, the third-party begins erecting banners and billboards throughout that landscape to advertise to you what has been taken from you. Some of you may buy into the advertising, others may not, but you return and do this repeatedly. That is the internet.
What is a Control?
Controls are cybersecurity countermeasures to detect, prevent, reduce, or counteract security risks. Controls are meant to adapt to an evolving environment.
How do I protect my business, myself, and my belongings while using the internet?
For individuals, a mitigating control is using virtual private networks (VPNs). A VPN allows for encryption over a public network, typically the internet. You should never connect to free unsecured Wi-Fi without using a VPN. If you cannot use a website while using a VPN, that typically tells you everything you need to know about the site.
For a business, more controls must be implemented. To identify where to start, the business must classify its data. Meaning what type of data the business generates, maintains, processes, or stores based on the mission area and information type (e.g., Education, Energy, Health, Law Enforcement, Litigation & Judicial Activities, Transportation, etc.).
Next, the business will identify a cybersecurity framework to map to specific controls and implement. A cybersecurity framework is a collection of best practices an organization should follow to manage its cybersecurity risk. To implement, the business will select controls based on the confidentiality, integrity, and availability level directly from the associated data the business utilizes. After the business has selected and implemented the controls, the business must continuously monitor the effectiveness of the implemented controls.
Follow these actions, and you can surf the internet and conduct business with a clearer conscience and mitigated risk level. For more information about cybersecurity’s impact on your business, please get in touch with us at Elliott Management LLC. 469-523-1358, elliott@ellimgmt.com, www.ellimgmt.com. We are located in Cedar Hill, Texas, with offices in St. Augustine, Florida, Denver, Colorado, and Cheyenne, Wyoming.