Bandler’s Four Pillars of Cybersecurity

  1. Knowledge and awareness of cybercrime threats, information security, technology, and legal requirements
  2. Protection of computing devices
  3. Protection of data
  4. Protection of networks and safe use of the internet.
  • Legal requirements
  • Organization internal rules (including written policies, procedures, and more)
  • Cybercrime threats, including Social engineering (con artistry) and similar threats aimed at people, Email based funds transfer frauds (“business email compromise” and “CEO Fraud”), Phishing, Malware, including ransomware, Data breaches and data theft, Identity theft
  • Privacy threats
  • Basic information security principles
  • How computers work
  • How networks and the internet work
  • How to implement basic security measures and make good security decisions
  • The importance of cybersecurity in the home, and how security at work and home are interrelated
  • How working remotely creates security risks.
  • Inventory all devices, and develop a process for bringing them into service securely (commissioning) and taking them out of service securely when no longer needed (decommissioning).
  • Ensure physical security and control over these devices. Devices need to be protected from loss, damage, or theft.
  • Proper device configuration.
  • Updating (patching) of devices.
  • Malware protection.
  • Intrusion protection.
  • Controlled access.
  • Periodic review of security and privacy settings.
  • Inventory data (to a reasonable degree of detail).
  • Secure cloud accounts properly with complex, unique passwords, and a second factor of authentication (multi-factor authentication, MFA, or 2FA)
  • Control access to data.
  • Secure data in a manner commensurate with its sensitivity.
  • Encrypt certain data where warranted.
  • Delete unneeded data.
  • Back up data regularly.
  • Inventory network hardware and physically secure it.
  • Routers and switches are security configured, including: Unique (and non-default) passwords. Kept updated (patched). Unneeded features will be disabled.
  • Wi-Fi networks will be encrypted and require a strong password to join. The password will be changed periodically.
  • Consider intrusion prevention and monitoring.
  • Be conscious of the route that data takes.
  • Avoid or minimize the use of public networks.
  • Encrypt data in transit whenever practical.
  • Encrypt certain data at the file level for transmittal.

--

--

--

Cybersecurity, cybercrime prevention, privacy, law, more. Attorney, consultant, author, speaker, teacher. Find me at JohnBandler.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

NFT Domains Let You Create An Identity That Follows You Across The Web

Overview of Cyber Forensics

MalDoc101 Walkthrough — Cyberdefenders

MINTR Snapshot & Airdrop details Announcement

POLYCHAIN PROTOCOL AMBASSADOR PROGRAM

GDPR now and what to expect next

Best APIs For Creating Throwaway Email Accounts

Protecting yourself and your data on internet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
John Bandler

John Bandler

Cybersecurity, cybercrime prevention, privacy, law, more. Attorney, consultant, author, speaker, teacher. Find me at JohnBandler.com

More from Medium

Exploring User Needs in the Consumer Cybersecurity Market

Ransomware — Delivered Door to Door

What’s the weakest link in cybersecurity?

Monthly Roundup from Interstellar Flight Press