ICM CBQ Award in Introduction to Cyber Security

LO1 Understand the importance of keeping all personal and organisational data secure

Legal implications of a data breach for a commercial organisation: fines and penalties, enforcement action, investigations, mandatory notification requirements, compliance and remediation requirements.

Financial implications of a data breach for a commercial organisation: fines and penalties, business disruptions, legal fees, class action lawsuits, individual lawsuits.

General implications of a data breach for a commercial organisation: loss of customer trust, negative publicity, customer attrition, and loss of data.

The implications of a data breach for an individual

• Financial loss: identity theft, fraudulent activity, credit impacts
• Emotional and psychological impact: stress, anxiety, feelings of violation, impact on mental health
• Privacy invasion: exposure to sensitive information, increased surveillance
• Reputational damage: professional impact, social consequences
• Time and effort to resolve
• Legal costs
• Distributing charges
• Compromised security

LO2 Be able to keep data secure

Creating a secure password: length, a combination of words, mixed character types, avoiding common terms and patterns, different passwords for different accounts, random and unpredictable, regularly updated password manager, online tools to test strength.

Enabling two-step verification

• Log into account where
• Find security setÝngs
• Locate two factor authentication setÝngs
• Choose type of two factor authentication
  
  • Authenticator application
  • Text message verification
  • Email verification
  • Hardware token
• Follow instructions to set up
• Verify the process was successful
• Save backup codes

Backing up data: Cloud, removal storage device, online backup services, network attached storage, types of backup (full, incremental, differential, mirror), schedule regular backups, built-in tools, test backups, replace old backups, clear procedures for backup.

Identifying a phishing social media trend: suspicious links, personal information, software downloads, unauthentic accounts.

‍Identifying a phishing email: unusual email addresses, incorrect information, requests for personal data, suspicious links, flagged by the email provider, generic greeting, urgency, threats, poor grammar, poor spelling, modelled after a trusted brand.

LO3 Understand the threat of a Cyberattack

Impact of ransomware: financial loss, data loss, data corruption, disruption to operations, legal and regulatory consequences, reputational damage, lockdown, encryption, ransom demand.

How ransomware can end up on a device: exploit kits, websites, emails, encryption.

How cyberattacks can be caused by non-digital actions:

• Social engineering: phishing, pretexting, baiting
• Physical security breaches: unauthorised access, hardware tampering
• Insider threats: malicious insiders, unintentional actions
• Physical attacks on infrastructure: sabotage, power outages
• Supply chain attacks
• Social manipulation
• Physical document theft
• Surveillance
• Espionage

Data that could be targeted in a cyberattack: personal information, health data, financial data, intellectual property, corporate data, government and military data, social media and online activities, sensitive communications, authentic credentials, metadata and system information.

LO4 Be able to follow best practices in keeping devices safe from cyberattacks

Scheduling a device update: device setÝngs, update setÝngs, change timings, organisational policy.

Activating a firewall

• On Windows 10/11
  
  • Open control panel.
  • Open system and security.
  • Open Windows Defender firewall.
    
    • May be listed as a Windows firewall in older versions of Windows.
  • On the left-hand side, click on Turn Windows Defender Firewall on or off.
  • Make sure the option Turn on Windows Defender Firewall is selected for both private and public networks.
  • Click OK to apply the setÝngs.
  • Customize firewall rules by clicking on Advanced setÝngs on the left panel. Allows the creation of inbound or outbound rules, block specific programs, and more.
• On macOS
  
  • Open system setÝngs.
  • Go to network setÝngs, in the sidebar select network and then firewall.
  • Tiggle switch to activate firewall.
  • Click on Options to customise your firewall setÝngs.
    
    • Stealth Mode can be enabled to make the Mac less visible to attackers or allow/block specific apps and services.
• On a router
  
  • Access the Router’s Web Interface
    
    • Open a web browser and type the router's IP address (often something like 192.168.1.1 or 192.168.0.1).
    • Log in with router’s username and password (default credentials are often found on a sticker on the router).
  • Find the Firewall SetÝngs
    
    • Navigate to the Security or Advanced setÝngs section where firewall setÝngs are located.
  • Enable the Firewall
    
    • Look for an option to Enable or Turn on the firewall. This might be labelled as SPI Firewall, NAT Firewall, or something similar.
    • After enabling it, you can usually configure specific rules or setÝngs.
  • Save the SetÝngs
    
    • Apply the changes and save the setÝngs. The router may restart to apply the new firewall setÝngs.
• Ensure the firewall stays up to date.

Confirming virus software is up to date: access setÝngs, search the internet for the latest version, and consider paid options.

‍Accurately reporting any concerns to relevant individuals: clear notes, following procedure, knowing who to speak to.