If you work in the world of technology, you’re likely familiar with the 5 C’s of Cyber Security. But if you’re not, you might be wondering what the five C’s are that are constantly being referenced in any context related to cybersecurity. Here’s what each of these Cs means and how they can keep your business safe from cyber-attacks and data breaches.
5 C’s of Cyber Security: How to Keep Your Business Safe
- Confidentiality
- Control
- Custody
- Compromise
- Cryptography
1) Confidentiality
One of the biggest mistakes you can make when it comes to cybersecurity is not taking steps to protect your data. Anyone who has access to your network, either intentionally or unintentionally, can potentially see and even copy your files. In order to preserve confidentiality and ensure that all important documents remain safe, password-protect them. This means creating an encrypted file by adding an extra layer of protection, like a password or personal identification number (PIN). You should also update any encryption software regularly and store information on computers or external drives that are encrypted as well. Finally, encrypt your hard drive with a good drive encryption program.
2) Control
The first C controls. The more you can control your data environment, specifically who can access it and how they are able to do so, the better off you will be. To do that requires planning ahead. Work with your team to anticipate where data will exist and then determine who should have access and how they should go about obtaining that access in a controlled manner. Make sure users don’t accidentally or inadvertently expose sensitive information by using a secure form of communication; one example is using encrypted messaging software like Signal when discussing critical details in an email or text message, rather than simply forwarding an email with sensitive information. Finally, train users on proper security protocol so they understand what confidential information looks like and know what procedures need to be followed when handling it.
3) Custody
The single biggest cyber security threat out there today is malware—particularly ransomware. It locks up your data, essentially holding it hostage, and in order to get it back, you need to pay off hackers by transferring funds over a cryptocurrency (read: Bitcoin). As we’ve seen with major companies like Deloitte, even giant corporations aren’t immune. So if you can prevent your company from getting compromised in any way, do so! For example, train employees on phishing emails and how not to respond; always update your operating systems and software; keep software patches up-to-date; use strong passwords (no dictionary words), and use two-factor authentication for all services where available.
The next biggest threat is ransomware. Ransomware is malware that encrypts your data so you can’t access it without paying a ransom, sometimes in Bitcoin. It might seem like an easy way out—after all, paying off hackers means you get your data back—but there are risks to consider when deciding whether or not to pay. For example, even if you decide not to pay up, it doesn’t mean that they won’t try again. Also, not all encryption is breakable. So even if you do pay, there’s no guarantee they will release your data at all!
4) Compromise
The most basic type of cyberattack is when an unauthorized party gains access to your system. It could be that someone literally breaks into your office, or it could be a far sneakier scenario in which an employee leaves their computer unlocked while they head out for lunch. Prevention is always better than a cure, so make sure you regularly keep up-to-date on cyber security software and policies. You should also make use of available tools such as air gap machines (which are kept offline) and lockable cabinets, which prevent unauthorized physical access to sensitive systems. The safest environment is one where all employees have limited physical access and where their internet connections are monitored and logged whenever they interact with your network—not just at specific times during working hours.
5) Cryptography
Encryption, hashing, SSL, digital signatures, and other types of crypto are used every day to protect sensitive data from falling into unwanted hands. These methods aren’t just limited to major banks; they can be applied at any level as long as a few basic steps are followed. In general, if you don’t have something worth protecting there is no need for security. But when your data is valuable, encryption should be considered seriously.
Although it is easy to see how cryptography can be helpful in protecting valuable data, there are some considerations that businesses should make when using crypto. The first concern is whether or not you really need encryption; if your data isn’t worth stealing then there will be no way for a hacker to monetize their efforts. Additionally, both transmitting and storing encrypted information costs extra, so weighing benefits against costs is important. A business with extremely sensitive data may want as much security as possible, but other organizations might find that less than optimal encryption suffices. If you do decide on strong encryption it will be necessary to protect keys.