Start a degree program at American Public University.
By Dr. Novadean Watson-Stone
Program Director, Information Technology, American Public University
Note: This article originally appeared on In Cyber Defense.
How many times have parents warned their children not to talk to strangers? Some children obey without question, some ask why not talk to strangers? Others simply want to know what constitutes a stranger.
Today, that question is relevant in the realm of cyberspace.
A stranger in cyberspace could be someone or something attempting to access mobile devices or any computer system without authorization, approval or consent.
More specifically, in the technology space, a cyber stranger could be identified as a hacker, cracker (such as Black Hats), pirate, keylogger or any other cybercriminal. Basically, a cyber stranger is anyone or any machine that uses knowledge or skills to breach a computer system and gain unauthorized, illegal or unlawful access.
While not literally “talking” to strangers, the device or system you use may be electronically communicating with a “stranger” on a regular basis.
As Sapan Agarwal, a senior director at Frost & Sullivan Asia Pacific, commented: “With the advent of new technology, manufacturers are rushing to roll out new capabilities in their devices without paying enough attention to device security at the design stage. By the time these devices are secured against existing vulnerabilities and risks, cyberattacks would have evolved into new levels of sophistication.”
Avoid Talking to Strangers Electronically and Use S.M.A.R.T. Security Measures
One way to help prevent your device or system from talking to strangers is to start using S.M.A.R.T. security measures. The acronym was introduced by George T. Doran, a consultant and former director of Corporate Planning at Washington Water Power Company. Doran published a paper titled “There’s a S.M.A.R.T. Way to Write Management’s Goals and Objectives” to guide writing objectives and goals. Since then, the acronym is more popularly defined as:
- S – Specific
- M – Measurable
- A – Achievable
- R – Realistic
- T – Time
Regardless of what security measure you employ, consider using the S.M.A.R.T. acronym to:
- S – Employ specific security solutions such as antivirus and anti-malware systems, sniffer, firewall, intrusion detection systems, encryption, virtual private networks (VPNs), multifactor authentication, strong password and security policies, account lockout control and training.
- M – Assess the effectiveness of the selected solutions by establishing measurable techniques to conduct reviews and tests as suggested by Gartner Senior Researcher Gitanjali Maria in her article, “Everything you need to know about security assessments to safeguard your data.”
- A – Consider the user, cost, technical capability and compatibility, and other related requirements to achieve acceptable security solutions. Depending on the hardware or software used, some systems may experience compatibility issues preventing different security measures to deploy; the software supporting the device or system may become outdated and is no longer supported by the manufacturer.
- R – Determine if the security solution is reliable, realistic and robust.
- T – Exercise audit controls and other techniques to track relevance, acceptability, and timely update of security measures — solutions should offer real-time protection.
No one action can prevent your device or system from talking to cyber strangers, but a layer of security measures will help reinforce device or system security control. As Maria wrote in GetApp Lab, “You may have the best security software installed in your organization, but a determined hacker or a careless employee is all it takes to bring the whole system down.”
About the Author
Dr. Watson-Stone is currently the program director for the graduate and undergraduate information technology programs at American Public University, where she serves an aggressively growing department. Novadean has over 16 years of experience in the information technology field. She published a blog post on Women in STEM – Payment Equality in IT, October 2015 and a Q&A piece on Cybersecurity in Higher Education at evoLLLution.com, November 2014.