Cybersecurity Basics – The CIA Triad
Cybersecurity Awareness – By Ron Frechette, The Cyber Coach
Last month we shared how the adoption of remote workforces are becoming the “new normal” due to the COVID-19 pandemic. This cataclysmic shift in the way the world now “goes to work” has the federal government and cybersecurity thought leaders deeply concerned about a significant rise in cybercrimes. The damage this could cause to the small-midsize business world and their employees’ livelihoods could be devastating. We are already starting to see it happen. In fact, Cybercrime Magazine reported that 60 percent of small companies go out of business within six months of falling victim to a data breach or cyber-attack. With both the financial security and future of a business on the line, it’s vital for small-midsize businesses to have measures in place to monitor suspicious network activity.
If you are a small business owner, or work for one, it is critical to become educated on the basics of practicing good cyber hygiene. There are also the legal obligations to consider such as the practice of due care and due diligence. So, this month we are going to focus on helping you learn the three fundamental principles of security governance which is confidentiality, integrity and availability of data. We commonly refer to this in the information security world as, The CIA Triad, not to be confused with the Central Intelligence Agency.
- Confidentiality – Confidentiality is concerned with preventing unauthorized access to sensitive information. The access could be intentional, such as an intruder breaking into your network and gaining access to information, or it could be unintentional, due to individuals not being properly trained on how to handle sensitive information. The two main countermeasures to ensure your data remains confidential is to encrypt it (in transit and at rest) and implement proper access controls.
- Integrity – Integrity in the information security world means maintaining the accuracy and completeness of data. It is about protecting the reliability and correctness of data. Integrity involves maintaining the consistency and trustworthiness of data throughout its entire life cycle. There are numerous countermeasures to ensure integrity against possible threats such as strict access controls, rigorous authentication procedures, and intrusion detection systems.
- Availability – Availability is the third security governance principle and depends on both integrity and confidentiality. Without integrity and confidentiality, availability cannot be maintained. It is an assurance that your system and data are accessible by authorized users whenever it’s needed. There are numerous countermeasures to maintain availability. Some include using access controls effectively, monitoring network performance and traffic, using firewalls and routers to prevent DoS attacks, and most importantly, maintaining and testing backups. Making regular off-site backups can also limit the damage caused to hard drives due to natural disasters.
Within the CIA Triad, availability is most vulnerable to threats than the other two components. Be especially diligent about performing backups. In closing, now is the time to transform the way we conduct business into the Digital Age way. Practicing good cyber hygiene, like dental hygiene, requires learning new behaviors and practicing them consistently in order to avoid future pain and potential embarrassment. Until next month, wishing you all a safe journey in cyberspace!
Questions? Email me at email@example.com or send me a tweet @GoldskyRon.