Cybersecurity for Non-Technical Professionals How To Protect Your Personal and Professional Data

Hello, everyone, and welcome in this short course on cybersecurity for non-technical professionals. Of course, cybersecurity, as we all know and realize, is, in a sense, a technical subject. However, what I will be trying to do in this short course is to just explain what it’s all about, what you certainly need to know, and of course, if you are intrigued when you went through all the items that you can find here on this panel. Then you can always investigate yourself further in the details of anything of the subjects we touch upon.

So the agenda is quite pretty clear. First of all, what is cybersecurity? I think the reason why you’re here, you already probably know a bit. Basically, it relates to anything to the technical and digital environment, where all types of threats or attacks can take place.

And why do I say technical? Very often, we have the assumption– certainly, if you’re not in the world of IT, when you look at movies or series, and you see the typical hacker in some dark room hidden somewhere doing some really fancy types of attacks, well, the reality is a bit different than what you see in those movies.

Attacks can, of course, be very high level, very– like zero-day attacks will basically mean that an attack takes place on a vulnerability that hasn’t been discovered before. Those hackers are out there. And of course, there are even national armies which actually take it upon themselves to attack either other countries or large firms.

However, it’s much, much broader than that. It can also be factories which are under attack. Anything that’s automated– think also about your personal homes– anything that’s digitally stored in terms of data can be subject to any type of threat or attack. That’s why I’m saying cybersecurity is much more than that.

And then, of course, then you immediately also know why it’s relevant. The simple reason is attacks are on the rise. Threats are on the rise. It’s a huge market. Billions are earned or lost every year when it comes to those attacks and those hackers. And also, we see that the kinds of attacks are not only quickly evolving, but some “old-fashioned,” if I can say it like that, quote, unquote, attacks also remain.

So that’s why we really need to understand how is the world evolving. Of course, digitalization, it’s there. We all live in a digital world, and it’s becoming more and more digital. Hence, there’s also an increasing number of attacks that you should have a closer look at. And of course, I could talk a lot about all the threats you’re facing. More importantly, or at least what you really need to know is how can we actually prepare ourselves.

And then finally, what if the worst happens? What if you are a victim? What do you do then? Because it’s easy to say, this is how you have to protect yourself. These are the threats that anyone, and I’m guessing that I can say everyone will be at least once a victim during their lives. Very often it can be a victim due to some small things that are happening. But still, it means that some kind of attack was successful. And of course, then you need to know, what do I do next?

So I already mentioned a couple of things here. When it comes to cyber security, it’s all about protecting systems, networks, and programs from digital attacks. However, something that’s very much underestimated and needs to have a really close attention is the social aspect. I know great forms that have the best type of security you can think of. However, very often when data leaks take place or threats actually are executed, it’s because of people.

We all know what cybersecurity is. I’m quite certain that anyone that’s watching this is or had to do in the past some yearly trainings where they had to go through like a little course, fill out the questions. However, when all of a sudden mail pops up, there are very few people that ask themselves immediately, is this a phishing attempt, yes or no? Did I do the right checks? And there we can see that now that social aspect is more important than ever before.

People need to be well aware of what types of attacks they are facing, who they can trust, and who they can’t trust. How easy is it, even when we look at physical security? We all know the lanyards. They have certain color. Did you ever check if you are working at your company if there is actually the logo on there?

I know of cases in the past where attackers just try to put on a lanyard with the same color. Nobody checks. And we are all friendly people, so what do you do if someone tries to follow you through the door? Well, you keep the door open, of course, because you don’t want to be the antisocial colleague who doesn’t want to help another and close the door behind them. However, that’s also how attackers can physically get in.

Next to that, there is, of course, also the story about the internal versus the external threat, meaning there the example of someone trying to get in. That’s clearly an external threat. However, most data leaks for many companies come from internal people. Are these all malicious attacks? No, people can very easily make small mistakes, and those small mistakes can have huge impacts.

So also there, we also need to be aware how do we protect ourselves from those small mistakes. Like what I said before, opening a mail or opening a mail attachment, it can be done out of the best intentions. And it can have grave consequences. And that’s what I said before as well. We have, of course, numerous new types of attacks coming in. However, those older approaches, certainly the social aspect remains relevant more than ever before.

Other than that, what people will always be looking at and certainly companies, what’s the impact on data and finance? Of course, with the increasing data privacy regulations and the related fines, it has become quite crucial. But we can also say changing regulations, for example, in the financial services industry, where, in the past, when there was a phishing attack that was successful and the customer lost money, most of the time the customer was him or herself responsible.

With changing regulations, now we can see more and more that actually banks become responsible and have to pay the fee. And of course, if banks have to pay the fee, they’re going to improve their security. Other things we can see is, of course, locking systems. We can think about all types of ransomware, which you might have heard about in the news.

Also, all types of devices have known of a case where actually a printer, which is connected to the network unsecured, was used as an entry point by a hacker to actually gain access to the entire network and actually steal data. And of course, think about your phones. Think about your smartwatches. Think about anything that has the word smart in it. It can be abused in some way or another.

And finally, and most importantly, it’s not the most sexy thing that people like to talk about. It’s not very often also the most interesting thing that people immediately want to start talking about, but it is governance and the way of working. How do we ensure that the systems we implement, the procedures we implement to protect the company are actually used as intended? Because also there, you can have the best intentions, but we all know that there’s a major difference between theory of how things should be done and how things are actually done within certainly major organizations.

And also, then the major question you have to ask yourselves, how do you make sure that actually those procedures are followed? Because, again, as I said before, most data leaks nowadays almost happen through those accidents internally by some employee or colleague that makes some small mistake that you didn’t foresee because there is a procedure in place. Hence, this is what we are going to try to figure out in the next couple of sessions.