The interconnected electronic information network has become an integral part of our daily life. All kinds of institutions such as medical, financial and educational institutions use this network to operate effectively. These institutions use this network by collecting, processing, storing and sharing large amounts of digital information. As more and more digital information is collected and shared, its protection becomes even more important to our national security and economic stability.
Cybersecurity is the ongoing effort to protect these networked systems and all data from unauthorized use or damage. On a personal level, you need to protect your identity, data and computing devices. At the corporate level, it is everyone’s responsibility to protect the organization’s reputation, data and customers. At the state level, however, national security, the safety and well-being of citizens are at stake.
Your Online and Offline Identity
As more time is spent online, your identity can affect your life both online and offline. Your offline identity is the person your friends and family interact with daily at home, school, or work. They know your personal information such as your name, age or where you live. Your online identity is who you are in cyberspace. Your online identity is how you present yourself to others online. This online identity should reveal only a limited amount of information about you.
You should be careful when choosing a username or nickname for your online identity. Username should not contain any personal information. Your username should be something appropriate and respectful. This username should not attract cybercrime or unwanted attention to make you think you are an easy target for strangers.
Any information about you can be considered your data. This personal information can uniquely identify you as an individual. This data includes pictures and messages you exchange with family and friends online. Other information such as name, social security number, date and place of birth or your mother’s maiden name is known to you and is used to identify you. Information such as medical, educational, financial and employment information can also be used to identify you online.
Each time you go to the doctor’s office, more information is added to your electronic health records (ESC). Your family doctor’s prescription becomes part of your IHC. Your EHR includes your physical health, mental health, and other personal information that may not be directly related to medicine. For example, if you were interviewed as a child when there were major changes in your family, it will be somewhere in your medical records. In addition to your medical history and personal information, the IHC may also contain information about your family.
Medical devices such as fitness bands use the cloud platform to enable wireless transmission, storage and display of clinical data such as heart rate, blood pressure and blood glucose. These devices can generate an enormous amount of clinical data that can become part of your medical records.
As you continue your education, your grades and test scores, attendance, information about courses taken, awards and degrees, and discipline reports may be included in your education record. This record may also include contact information, health and immunization records, and special education records such as individualized education programs (IEPs).
Employment and Financial Records
Your financial records may include information about your income and expenses. It may include tax records, pay stubs, credit card statements, your credit rating and other banking information. Your employment information may include your past employment and performance.
Where Is Your Data?
All this information is about you. There are various laws in your country that protect your privacy and data. But do you know where your data is?
When you are in the doctor’s office, your conversation with the doctor is recorded in the medical chart. For billing purposes, this information may be shared with the insurance company to ensure proper billing and quality. Now, part of this medical record is also with the insurance company.
Store loyalty cards can be a convenient way to save money on your purchases. But the store compiles a profile of your purchases and uses this information for themselves. This profile indicates that a buyer regularly purchases a particular brand and flavor of toothpaste. The store uses this information to target the buyer with special offers from the marketing partner. By using this loyalty card, the store and the marketing partner have a profile for the customer’s purchasing behavior.
Do you know who might have a copy of the pictures when you share your pictures online with your friends? Copies of the pictures are available on your own devices. Your friends may have downloaded copies of these pictures to their own devices. If the pictures are shared publicly, strangers may also have copies. They can download these pictures or take screenshots of these pictures. Since the pictures are published online, they are also saved on servers located in different parts of the world. Pictures are no longer just available on your computing devices.
Your Computing Devices
Your computing devices don’t just store your data. Now these devices have become the portal of your data and have produced information about you.
Unless you have chosen to receive paper statements for all of your accounts, you will use your computing devices to access the data. If you want a digital copy of the latest credit card statement, you use your computing devices to access the credit card issuer’s website. If you want to pay your credit card bill online, you can access your bank’s website to transfer money using your computing devices. In addition to allowing you to access your information, computing devices can also generate information about you.
Once all this information about you is available online, your personal data has become profitable for hackers.
They Want Your Money
If you have something valuable, criminals want it.
Your online credentials are valuable. These credentials give thieves access to your accounts. You may think that the flight miles you earn are not valuable to cybercriminals. Think again. After nearly 10,000 American Airlines & United accounts were hacked, cybercriminals used these stolen credentials to book free flights and upgrades. Although frequent flyer miles are returned to customers by airlines, this demonstrates the value of login credentials. A criminal can also take advantage of your relationships. They can access your online accounts and reputation. They trick you into transferring money to your friends or family. The criminal may send messages stating that you need to send money so that your family or friends can return home from abroad after losing their wallet.
Criminals get very creative when they try to trick you into paying you. They not only steal your money; they can also steal your identity and ruin your life.
Enterprise Data Types
Corporate data includes personnel information, intellectual property, and financial data. Personnel information includes application materials, payroll, offer letters, employee contracts, and all information used in employment decisions. Intellectual property such as patents, trademarks and new product plans allow a business to gain an economic advantage over its competitors. This intellectual property may be considered a trade secret; Losing this information could be disastrous for the company’s future. A company’s financial data, such as income statements, balance sheets, and cash flow statements, provide insight into the company’s health.
Internet of Things and Big Data
With the advent of the Internet of Things (IoT), there is now much more data to manage and secure. The IoT is a vast network of physical objects such as sensors and equipment that extends beyond the traditional computer network. All these connections and the fact that we expand storage capacity and storage services through cloud or virtualization leads to data growth exponentially. These data created a new field of interest in technology and business called “Big Data”. With the speed, volume and diversity of data generated by the IoT and daily business activities, the confidentiality, integrity and availability of this data are vital to the survival of the organization.
Confidentiality, Integrity and Compliance
Known as the CIA triad of confidentiality, integrity and compliance (Figure 1), it is a guideline for an organization’s information security. Privacy ensures the confidentiality of data by restricting access through authentication encryption. Integrity ensures that information is accurate and reliable. Relevance (availability) ensures that information is accessible to authorized persons.
Another term for privacy would be “privacy”. Company policies should restrict access to information by authorized personnel and ensure that only authorized persons view this data. Data can be segmented according to the level of security or sensitivity of the information. For example, a Java program developer does not need to access the personal information of all employees. In addition, employees should receive training to understand best practices in protecting sensitive information to protect themselves and the company from attacks. Methods used to ensure privacy include data encryption, username and password, two-factor authentication, and minimizing the exposure of sensitive information.
Integrity is the accuracy, consistency, and reliability of data throughout its entire lifecycle. Data should not be altered during transfer and should not be altered by unauthorized entities. File permissions and user access control can prevent unauthorized access. Version control can be used to prevent accidental changes by authorized users. Backups must be available to restore corrupted data, and checksum hashing can be used to verify the integrity of data during transfer.
The checksum is used to verify the integrity of files or character strings after they are transferred from one device to another over your local network or the Internet. Checksums are calculated with hash functions. Some of the common checksums are MD5, SHA-1, SHA-256, and SHA-512. The hash function uses a mathematical algorithm to transform the data into a fixed-length value representing the data, as shown in Figure 2. The hash value is used for comparison only. Based on the hash value, the original data cannot be obtained directly. For example, if you forgot your password, it cannot be recovered by deriving the hash value. This forgotten password must be reset.
Once a file has been downloaded, you can verify the integrity of the file by comparing the value you generated with the hash from the source using any hash calculator. By comparing the hashes, you can ensure that the file was not tampered with or corrupted during the transfer.
Maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups ensures that the network and data are available and available to authorized users. Plans should be made for rapid recovery from natural or man-made disasters. Security equipment or software, such as firewalls, protect against downtime from attacks such as denial of service (DoS). Denial of service happens when an attacker tries to overwhelm resources so that services are not available to users.