What Is Cybersecurity?
Cybersecurity is the art of preventing unauthorized access to networks, devices, and data as well as the practice of preserving the confidentiality, integrity, and accessibility of information. Communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and a long list of other uses all seem to rely on computers and the internet these days.
How much technology do you use in your daily life? How much of your personal data is kept on your own computer, smartphone, tablet, or on the system of another person? All of these are important questions to answer if you want to remain safe. To help explain further, we've provided the following information from the Cybersecurity & Infrastructure Security Agency. Several of the links provided below will take you to additional resources on the CISA website.
What Are the Risks of Having Poor Cybersecurity?
Many risks exist, some of which are more dangerous than others. These risks include malware wiping out your entire computer system, an intruder accessing your system and changing files, an intruder using your computer to attack others, or an intruder taking your credit card information and making fraudulent payments. Even with the best protection, there is no guarantee that any of these things won't happen to you, but there are steps you can do to reduce the likelihood.
What Can You Do to Improve Your Cybersecurity?
Knowing the risks is the first step in protecting yourself. To better comprehend the hazards, get to know the following terms:
- Hacker, attacker, or intruder – These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes benign and motivated by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).
- Malicious code – Malicious code (also called malware) is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses. (See Protecting Against Malicious Code for more information.) Malicious code may have the following characteristics:
- It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular webpage.
- Some forms of malware propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim's computer has been infected, the malware will attempt to find and infect other computers. This malware can also propagate via email, websites, or network-based software.
- Some malware claims to be one thing, while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.
- Vulnerabilities – Vulnerabilities are flaws in software, firmware, or hardware that can be exploited by an attacker to perform unauthorized actions in a system. They can be caused by software programming errors. Attackers take advantage of these errors to infect computers with malware or perform other malicious activities.
To minimize the risks of cyberattacks, follow basic cybersecurity best practices:
- Keep software up to date. Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. (see Understanding Patches and Software Updates for more information.)
- Run up-to-date antivirus software. A reputable antivirus software application is an important protective measure against known malicious threats. It can automatically detect, quarantine, and remove various types of malware. Be sure to enable automatic virus definition updates to ensure maximum protection against the latest threats. Note: Because detection relies on signatures—known patterns that can identify code as malware—even the best antivirus will not provide adequate protection against new and advanced threats, such as zero-day exploits and polymorphic viruses.
- Use strong passwords. Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. It is best to use long, strong passphrases or passwords that consist of at least 16 characters. (See Choosing and Protecting Passwords.)
- Change default usernames and passwords. Default usernames and passwords are readily available to malicious actors. Change default passwords, as soon as possible, to a sufficiently strong and unique passwords.
- Implement multi-factor authentication (MFA). Authentication is a process used to validate a user’s identity. Attackers commonly exploit weak authentication processes. MFA uses at least two identity components to authenticate a user’s identity, minimizing the risk of a cyberattacker gaining access to an account if they know the username and password. (See Supplementing Passwords.)
- Install a firewall. Firewalls may be able to prevent some types of attack vectors by blocking malicious traffic before it can enter a computer system, and by restricting unnecessary outbound communications. Some device operating systems include a firewall. Enable and properly configure the firewall as specified in the device or system owner’s manual. (See Understanding Firewalls for Home and Small Office Use.)
- Be suspicious of unexpected emails. Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (See Avoiding Social Engineering and Phishing Attacks.)
For More Information
Refer to cybersecurity Tips and Cyber Essentials for more information from the Cybersecurity and Infrastructure Security Agency (CISA) on how to improve your cybersecurity posture and protect yourself from cyberattacks. You can also contact us online for any specific questions that you have regarding Bank Michigan's efforts in this area.