What Is Cybersecurity? How Can We Protect Our Data and Information ?
With the increase in the use of internet and social media among all age groups, any subject related to informatics has started to be taken seriously by almost everyone.
And lately we’ve heard the word cyber more than before.This word means; relating to or characteristic of the culture of computers, information technology, and virtual reality.
Additional information : Cyber came from cybernetics. Cybernetics influences game, system, and organizational theory. Cybernetics derived from the Greek kubernētēs which refers to a pilot or steersman. Related is the Greek word kubernēsis which means “the gift of governance” and applies to leadership.
Information security becomes as important as the number of Internet users, devices and data increases.
Cyber security covers many different areas such as information security, operational security and computer security.Briefly,protection of the security and privacy of life in the cyber world.
Every device that connects to the Internet or even sends or receives signals is actually a threat. When using these devices, we’ve forgotten the damages and the bad side.One of the reasons that these topic have multiplied and gained importance recently is the cyber attacks.
As the types, intensities and effects of cyber attacks increase; the increase in the steps taken in the field of cyber security has been mostly at the same rate.
The types and methods of cyber attack can be briefly mentioned as follows;
- Pass through the firewall of the target system and copying data.
- Camera / microphone listening.
- Network scanning so, infiltration.
- Denial of Service, all services available on the target system and can be used to deactivate.
- Taking destructive action on all internet services of the target structure.
- Breaking passwords with crypto attack.
- IP hiding or supersede another IP(IP Masquerading).
- Listening and seizing data by infiltrating two connections.(MITM)
- Feeding (Phishing)
(we will discuss the details in another article)
Our data is protected as much as possible by international standards and governmental measures.But as we know, we can never be absolutely %100 protected from such attacks.We may seek legal remedies if we encounter such situations.However; unfortunately, we are unlikely to recover any copied, unauthorized, maliciously used data.So we will talk about a few simple measures that can be taken.I must say that of course they will not provide full of protection, but it is useful to apply.
- Especially in public transportation and cafes, we should be careful to not use the common networks as much as possible.If it is possible dont use any time.
- Modem interface should not use login information in factory settings.We should definately change it.
- Against Sniffing attacks ( capture with software the data packet on a network and read the contents),we must use third-party firmware recommended by the modem manufacturer and always keep it in the most current version.
- Use secure access channels (VPN) should be taken into consideration if we are working in a public network.
- We should use our devices like phone, computer, tablet in the most current versions.
- We should not use simple passwords in our accounts.Memorable, complex and unpredictable passwords should be used.It is very important that we change passwords between 3-6 months, even if they are not frequent.
- We should not use the same password on every platform.
- We should not click on any link immediately, read carefully and think first.
- We should check the “https” statement in the address line of the web pages that are accessed during use.
And some measures to be taken by institutions;
- Security vulnerabilities should be identified by regular security scans.
- Information security awareness of employees should be increased by conducting awareness-raising and training activities against cyber attacks.
- Since information security is a part of the business, it should be integrated and implemented in all business policies.
- The most appropriate information security policy should be referenced to the company’s intellectual knowledge.
- The firm should not stretch the rules and security policies, even for one person.
- Domestic producers should be preferred. It should be kept in mind that almost all foreign security products have a back door and that hackers and external forces can exploit it and access any activity on the network.
- For both office and remote employees, access to sensitive services (vpn, email, portal, etc.) using strong encrypted communication channels should be mandatory.
- Control mechanisms should be in place to prevent data theft.
- Any activity in the network and computer environment should be recorded and rules of abnormality should be established.
Otherwise, cyber attackers, malicious hackers or hacker groups may access this data without permission and cause material and moral damage to corporations.