password, password change, frequency, IT, IT security, security

Since 2010, National Security Month is celebrated in October in Norway. During this month, good security practices are promoted. In this blog post, we are going to have a look at what cyber security is and why it is important in our lives. Also, we will give you some tips to improve it.

1. What is cyber security?

Cyber security refers to the body of technologies, processes, and practices designed to keep the confidentiality, integrity and availability of our data. In short, confidentiality ensures that only those with the rights and privileges to access information are able to do so. Similarly, information has integrity when it is whole, complete, and uncorrupted. Finally, availability enables authorized users (people or computer systems) to access information without interference or obstruction and to receive it in the required format.

2. Why is cyber security important?

Nowadays, we live in a digital age. Our work and personal lives have become more and more dependent on technology. Many people can work from home and connect their computers to their company’s servers through internet. Sensitive information is often handled through different devices. In our personal life, we manage our bank accounts from mobile devices and make purchases online.

Unfortunately, the growing use of technology makes us more vulnerable to malicious attacks, invasions of privacy and fraud. Cyber security is crucial as it protects our information and keeps us safe from hackers and cyber criminals.

3. What can you do to improve your cyber security?

If you are a company:

There are seven simple steps that you can take to increase cyber security and reduce risk of cyber crime:

  • Keep your software up to date.
    Hackers often take advantage of flaws in operating systems and applications to gain a foothold and compromise your company information. Keeping your company’s software updated and regularly patched will help you minimize this risk.
  • Make regular encrypted backups on separate media.
    Having encrypted backup copies stored in a secure location different than your activity, gives you resiliency. Your network and your information will be recoverable in case of a security incident. For example, it is really useful to have a secure backup copy when your computer equipment fails, in case of fire, or if a flood takes place.
  • Use Multi-Factor Authentication (MFA).
    This is a security safeguard that requires your employees to provide two or more different methods of authentication, before a service logs them on. This system guarantees that attackers will have to work harder, as it offers extra walls of protection. Two-Factor Authentication (2FA) is a widely used example of MFA, which requires a combination of two different factors among: 1) something your employees know, 2) something they have, or 3) something they are or can produce. For example, the combination of a password (something they know) as well as a one-time code generated by a token device (something they have). An attacker would need to satisfy these two factors in order to successfully impersonate a legitimate user.
  • Conduct security tests regularly.
    Security tests can help you identify weaknesses, vulnerabilities and other cyber security issues in your applications or systems. Once you know the security issues, you can proceed to implement solutions right away. Would you like to know more about security testing? We recommend that you read our post Why should you plan your security test? for more information.
  • Use an Intrusion Detection System (IDS).
    In a nutshell, an IDS is a device or software application that monitors a network for malicious activity and policy violations. When a security-related event occurs, the IDS will produce alerts, so the IT department can respond rapidly and with precision to the detected threat. Would you like to know more about network security monitoring? We recommend that you read our post Network Security Monitoring – What is it all about?, as well as Encripto’s Blue Team Training Toolkit (BT3) for more information.
  • Strengthen your communications system.
    Use of a Virtual Private Network (VPN) will allow you to establish secure and encrypted connections to provide greater privacy to your team. Furthermore, using a VPN makes it difficult for a third party to snoop your communications, or steal information while being transmitted.
  • Educate and train all levels of your organization.
    Train your employees about the most relevant threats related to the use of Internet, mobile devices, wireless networks and social engineering. Promoting cyber security awareness will help you keep your company protected.

If you liked this topic, do not miss our next post Why is Cyber Security Important? – Part 2. We will give you some tips to improve you cyber security if you are an individual.