Since cyber attacks have become more frequent within recent years, a strong cybersecurity posture has become an important part of branding and marketing products. Cybersecurity isn’t as easy to ignore as user experience (UX) for ease of use or accessibility for disabled users. Reminders that cyber attacks are real, frequent, and devastating for all victims are constant, sometimes to a point where we’re desensitized to the subject.
We see the phrases “cybersecurity,” “hacked,” “information security (INFOSEC),” and “information assurance (IA)” on a regular basis these days.
A company’s confidential database of personally identifiable information (PII) or personal health information (PHI) has been hacked.
X amount of websites built with this version of the Z CMS are vulnerable to this newly discovered flaw.
This brand’s small office / home office (SOHO) routers are using severely outdated firmware which impose a great risk to cybersecurity efforts.
I usually see “INFOSEC” and “IA” associated with government and training, but I’ve made my point. We hear and read about it a lot. Our most used software (e.g. web browsers and email clients) have more native integrity and authentication features now. Popular content management systems (CMS) including WordPress and Drupal are doing more to make it easier to secure online content and protect visitors.
We’ve covered ways to secure your computer and web activity for home users. We’ve also covered the basics of website security and new ways to enhance your website. Below we cover six ways you can stay up to date on the world of cybersecurity.
1. Cybersecurity News Sites
Many times, news reports of cyber attacks will include general information about what happened, when, and where. The how, why and who is usually omitted, quickly glossed over, or suggested to support a current political situation. But each of those aspects are equally important.
How helps us understand what we can do to better secure our systems and network. Is there a new, convincing phishing email we need to train users to spot (e.g. On this day…)? Is there a new WordPress vulnerability being exploited on outdated sites?
Why can tell us how likely we are to be targeted with the same attack. Is it a business email compromise (BEC) attack for financial gain? Or was the goal to sabotage the brand’s reputation to help a competitor?
Who reminds us to audit access control lists (ACLs) and that insider threats (e.g. disgruntled users) can have devastating consequences on an organization.
Moving past cyber attacks, it’s always great to learn about new security tools for your website and online work like Domain Name System Security Extensions (DNSSEC) and DNS-over-HTTPS (DoH). These two features were added to the Firefox browser months ago, but you can’t take advantage of functions you don’t know exist.
For more detailed, actionable cybersecurity news and advice, follow some of the following via social media and RSS feeds:
- Dark Reading
- Hacker News
- Krebs on Security
- Scott Helme (from the creator of SecurityHeaders.com)
- Threatpost
- Troy Hunt (from the creator of HaveiBeenPwned.com)
Many such platforms also cover news on PII / PHI violations and data privacy laws.
Is your e-commerce website compliant with General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)?
2. Cybersecurity Training
Information is great. Knowing how to put that information to good use within your home and business networks is better. It’s not enough to have a firewall, use strong passwords, backup regularly, and update in a timely fashion. There are best practices and hardening guides for systems and software suites (more on that later). And I don’t think we talk enough about the importance of reading logs.
Recurring cybersecurity training isn’t just for IT and cybersecurity specialists. Like customer service, cybersecurity is everyone’s job.
Senior managers and chief (C-level) executives need to understand why and how supporting cybersecurity improvements affects their return of investment (ROI).
All users need quarterly cybersecurity awareness training including safe web browsing practices and how to spot phishing.
Many of the places I recommend for learning how to use Linux (especially Cybrary.it) are also good sources for cybersecurity training. US military veterans can also use Federal Virtual Training (FedVTE) to apply continuing education units (CEUs) towards industry certifications such as CompTIA Security+.
US military veterans can also train for industry certifications with the Onward to Opportunity (O2O) initiative by Institute of Military Veterans (IVMF).
Kali Linux is a free operating system filled with penetration testing (pentesting) and training content for learning while you…
3. Test Your Systems
Many popular cybersecurity tools for vulnerability and pentesting are free. Cybersecurity and IT specialists reap some advantages from this. Primarily, we’re able to test and fix our systems before cyber attackers can exploit them.
Linux Kali is one of a long list of free, popular cybersecurity testing software:
- Metasploit – Vulnerability scanner
- Nmap – Port scanner
- Splunk – Security Information and Event Management (SIEM) software
- WPScan – WordPress website scanner
And again, don’t forget to check server logs and web analytics software for malicious activity.
The ability to only have what you want installed is why I prefer non-cPanel, Cloud Server Hosting.
4. Read Changelogs
Changelogs explain the reason behind software updates. They’re usually filled with straight-forward statements about how each update addresses vulnerabilities, bugs, UX improvements, and compatibility with other software. A lot of software you use daily have changelogs publicly available online: cPanel, WordPress, Firefox, etc.
Similar to reading cybersecurity news for cybersecurity specialists, changelogs can alert you to new features that may help your workflow or security posture.
5. Server Hardening Guides
There are many reputable guides on best practices on securing systems for different uses. You can search for “INFOSEC guides” or “IA guides” in any search engine to start. I prefer DuckDuckGo.
- National Institute of Standards and Technology (NIST) Special Publications 800-53 assist IT professionals working to secure business networks.
- Payment Card Industry Data Security Standard (PCI-DSS) for e-commerce website owners
- There are many guides and plugins for improving security and how to make CMSs GDPR and CCPA compliant
Get started with our guide on how to harden cPanel-managed VPS Hosting. Guides for other web hosting products coming soon.
6. Read Verizon’s Data Breach Investigation Report (DBIR)
Verizon’s 2020 Data Breach Investigation Report (DBIR) analyzes reported cyber intrusions to help us better understand how to protect our networks. It’s a long read (over 100 pages) but well worth it, even if you only skim the graphs first.
Where do you go to learn about cybersecurity? Let us know below.