The ABCs of Cyber Security
We have created a Cyber Security ABC (or A-Z Cyber Security) for beginners and anyone new to the Cyber Security world - this also includes further tips and links to our resources.
A is for Anti-Virus
Anti-Virus (or Anti-Malware) is a program you can install on your device that regularly scans it for harmful programs or software. Many providers will scan for the following: Viruses, Trojans, Ransomware, and Worms - which are all malicious. When downloading an Anti-Malware solution, it is always recommended to download from a trustworthy website/provider.
💡 It is also advised to have an Anti-Malware (a.k.a Anti-Virus) Policy implemented in your business. NWCRC members can access this policy template; sign up here to get yours.
B is for BYOD
Bring Your Own Device (BYOD) is when employees use (bring) their device for work-related activities. If this is the case, it is advised that work and unique content be stored securely under entirely separate accounts.
💡 If this is a feature of your workplace, it is recommended to implement a BYOD Policy so employees know how, when, and in what capacity their device will be used. NWCRC members can access this policy template; sign up here to get yours.
C is for Cyber Essentials
Cyber Essentials is a scheme and certification that helps your business put measures in place to protect your organization, regardless of size or sector, against a range of the most common cyber-attacks. There are two levels - Cyber Essentials and Cyber Essentials Plus.
C is for Cyber Health Check
A Cyber Health Check is a service provided by the Cyber Resilience Centre, and we aim to provide your business with a summary of your Cyber Risks and an action plan to help protect you against the latest cyber threats.
💡 Complete your Cyber Health Check and start your journey to becoming cyber secure.
C is for ChatGPT
ChatGPT is an AI-based chatbot which OpenAI developed. ChatGPT was designed to have conversations with humans in a natural way, with the ability to understand and respond to almost any topic or question. The chatbot is pre-trained on a very large-scale dataset of text data.
💡 There are a lot of risks when using chatbots like ChatGPT. Check out our ChatGPT security guide to stay secure and mitigate the risks so your employees don't get caught out.
D is for DDos
A Distributed Denial of Service (DDoS) is one of many attacks a hacker could use when targeting a company's website. The aim is to send an enormous amount of activity to your website to overload it and cause it to crash and go offline. This can cause reputational, financial, and technological damage.
D is for Digital Footprint
A Digital Footprint is the information about a particular person or company that exists online due to their online activity. This information is publicly accessible by anyone - including Hackers - and can be collected to plan future attacks.
💡 If you are wondering what information is publicly available about your company and employees, the NWCRC offers a Digital Footprint Assessment that aims to discover the most critical information and report it to you - allowing you to remove it and make you more secure.
E is for Encryption
Encryption is scrambling your personal, employee or company data so that it cannot be read by eye. This is done using algorithms and cannot be undone with a secret key.
💡 All devices can have enabled encryption - known as Full Disk Encryption. Encryption can also be applied to individual folders and files containing confidential information.
E is for Ethical Hacking
Ethical hacking tests a network, application or computer system to find security vulnerabilities that cyber attackers could exploit. Ethical hackers will use the same techniques and tools as malicious hackers but operate with permission from the owner of the systems they test.
💡 Why? Ethical hacking aims to help organizations improve their security posture by finding and fixing vulnerabilities before they can be exploited. If you wonder how vulnerable your network is, the NWCRC offers a Network Vulnerability Assessments and Website Vulnerability Assessments.
F is for Firewall
Firewalls have been used for over 25 years; they are network security devices that monitor incoming and outgoing network traffic and decide whether to allow or block specific traffic based on a defined set of rules. Firewalls can be both software or hardware.
💡 We have a Firewall Setup Walkthrough, which gives step-by-step instructions on setting up your Firewall (for Windows and macOS).
I is for Incident Response
Incident response is a set of information security policies and procedures that you can use to identify, contain, and eliminate cyberattacks.
We often believe that businesses need sophisticated and expensive equipment to mitigate cyber risks; the reality is creating an incident plan is simple - read why it's important to have one.
💡 We have created a Cyber Incident Response Pack, which contains documents to help support your business and plan its response to a cyber incident and has been designed to complement any existing plans or assist you in creating your first plan.
M is for Malware
Malware is one of the most common threats to businesses and the public; it can cause devastation if it successfully infects and spreads through a computer network. Malware is purpose-built malicious software to damage infrastructure, spy on users, steal sensitive information, lock users out of their data, and hold people to ransom.
💡 We have created an Anti-Virus Policy, which our members can use within your organization; this will help you establish standard processes that help prevent malware and virus problems.
P is for Passphrases
The National Cyber Security Centre (NCSC) guidance on securing your accounts is to use a passphrase, not a short password. Traditional direction often fails when we struggle to memorize long, complex passwords. But, if we generate passwords using three random words, we can create unique passwords that are strong and can be remembered much more quickly.
💡 As part of our Membership, we have created a Password Policy template which can be freely used in your organization.
P is for Phishing
Phishing is a tactic that cybercriminals use when attempting to trick people into clicking a link to a 'dodgy website'.
Phishing attacks are often conducted via a text message (Smishing) but can also be done via social media or phone. However, the term 'phishing' is mainly used to describe attacks that arrive by email.
💡 Something that's becoming more popular with businesses is a Simulated Phishing Exercise (a service we offer). This helps to raise your staff's awareness of phishing emails and guards your business against the growing trend of social-engineering threats. In addition, training your employees on what a phishing attack looks like makes them more likely to identify and report scams.
R is for Ransomware
Ransomware is a type of Malware involving computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in Bitcoin). Like other Malware, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords, or tricking somebody into installing Malware via a phishing email.
S is for Social Engineering
Social Engineering is when an attacker attempts to deceive an individual into revealing sensitive information, obtaining unauthorized access, or committing fraud by associating with the individual to gain confidence and trust. For example, an attacker might use email, phone or direct contact to gain illegal access to your accounts or systems. This is often seen through phishing attacks, spear phishing of a critical individual, or CEO Fraud.
T is for Two-factor Authentication
Two-step authentication (often shortened to 2FA) is a way of 'double checking' that you are the person you claim to be when logging into your online accounts, such as banking, social media or email. When setting up 2FA, you will be asked to provide a 'second step', which you (and only you) can access. This could be a short code sent to you via text message or an authentication app that generates that.
V is for Vulnerability
A vulnerability, in cyber terms, is a weakness in an IT system that cyber attackers can exploit to deliver a successful attack on your business/organization. Exposures can occur through flaws, features or user error, and attackers will look to use any of these, often combining more than one, to achieve their end goal.
💡 We can help you protect your network with a Website Vulnerability Assessment, testing your website systems using the same techniques hackers use to ensure your company is not open to a cyber attack. Our focus is to identify weaknesses that might compromise your network, delivering a plain language report of our findings with simple instructions on how any vulnerabilities can be fixed.
How can the North West Cyber Resilience Centre support me?
We exist to support sole traders, micro-businesses and SMEs across the region. We offer a free membership package which will inform you of the current threats gathered by policing intelligence, as well as provide downloadable guides and walk you through the steps you can take to reduce your vulnerability to an attack.