Successful and vigilant cyber security requires a proactive attitude in order to maintain your current situation and to be on the look out for new updates. Ultimately, it's not just about changing some passwords and then sweeping all concerns under the carpet. Introduction to Cyber Security is not a quick fix, it's a quick introduction, beyond it's teaching, you have to keep running with what you learned.
I have now completed Introduction to Cyber Security (a week ahead of the official completion date) and the main realisation I have taken from the course is that all information is an asset, especially your personal information!
Our day-to-day activities online and on our personal computing devices offer countless means for our personal data to be compromised and exploited by cybercriminals.
Introduction to Cyber Security offers a great deal of clarity on this subject by providing overviews:
- of the threats that currently exist and how they actually function
- of how you can minimise the possibility of being a victim to one of these threats.
- of what to do if you are compromised by a threat.
- of real life compromisation examples: how they happened, how they were dealt with, the long-term consequences.
- of how computing, online networks and digital security systems actually function
- of how computing, online networks and digital security systems are often compromised.
- of how cyber security is not an exact science and never will be - it's about educating yourself to always be on your toes!
Cory Doctorow presents Introduction to Cyber Security
The main idea to understand in regards to implementing strong cyber security is in understanding three basic aspects underpinning effective security:
- Confidentiality - our data to only be accessed by appropriate individuals.
- Integrity - our data to only be manipulated by authorised parties.
- Availability - our data to be accessible whenever we want.
Once you have these principles understood you are in a vastly better position to assess your own cyber security in regards to your daily activities and the other individuals and/or organisations with which you come into contact.
If authenticity can not be verified or if confidentiality can not be guaranteed, then there is cause for concern.
CIA - Confidentiality Integrity and Availability. |
While undertaking the course, you are very much encouraged to put into practice what the educators advise as minimalising your exposure to a potential threat. This practice is very accessible as there are many step-by-step guides included as part of the course materials.
The undertaking of this course has been pretty well timed, as improving my cyber security situation is something that I have been very actively improving for some time now; in particular since August when I was having trouble with my desktop computer and then when I was setting up my new laptop (which I acquired to replace my desktop computer).
A couple of months back my bank account was very nearly compromised, but fortunately my banking security got on the case and my credentials were reset and no money was lost. I still do not know how my bank account was compromised, but this incident has made me much more vigilant in regards to my cyber security practice.
Therefore, the Introduction to Cyber Security course has served as a natural progression on from what I have already done by filling in the gaps of what I had not done or of which I was a little unsure.
The course is broken down into the following areas:
- Week 1: Threat Landscape
- Week 2: Authentication
- Week 3: Malware
- Week 4: Networking and Communications
- Week 5: Cryptography
- Week 6: Networking Security
- Week 7: When Your Defences Fail
- Week 8: Managing Security Risks
The time span and content of the course has quite nicely and reflexively criss-crossed with the Internet History, Technology and Security MOOC I have just about completed. In many ways the Internet History, etc MOOC has lain the historical and technical groundwork for what I have been learning in Introduction to Cyber Security.
The two MOOCs very strongly compliment each other and I would say that the Cyber Security MOOC is the natural successor to take after completing the Internet History, etc. MOOC.
Only the last two weeks of the Internet History, etc. MOOC have been devoted to security, so I have been given a huge and very detailed preview of those last two weeks with the Cyber Security MOOC.
This is just as well, as I suspect I would not have been able to have been able to get my head around the concept and workings of public and private keys in the Internet History, etc. MOOC had I not already encountered it in the Cyber Security MOOC.
The internet - a network of networks. |
Likewise I would have struggled with the presentation and explanation of internet networking, communications, IP protocols, etc., in the Cyber Security MOOC had I not already had it very minutely illustrated in the Internet History, etc. MOOC.
However, one of the most startling discoveries I have had revealed from both of these MOOCs and which has provided even more incentive to become highly literate in cyber security is the fact that the internet is not encrypted - it's an open space for all to see what passess through it (if you know how).
The reason for why the entirety of the internet is not encrypted is because it would require way too much computing power to encrypt and decrypt every single piece of information that goes through it. Therefore, only sensitive material, such as online payments, are encrypted.
Additionally, a user can choose to encrypt their data where appropriate (emails being a primary target), but only when the user understands how to go about utilising encryption and decryption and this is something that the course touches upon an encourages.
I have implemented many of the course's suggested practices, such as:
- taking stock and organising of my information assets (this is ongoing, it's a lot of stuff to get through)
- rejigging all of my passwords and setting up a password manager (this took the better part of a day)
- ensuring that my security software and firewalls are up to date
- utilising signed and encrypted email (I am working on this)
- being aware of how exposed I can leave my devices and data in public spaces and securing them appropriately
- nurturing better awareness of tell-tale signs of threats and indications of strong cyber security, e.g. phishing emails, checking for https.
It can get confusing, but understanding it will make you literate and cyber secure. |
I believe there are two issues are at the root of the reason for why so many people of ignorant towards their own cyber security and how that can be hugely detrimental to them:
- Lack of overall understanding to all the threats out their, how to counter them and the consequences of not countering them.
- getting into and staying in the habit of consistently maintaining high standards of cyber security practice.
As I have come to learn from the course, understanding all of the potential threats, how you can counter them and what are the long term consequences of not countering them is easy, once you invest the time and effort into actually understanding the emerging subject of cyber security.
However, consistently maintaining high standards of cyber security practice requires vastly more effort and that is the challenge I am starting to understand now - starting is easy, staying in the habit requires much more effort and perseverance.
Not all aspects of cyber security are convenient or painless and, as the internet and the technologies and the algorithms that support the internet continue to grow and change and improve, so too will the cyber threats.
Cyberspace cryptography. |
Successful and vigilant cyber security requires a proactive attitude in order to maintain your current situation and to be on the look out for new updates.
Ultimately, it's not just about changing some passwords and then sweeping all concerns under the carpet. Introduction to Cyber Security is not a quick fix, it's a quick introduction, beyond it's teaching, you have to keep running with what you learned.
For quite some time now I have placed a great value on my time, even greater than I place on money - time is finite, but you can always acquire new money! I also place a high value on my overall well-being which I also place this higher than money - if you're dead, you can't make any money.
Like time, health and money, your information - your identity - is an asset. A very valuable asset!
Therefore, realise, as I have, that if you want to keep your information/data/identity/cyber presence healthy, secure and in a position to keep you financially content, you are going to have to invest consistent amounts of your time into maintaining a vigilant defence about it.
Therefore, realise, as I have, that if you want to keep your information/data/identity/cyber presence healthy, secure and in a position to keep you financially content, you are going to have to invest consistent amounts of your time into maintaining a vigilant defence about it.
Common tell-tale signs of a phishing email - delete these! |
Ultimately, like the Open University's earlier Managing My Money MOOC (which I have yet to complete) that offered a grounds up look at basic and successful personal finance terminology and practice, Introduction to Cyber Security is designed for anyone and is intended for anyone - utilise this free resource and reaps the rewards further down the line.
Information, just like time or money or maintaining good health, is a vital asset of a productive and fulfilling life - do not allow it to be compromised.
Your information is an asset, so look after it!
Your information is an asset, so look after it!
Be smart and be secure.