Bandler’s Four Pillars of Cybersecurity

  1. Knowledge and awareness of cybercrime threats, information security, technology, and legal requirements
  2. Protection of computing devices
  3. Protection of data
  4. Protection of networks and safe use of the internet.
  • Legal requirements
  • Organization internal rules (including written policies, procedures, and more)
  • Cybercrime threats, including Social engineering (con artistry) and similar threats aimed at people, Email based funds transfer frauds (“business email compromise” and “CEO Fraud”), Phishing, Malware, including ransomware, Data breaches and data theft, Identity theft
  • Privacy threats
  • Basic information security principles
  • How computers work
  • How networks and the internet work
  • How to implement basic security measures and make good security decisions
  • The importance of cybersecurity in the home, and how security at work and home are interrelated
  • How working remotely creates security risks.
  • Inventory all devices, and develop a process for bringing them into service securely (commissioning) and taking them out of service securely when no longer needed (decommissioning).
  • Ensure physical security and control over these devices. Devices need to be protected from loss, damage, or theft.
  • Proper device configuration.
  • Updating (patching) of devices.
  • Malware protection.
  • Intrusion protection.
  • Controlled access.
  • Periodic review of security and privacy settings.
  • Inventory data (to a reasonable degree of detail).
  • Secure cloud accounts properly with complex, unique passwords, and a second factor of authentication (multi-factor authentication, MFA, or 2FA)
  • Control access to data.
  • Secure data in a manner commensurate with its sensitivity.
  • Encrypt certain data where warranted.
  • Delete unneeded data.
  • Back up data regularly.
  • Inventory network hardware and physically secure it.
  • Routers and switches are security configured, including: Unique (and non-default) passwords. Kept updated (patched). Unneeded features will be disabled.
  • Wi-Fi networks will be encrypted and require a strong password to join. The password will be changed periodically.
  • Consider intrusion prevention and monitoring.
  • Be conscious of the route that data takes.
  • Avoid or minimize the use of public networks.
  • Encrypt data in transit whenever practical.
  • Encrypt certain data at the file level for transmittal.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
John Bandler

John Bandler

Cybersecurity, cybercrime prevention, privacy, law, more. Attorney, consultant, author, speaker, teacher. Find me at JohnBandler.com