What is a Cybersecurity Control?

cyber security control.jpg

Cybersecurity controls are the primary way users have to defend an information system (computer). There is such a wide range of controls available, but each have different uses regarding the protection of a network or system, but a select few really stand out among the others in terms of importance: Access Control (AC), Awareness and Training (AT), Contingency Planning (CP) and Risk Assessment (RA). These “families” of controls are defined in most cybersecurity documentation and are common terminology in the industry.

Awareness and Training is among some of the most important controls available. Users tend to practice weak cybersecurity measures because of convenience. For example, as mentioned in our password training video "watch-training-videos", many users tend to create easy passwords so they may access their digital information with ease. This fact is just one of many that make people the weakest link in security, creating vulnerabilities by interacting with the comptuer.

A lot of companies require their employees to take strong security awareness and training which has shown to be effective in teaching people proper cybersecurity habits. By training individuals and making them more aware of the threats, the risks and what is at stake hopefully enable them to make better decisions with regard to cybersecurity practices. The ultimate goal of is to teach users to understand and avoid possible threats.

Social engineering is one example of a cyber threat that users need to be taught to recognize and avoid. This method is used by cyber-criminals to gain access to computers. In fact, different methods of social engineering including phishing emails “Top 10 Cyber Threats” have been some of the most successful ways cyber-criminals have used to exploit digital information. If a user is not aware or does not know how to recognize a phishing email, chances are they will willingly forfeit their information.

Access Control is one also of the most important controls because it limits and enforces who has access to the information system (computer) and is the first line of defense in cybersecurity. By limiting who can access a system and how they can access the system drastically reduces the chances of accidental compromise. Allowing a friend or relative to use your home wi-fi on a guest account will limit their ability to access the rest of your home network. If that friend or relative’s computer becomes compromised by a cyber-criminal, the account they used will not allow the criminal to gain access to your other machines.

Contingency Planning is another control people can use. As stated in our “Top 10 Cyber Threats” ransomware is one of the biggest threats to cybersecurity today. If infected, your computer can become locked by a criminal and you will not have access to any of your data. This is where proper planning will become critical. You should backup all of your important data to a cloud server. A lot of service providers offer a small amount of space for free. Your smart phone data, important financial records, and any other critical documents should all be backed up. In the event your computer crashes, or becomes compromised by a Ransomware virus; you simply have to restore your backups after reformatting your computer or getting a new smartphone. You can set the backups to automatically occur each day so that you will have the latest version of your documents. Cyber Protection recommends that you keep a specific file on your machine where all of your important documents are located. We also recommend naming this file something non-conspicuous like “Family Misc. Items”. That way, if your computer files become accessible by a cyber-criminal, it’s possible this file may not even be accessed. If an incident occurs without a solid contingency plan, then significant losses are probable.

Lastly, a Risk Assessment is defined as “the process of identifying variables that have the potential to negatively impact an information system (computer)". Risk assessments are conducted by businesses in order to keep their information systems as safe as possible. Cyber Protection Services provides information on the top cybersecurity risks that face home users.

In 2017, we will be launching our professional services division that can help you perform a risk assessment that is tailored specifically to your home computer.

Posted in Cybersecurity Small Business, Cybersecurity Single User on Nov 06, 2017