2.4.1. Cyber Resilience

“You do not know how strong you are until being strong is the only option you have left.”Bob MarleyComposer

Knowing how to protect oneself from cyber attacks is necessary but not sufficient. Sooner or later, for one reason or another, our devices and our data may be exposed to third parties.

For this reason, when this happens, we must establish in advance policies and procedures to be followed that will allow us, in the best of cases, to recover the data and devices or, failing that, to keep them away from the access of third parties.

Lesson goals and objectives

In this lesson you will learn:

  • Cyber Security vs. Cyber Resilience
  • how to protect our devices and our data
  • To develop cyber resilience policies

Not only large corporations and companies must protect themselves against cyber attacks. Unfortunately, the current attacks are directed at the whole population indiscriminately.

Therefore, not only should we take extreme precautions by putting all resources at our disposal to avoid being attacked and having our data exposed, but we should also be aware and establish protocols that will help us regain control of the situation when this happens, a Plan-B. Resilience policy

What happens if your laptop or computer stops working? What if it is stolen or lost? What about your mobile phone?

If these situations or others can be a hindrance to your life or personal or professional development, beyond the economic cost of the damaged or missing hardware, you should perhaps worry about how to restore the situation as soon as possible. Security guides and procedurese policy

Think about what situations you would consider “likely” to occur and how they would affect you.
Then establish a plan for each of these contingencies. It may be necessary to remember that disasters, attacks and security breaches do not always come from outside, as we ourselves can unknowingly and by our actions do more damage (in IT terms) to ourselves than an outside attacker could do. Physical Security Measuresence policy

Pay close attention to the devices you use, especially in public places, the chances are very high that they will be lost or stolen if you leave them unattended. 

Also, get in the habit of locking them out and logging out when you share devices or a workspace, even if you’re not in public areas.

USB sticks or USB pen drives that rotate from computer to computer can be the fastest and safest way to be attacked. Locking devices: PIN, unlock pattern, password, Apps Access

There are many ways for us to block our equipment from the view of others. Some are more effective than others, but no matter how ineffective they are, they are much better than leaving our terminal unblocked in the eyes of the whole world.

Choose one or more ways to block your computer and then use it! Password management and settings

It is very annoying having to memorize different passwords for the different services we use on the Internet. But it is essential that we do so, because not all attacks will come against us, most of them will go against the companies and corporations that provide us with service on the Internet and if one of these companies falls, that “unique” password is the first barrier that we put up against the attack and if it is not strong enough, it will only affect one service and not all our online activity. Security token

In the same way as an ATM we need our credit card (token) and a PIN to get money. The tokens (physical or digital) in combination with PIN or Password prevent that if the attacker only has one of the two elements, the attack will be thwarted. IPX- Rough devices

The electronic devices we use are very sensitive to shocks, high and low temperatures, water, etc.

The IP protection grades refer to the international standard CEI 60529 Degrees of Protection and guarantee us to what extent our equipment is protected against these situations.

It is up to us to assess whether or not it is necessary for us to adopt these measures.