13.CyberSecurity: the cybersecurity process

Understanding the components of the cybersecurity process.

This tutorial is all about the process of keeping yourself and your data, family, friends and business safe online.

First you need to think about, and constantly evaluate who and what you trust, and to what degree you trust them. You cannot rigorously check every possible contact or item of software yourself, so we build up a network of trusted contacts or sources of information. For each of our trusted contacts or sources we need to evaluate the degree to which we trust them. What is their level of expertise? and to what degree do we trust them?

If we compare sources of information, to what degree is one simply copying from the other? We need sources that have the expertise and independently evaulate the information we are interested in.

For example we build trust in a bank because it has branches on many high streets. It is recognised and regulated by The Financial Conduct Authority in the UK https://www.fca.org.uk/about/the-fca Your money in a regulated bank is protected by laws in the UK and the EU up to EUR100,000

Based on this trust we may use the bank's website, or an app provided by that bank.

We may share information about ourselves with people and organisations that we trust - but even so we need to evaluate what information they might need to have and what they might do with that information.

We throw away that security if we post information about ourselves to any stranger who might come across it. Think carefully before placing any information online that may be passed on by a friend, who passes it on to someone else and so on.

Also think carefully about information that might be included in web pages, photos or videos posted online and available to many strangers.

A couple of examples of information we shouldn't trust. Profiles on dating websites: there may be a genuine person behind that profile, but on the other hand it might be a criminal or scammer. Scammers may continue to exchange information for a year or more, drawing you in, using fake information and images from someone else's blog, exchanging intimate pictures, until there is a very plausible request for money for the plane fare to visit you, or blackmail over your intimate pictures. You have no basis for trust! Only what they have told you.

Another example might be an advert for anti-malware software at a bargain price. The link takes you to a website that claims it is totally brilliant, with lost of reviews on that site saying how good it is. It may also claim that it has been ranked number 1 by various other sites. But note that you have no basis for trust. A criminal can easily create such a website with that information, a shopping cart payment system to take your money and provide software for you to download. At best the software may be useless. At worst it will install malware on your computer and attempt to take repeated payments from your account.