Introduction to Cyber Security
Cyber security refers to the body of technologies, processes and practices designed to protect networks, devices, programs and information from unauthorized access.
Cyber security is important because government and organizations collect, process, store and send information. Much of this information is sensitive, and unauthorized access or exposure could have negative consequences.
The most difficult challenge in cyber security is the rapidly evolving nature of security risks.
What is cyber security?
Cyber security describes the discipline dedicated to protecting information and the systems used to process or store it.
Cyber security encompasses the following elements:
Application security involves keeping software and devices secure from attack.
Cloud security refers to protecting information in cloud-based digital environments (in servers not on the organization’s own premises) and maintaining the security of the cloud.
Disaster recovery and business continuity define how an organization responds to a cyber security incident or other event that causes loss of operations or information.
- Disaster recovery dictates how an organization restores its operations and information to the same operating capacity as before the event
- Business continuity is the plan the organization falls back on while trying to operate without access to normal resources
End user education teaches us (the users of technology) about what we need to know and do to keep ourselves and our organization cyber safe.
Endpoint security is the process of protecting end-user devices such as desktops, laptops, and mobile devices.
Information security protects the confidentiality, integrity, and availability of information in storage and in transit.
Mobile security is the security of mobile devices including mobile phones and tablets.
Network security is the practice of securing computer networks and protocols against intruders and attacks.
What to do if you're a victim
If you think that you may have been the victim of a cybercrime, you should take the following steps:
Gather information including copies of the emails or text messages.
If you believe you might have revealed sensitive information about your organization to a threat actor, report the incident to the appropriate people within your organization.
Immediately change any passwords you might have revealed or that you suspect were compromised. If you used the same password for multiple accounts, make sure to change the password for each account. Never use the password again. It may now be known to threat actors.
If you believe your financial accounts may be compromised, contact your financial institution immediately. Watch for any unexplainable charges to your financial accounts.
Report the incident to your local police and get a file number for future reference. Like any other crime, a cybercrime needs to be reported to the proper authorities right away. Timely reporting is important to ensure all potential digital evidence is properly preserved for a law enforcement investigation.
Report the incident to the Canadian Anti-Fraud Centre toll free at 1-888-495-8501. Visit the Canadian Anti-Fraud Centre’s what to do if you're a victim of fraud page for more information.
Call Service Canada at 1-800-O-Canada if any of your federally issued ID was compromised (for example social insurance number or passport).
Call your province/territory. If you believe your driver's licence or health card was compromised, contact the provincial or territorial ministry responsible for transportation or the provincial or territorial government department responsible for health.
Here are common cyber security best practices that you can adopt. Use them on all your devices – laptops, desktop computers, mobile phones, and smart devices. These best practices are easy to adopt and significantly reduce risk.
Security software provides significant protection against malware, with very little impact to you as a user.
Each system, device, network and account you use needs to be protected by a strong password. Using long and complex passwords helps thwart password cracking or brute force attacks that attempt to guess your password.
A factor is a piece of evidence you provide for authentication, or in other words, proving you are who you say you are. Multi-factor authentication uses two or more factors such as a password and verification code that you receive on your phone. Use of MFA is strongly encouraged for all accounts and devices with this option.
Encrypt all sensitive information using approved encryption methods. Your organization should have an approved method of encryption that can allow for safe transfer and storage of sensitive information.
What would happen if the information you use was no longer available because it was lost or stolen? Ensure that your organization is routinely (weekly) backing up your data, or more frequently on critical files. Your organization should keep backups stored separately, offline and off-site, to reduce the impact of a disruption. Encrypt backup media containing sensitive information, and test and verify data backups at regular intervals.
Operating systems and applications often require updates, or patches, to fix performance and security problems. One of the most important actions you can take is to keep your devices up to date with the latest versions of installed software. Check whether your organization manages this centrally or whether you are required to take any action.
Organizations generally have adequate security on their networks to keep you safe while working in the office. However, public Wi-Fi does not have these same protections. Cyber criminals on the same network can read and capture the traffic on that network. Public Wi-Fi can easily be a vector for malware. Avoid using public Wi-Fi.
If you connect work devices to your home Wi-Fi, take steps to make this network cyber safe. Change the default administrator and Wi-Fi passwords that come with both your router and modem. Use strong, unique passwords that are difficult to guess. If your organization has a virtual private network (VPN), this increases the security of your connection to your organization’s systems.
Be suspicious of unsolicited phone calls, text or email messages from individuals or institutions asking for information. Use the contact information from previous exchanges or a secure website to confirm the authenticity of an unsolicited message. Do not provide personal information or sensitive information about yourself or your organization until you are certain of a person’s identity and their authority to have the information.
Pay attention to the Uniform Resources Locator (URL) of a website. Hover your cursor over a link or attachment to reveal the URL or file name. Look for URLs that begin with "https". This is an indication that the communication to the site is encrypted and secure. A URL that begins with "http” will not protect any information you share or receive when it is in transit. Also check that the URL of the website you are visiting is correct and has no spelling errors.
More importantly, once you click on a URL you must check if a website’s connection is secure. Look for the small lock icon beside the URL on the top left-hand side of your browser. Any icon other than the small lock icon or no icon means that your connection and information are not secure.
A combination of the correct URL beginning with “https” and a lock icon indicates that the communication to the site is encrypted and secure.
In the next section, we will go one step further and talk about practicing good cyber hygiene.
Best practices for managers
People managers have a critical role to play in cyber security. As a leader, you help ensure your team has the resources it needs to protect your organization’s information and assets.
Help your team prepare by:
- Learning the indicators and signs of compromise and ensuring that your team is aware of them as well
- Providing team members with training such as regular simulations so they can recognize social engineering attacks
- Building rapport with the security personnel in your organization to ensure that you have open lines of communication and established trust
- Empowering team members to question any communication that seems suspicious (even from senior leaders) and to hold off taking any requested action until the communication is confirmed as authentic
- Identifying processes for reporting suspicious communication and determining the authenticity of suspicious communication
- Listening to people who have concerns about suspicious communications and directing them to the appropriate authority
- Supporting people should they mistakenly identify a legitimate email as a threat
You need to understand your information environment and any possible threats to this information.
You should regularly conduct a team security audit with a focus on:
- Compliance with local security policies
- Proper information handling
- Team member security responsibilities
- Adherence to policies and best practices
- Regular security awareness activities
People manager checklist
- Are all the information assets within your team appropriately identified with the correct sensitivity classification label?
- Are your employees fully aware of their security responsibilities for the information they handle?
- Do they know what needs to be protected and what doesn’t?
- If you’re not sure, consult with your security official to better understand the team’s information environment, and provide your team with adequate guidance