Resources for Introductory Training in Cybersecurity
Cybersecurity is the practice of protecting assets and systems from digital attacks. As companies modernize and adopt new technologies, cybersecurity becomes an increasingly pressing concern. Most cybersecurity responsibilities fall to a cybersecurity team within an organization’s IT department. However, cybersecurity concerns are not isolated to cybersecurity professionals. For example, some cyberattacks can breach an entire organization if just one employee makes a mistake. Conversely, some cyber defenses are only effective with the cooperation of all employees. As a result, everyone in an organization should have introductory training in cybersecurity.
Using cyberattacks, hackers and other malicious parties demand ransoms, steal data, or even destroy computer systems. Two of the most common cyberattacks, malware and phishing, target individual employees. Malware describes malicious software, including ransomware, spyware, viruses, and worms. If inadvertently downloaded (e.g., through an email attachment), malware can have devastating effects. It might block access to key data, harvest sensitive data, or disrupt system components [1][2]. Phishing describes fraudulent communications that appear reputable but ultimately steal sensitive data. One example is a fraudulent password reset email that steals the victim’s password, allowing hackers to make further breaches. Other forms of cyberattack do not target individuals. One example is a denial-of-service attack, where attackers flood computer systems with network traffic, exhausting resources and denying legitimate users from using the attacked systems [1][2]. For learning more about cyberattacks, Cisco, a network technologies company [1], and the Federal Communications Commission [2] provide additional information in their cybersecurity guides.
Cyber defenses take many forms. The front line of defense is to provide employees with introductory training in cybersecurity. If employees learn to avoid malware, identify phishing attacks, use strong passwords, and protect sensitive information, many cyberattacks will fall short. For further technical defenses, organizations can access numerous forms of enterprise software. Antivirus software can prevent malware downloads and detect vulnerabilities. Firewalls can monitor incoming and outgoing network traffic, preventing attackers from breaching networks. Data backups to an offsite location can protect against ransomware or unauthorized deletion [3]. However, organizations should remember that attackers are constantly innovating, and that an attack can still succeed despite defenses. To learn more about cyber defenses, consult the Small Business Administration’s guide on cybersecurity threats, which has useful advice for organizations at all scales [3]. For an accessible employee training program, consider the “Stop. Think. Connect” campaign coordinated by the Department of Homeland Security [4].
Even with strong cyber defenses, security threats emerge with new technologies and practices. During the COVID-19 pandemic, more people are working from home. Many job functions—logging into systems, accessing sensitive data, and attending meetings—now take place through home wireless networks, exposing employees to an increased risk of cyberattack. To plan ahead, employees can install firewalls and other defenses for their home networks, and they should backup all valuable data. For more information, consult the guidance from the Cybersecurity and Infrastructure Security Agency (CISA) on wireless networks [5]. CISA also offers specific guidance on the secure use of videoconferencing (e.g., Zoom, Microsoft Teams) [6].
Cyberattacks are a business risk, especially in the healthcare space, where patient data is highly sensitive and computer systems are mission critical. An organization’s leaders can mitigate this risk by building strategies and investing in cybersecurity. Effective cybersecurity leadership can help the cybersecurity team implement its solutions, encourage employees to follow their training, and even expedite recovery when an attack occurs.
References
[1] What Are the Most Common Cyber Attacks? Cisco (N.d.). https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html.
[2] FCC Cyber Security Planning Guide. Federal Communications Commission (N.d.). https://transition.fcc.gov/cyber/cyberplanner.pdf.
[3] Stay Safe from Cybersecurity Threats. Small Business Administration (N.d.). https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats.
[4] Campaigns. Stop Think Connect (N.d.). https://www.stopthinkconnect.org/campaigns.
[5] Wireless Related Guidance. Cybersecurity and Infrastructure Security Agency (N.d.). https://www.cisa.gov/wireless-related-guidance.
[6] Video Conferencing Guidance. Cybersecurity and Infrastructure Security Agency (N.d.). https://www.cisa.gov/video-conferencing-guidance.
[7] Cyber Essentials Toolkits. Cybersecurity and Infrastructure Security Agency (N.d.). https://www.cisa.gov/publication/cyber-essentials-toolkits.
