Cybersecurity for dummies.

Title Page
Copyright Page
Table of Contents
Introduction
	About This Book
	Foolish Assumptions
	Icons Used in This Book
	Beyond the Book
	Where to Go from Here
Part 1 Getting Started with Cybersecurity
	Chapter 1 What Exactly Is Cybersecurity?
		Cybersecurity Means Different Things to Different Folks
		Cybersecurity Is a Constantly Moving Target
			Technological changes
				Digital data
				The Internet
				Cryptocurrency
				Mobile workforces and ubiquitous access
				Smart devices
				Big data
				The COVID-19 pandemic
			Social shifts
			Economic model shifts
			Political shifts
				Data collection
				Election interference
				Hacktivism
				Greater freedom
				Sanctions
				New balances of power
		Looking at the Risks Cybersecurity Mitigates
			The goal of cybersecurity: The CIA Triad
			From a human perspective
	Chapter 2 Getting to Know Common Cyberattacks
		Attacks That Inflict Damage
			Denial-of-service (DoS) attacks
			Distributed denial-of-service (DDoS) attacks
			Botnets and zombies
			Data destruction attacks
		Is That Really You? Impersonation
			Phishing
			Spear phishing
			CEO fraud
			Smishing
			Vishing
			Pharming
			Whaling: Going for the “big fish”
		Messing around with Other People’s Stuff: Tampering
		Captured in Transit: Interception
			Man-in-the-middle attacks
		Taking What Isn’t Theirs: Data Theft
			Personal data theft
			Business data theft
			Data exfiltration
			Compromised credentials
			Forced policy violations
		Cyberbombs That Sneak into Your Devices: Malware
			Viruses
			Worms
			Trojans
			Ransomware
			Scareware
			Spyware
			Cryptocurrency miners
			Adware
			Blended malware
			Zero-day malware
			Fake malware on computers
			Fake malware on mobile devices
			Fake security subscription renewal notifications
		Poisoned Web Service Attacks
		Network Infrastructure Poisoning
		Malvertising
			Drive-by downloads
			Stealing passwords
		Exploiting Maintenance Difficulties
		Advanced Attacks
			Opportunistic attacks
			Targeted attacks
			Blended (opportunistic and targeted) attacks
		Some Technical Attack Techniques
			Rootkits
			Brute-force attacks
			Injection attacks
				Cross-site scripting
				SQL injection
			Session hijacking
			Malformed URL attacks
			Buffer overflow attacks
	Chapter 3 The Bad Guys You Must Defend Against
		Bad Guys and Good Guys Are Relative Terms
		Bad Guys Up to No Good
			Script kiddies
			Kids who are not kiddies
			Terrorists and other rogue groups
			Nations and states
			Corporate spies
			Criminals
			Hacktivists
				Terrorists
				Rogue insiders
		Cyberattackers and Their Colored Hats
		How Cybercriminals Monetize Their Actions
			Direct financial fraud
			Indirect financial fraud
				Profiting off illegal trading of securities
				Stealing credit card, debit card, and other payment-related information
				Stealing goods
				Stealing data
			Ransomware
			Cryptominers
		Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats
			Human error
				Humans: The Achilles’ heel of cybersecurity
				Social engineering
			External disasters
				Natural disasters
				Pandemics
				Man-made environmental problems
				Cyberwarriors and cyberspies
				The impotent Fair Credit Reporting Act
				Expunged records are no longer really expunged
				Social Security numbers
				Social media platforms
				Google’s all-knowing computers
				Mobile device location tracking
		Defending against These Attackers
Part 2 Improving Your Own Personal Security
	Chapter 4 Evaluating Your Current Cybersecurity Posture
		Don’t be Achilles: Identifying Ways You May Be Less than Secure
			Your home computer(s)
			Your mobile devices
			Your Internet of Things (IoT) devices
			Your networking equipment
			Your work environment
		Identifying Risks
		Protecting against Risks
			Perimeter defense
			Firewall/router
			Security software
			Your physical computer(s) and any other endpoints
			Backups
			Detecting
			Responding
			Recovering
			Improving
		Evaluating Your Current Security Measures
			Software
			Hardware
			Insurance
			Education
		Privacy 101
			Think before you share
			Think before you post
			General privacy tips
		Banking Online Safely
		Safely Using Smart Devices
		Cryptocurrency Security 101
	Chapter 5 Enhancing Physical Security
		Understanding Why Physical Security Matters
		Taking Inventory
			Stationary devices
			Mobile devices
		Locating Your Vulnerable Data
		Creating and Executing a Physical Security Plan
		Implementing Physical Security
		Security for Mobile Devices
		Realizing That Insiders Pose the Greatest Risks
	Chapter 6 Cybersecurity Considerations When Working from Home
		Network Security Concerns
		Device Security Concerns
		Location Cybersecurity
			Shoulder surfing
			Eavesdropping
			Theft
			Human errors
		Video Conferencing Cybersecurity
			Keep private stuff out of camera view
			Keep video conferences secure from unauthorized visitors
		Social Engineering Issues
		Regulatory Issues
Part 3 Protecting Yourself from Yourself
	Chapter 7 Securing Your Accounts
		Realizing You’re a Target
		Securing Your External Accounts
		Securing Data Associated with User Accounts
			Conduct business with reputable parties
			Use official apps and websites
			Don’t install software from untrusted parties
			Don’t root your phone
			Don’t provide unnecessary sensitive information
			Use payment services that eliminate the need to share credit card numbers
			Use one-time, virtual credit card numbers when appropriate
			Monitor your accounts
			Report suspicious activity ASAP
			Employ a proper password strategy
			Utilize multifactor authentication
			Log out when you’re finished
			Use your own computer or phone
			Lock your computer
			Use a separate, dedicated computer for sensitive tasks
			Use a separate, dedicated browser for sensitive web-based tasks
			Secure your access devices
			Keep your devices up to date
			Don’t perform sensitive tasks over public Wi-Fi
			Never use public Wi-Fi in high-risk places
			Access your accounts only in safe locations
			Use appropriate devices
			Set appropriate limits
			Use alerts
			Periodically check access device lists
			Check last login info
			Respond appropriately to any fraud alerts
			Never send sensitive information over an unencrypted connection
			Beware of social engineering attacks
			Establish voice login passwords
			Protect your cellphone number
			Don’t click on links in emails or text messages
		Securing Data with Parties You’ve Interacted With
		Securing Data at Parties You Haven’t Interacted With
		Securing Data by Not Connecting Hardware with Unknown Pedigrees
	Chapter 8 Passwords
		Passwords: The Primary Form of Authentication
		Avoiding Simplistic Passwords
		Password Considerations
			Easily guessable personal passwords
			Complicated passwords aren’t always better
			Different levels of sensitivity
			Your most sensitive passwords may not be the ones you think
			You can reuse passwords — sometimes
			Consider using a password manager
		Creating Memorable, Strong Passwords
		Knowing When to Change Passwords
		Changing Passwords after a Breach
		Providing Passwords to Humans
		Storing Passwords
			Storing passwords for your heirs
			Storing general passwords
		Transmitting Passwords
		Discovering Alternatives to Passwords
			Biometric authentication
			SMS-based authentication
			App-based one-time passwords
			Hardware token authentication
			USB-based authentication
	Chapter 9 Preventing Social Engineering Attacks
		Don’t Trust Technology More than You Would People
		Types of Social Engineering Attacks
		Six Principles Social Engineers Exploit
		Don’t Overshare on Social Media
			Your schedule and travel plans
			Financial information
			Personal information
				Information about your children
				Information about your pets
			Work information
			Possible cybersecurity issues
			Crimes and minor infractions
			Medical or legal advice
			Your location
			Your birthday
			Your “sins”
		Leaking Data by Sharing Information as Part of Viral Trends
		Identifying Fake Social Media Connections
			Photo
			Verification
			Friends or connections in common
			Relevant posts
			Number of connections
			Industry and location
			Similar people
			Duplicate contact
			Contact details
			Premium status
			LinkedIn endorsements
			Group activity
			Appropriate levels of relative usage
			Human activities
			Cliché names
			Poor contact information
			Skill sets
			Spelling
			Age of an account
			Suspicious career or life path
			Level or celebrity status
		Using Bogus Information
		Using Security Software
		General Cyberhygiene Can Help Prevent Social Engineering
Part 4 Cybersecurity for Businesses, Organizations, and Government
	Chapter 10 Securing Your Small Business
		Making Sure Someone Is In Charge
		Watching Out for Employees
			Incentivize employees
			Avoid giving out the keys to the castle
			Give everyone separate credentials
			Restrict administrators
			Limit access to corporate accounts
			Implement employee policies
			Enforce social media policies
			Monitor employees
		Dealing with a Remote Workforce
			Use work devices and separate work networks
			Set up virtual private networks
			Create standardized communication protocols
			Use a known network
			Determine how backups are handled
			Be careful where you work remotely
			Be extra vigilant regarding social engineering
		Considering Cybersecurity Insurance
		Complying with Regulations and Compliance
			Protecting employee data
			PCI DSS
			Breach disclosure laws
			GDPR
			HIPAA
			Biometric data
			Anti-money laundering laws
			International sanctions
		Handling Internet Access
			Segregate Internet access for personal devices
			Create bring your own device (BYOD) policies
			Properly handle inbound access
			Protect against denial-of-service attacks
			Use https
			Use a VPN
			Run penetration tests
			Be careful with IoT devices
			Use multiple network segments
			Be careful with payment cards
		Managing Power Issues
	Chapter 11 Cybersecurity and Big Businesses
		Utilizing Technological Complexity
		Managing Custom Systems
		Continuity Planning and Disaster Recovery
		Looking at Regulations
			Sarbanes Oxley
			Stricter PCI requirements
			Public company data disclosure rules
			Breach disclosures
			Industry-specific regulators and rules
			Fiduciary responsibilities
			Deep pockets
		Deeper Pockets — and Insured
		Considering Employees, Consultants, and Partners
			Dealing with internal politics
			Offering information security training
			Replicated environments
		Looking at the Chief Information Security Officer’s Role
			Overall security program management
			Test and measurement of the security program
			Human risk management
			Information asset classification and control
			Security operations
			Information security strategy
			Identity and access management
			Data loss prevention
			Fraud prevention
			Incident response plan
			Disaster recovery and business continuity planning
			Compliance
			Investigations
			Physical security
			Security architecture
			Geopolitical risks
			Ensuring auditability of system administrators
			Cybersecurity insurance compliance
Part 5 Handling a Security Incident (This Is a When, Not an If)
	Chapter 12 Identifying a Security Breach
		Identifying Overt Breaches
			Ransomware
			Defacement
			Claimed destruction
		Detecting Covert Breaches
			Your device seems slower than before
			Your Task Manager doesn’t run
			Your Registry Editor doesn’t run
			Your device starts suffering from latency issues
			Your device starts suffering from communication and buffering issues
			Your device’s settings have changed
			Your device is sending or receiving strange email messages
			Your device is sending or receiving strange text messages
			New software (including apps) is installed on your device — and you didn’t install it
			Your device’s battery seems to drain more quickly than before
			Your device seems to run hotter than before
			File contents have been changed
			Files are missing
			Websites appear different than before
			Your Internet settings show a proxy, and you never set one up
			Some programs (or apps) stop working properly
			Security programs have turned off
			An increased use of data or text messaging (SMS)
			Increased network traffic
			Unusual open ports
			Your device starts crashing
			Your cellphone bill shows unexpected charges up to here
			Unknown programs request access
			External devices power on unexpectedly
			Your device acts as if someone else were using it
			New browser search engine default
			Your device password has changed
			Pop-ups start appearing
			New browser add-ons appear
			New browser home page
			Your email from the device is getting blocked by spam filters
			Your device is attempting to access “bad” sites
			You’re experiencing unusual service disruptions
			Your device’s language settings changed
			You see unexplained activity on the device
			You see unexplained online activity
			Your device suddenly restarts
			You see signs of data breaches and/or leaks
			You are routed to the wrong website
			Your hard drive or SSD light never seems to turn off
			Other abnormal things happen
	Chapter 13 Recovering from a Security Breach
		An Ounce of Prevention Is Worth Many Tons of Response
		Stay Calm and Act Now with Wisdom
		Bring in a Pro
		Recovering from a Breach without a Pro’s Help
			Step 1: Figure out what happened or is happening
			Step 2: Contain the attack
			Step 3: Terminate and eliminate the attack
				Boot the computer from a security software boot disk
				Backup
				Delete junk (optional)
				Run security software
		Reinstall Damaged Software
			Restart the system and run an updated security scan
			Erase all potentially problematic System Restore points
			Restore modified settings
			Rebuild the system
		Dealing with Stolen Information
			Paying ransoms
				Consult a cybersecurity expert
				Consult a lawyer
			Learning for the future
		Recovering When Your Data Is Compromised at a Third Party
			Reason the notice was sent
			Scams
			Passwords
			Payment card information
			Government-issued documents
			School or employer-issued documents
			Social media accounts
Part 6 Backing Up and Recovery
	Chapter 14 Backing Up
		Backing Up Is a Must
		Backing Up Data from Apps and Online Accounts
			SMS texts
			Social media
			WhatsApp
			Google Photos
			Other apps
		Backing Up Data on Smartphones
			Android
				Automatic backups
				Manual backups
			Apple
				Backing up to iCloud
				Backing up using iTunes
		Conducting Cryptocurrency Backups
		Backing Up Passwords
		Looking at the Different Types of Backups
			Full backups of systems
			Original system images
			Later system images
			Original installation media
			Downloaded software
			Full backups of data
			Incremental backups
			Differential backups
			Mixed backups
			Continuous backups
			Partial backups
			Folder backups
			Drive backups
			Virtual drive backups
			Exclusions
			In-app backups
		Figuring Out How Often You Should Backup
		Exploring Backup Tools
			Backup software
			Drive-specific backup software
			Windows Backup
			Smartphone/tablet backup
			Manual file or folder copying backups
			Automated task file or folder copying backups
		Creating a Boot Disk
		Knowing Where to Back Up
			Local storage
			Offsite storage
			Cloud
			Network storage
			Mixing locations
		Knowing Where Not to Store Backups
		Encrypting Backups
		Testing Backups
		Disposing of Backups
	Chapter 15 Resetting Your Device
		Exploring Two Types of Resets
			Soft resets
				Older devices
				Windows computers
				Mac computers
				Android devices
				iPhones
			Hard resets
				Resetting a modern Windows device
				Resetting a modern Android device
				Resetting a Mac
				Resetting an iPhone
		Rebuilding Your Device after a Hard Reset
	Chapter 16 Restoring from Backups
		You Will Need to Restore
		Wait! Do Not Restore Yet!
		Restoring Data to Apps
		Restoring from Full Backups of Systems
			Restoring to the computing device that was originally backed up
			Restoring to a different device than the one that was originally backed up
			Original system images
			Later system images
			Installing security software
			Original installation media
			Downloaded software
			Restoring from full backups of data
		Restoring from Incremental Backups
			Incremental backups of data
			Incremental backups of systems
			Differential backups
			Continuous backups
			Partial backups
			Folder backups
			Drive backups
			Virtual-drive backups
				Restoring the entire virtual drive
				Restoring files and/or folders from the virtual drive
		Dealing with Deletions
		Excluding Files and Folders
		Understanding Archives
			Multiple files stored within one file
			Old live data
			Old versions of files, folders, or backups
		Restoring Using Backup Tools
			Restoring from a Windows backup
			Restoring to a system restore point
			Restoring from a smartphone/tablet backup
			Restoring from manual file or folder copying backups
			Utilizing third-party backups of data hosted at third parties
		Returning Backups to Their Proper Locations
			Network storage
			Restoring from a combination of locations
		Restoring to Non-Original Locations
		Never Leave Your Backups Connected
		Restoring from Encrypted Backups
		Testing Backups
		Restoring Cryptocurrency
		Booting from a Boot Disk
Part 7 Looking toward the Future
	Chapter 17 Pursuing a Cybersecurity Career
		Professional Roles in Cybersecurity
			Security engineer
			Security manager
			Security director
			Chief information security officer (CISO)
			Security analyst
			Security architect
			Security administrator
			Security auditor
			Cryptographer
			Vulnerability assessment analyst
			Ethical hacker
			Security researcher
			Offensive hacker
			Software security engineer
			Software source code security auditor
			Security consultant
			Security expert witness
			Security specialist
			Incident response team member
			Forensic analyst
			Cybersecurity regulations expert
			Privacy regulations expert
		Exploring Career Paths
			Career path: Senior security architect
			Career path: CISO
		Starting Out in Information Security
		Exploring Popular Certifications
			CISSP
			CISM
			CEH
			Security+
			GSEC
			Verifiability
			Ethics
		Overcoming a Criminal Record
		Overcoming Bad Credit
		Looking at Other Professions with a Cybersecurity Focus
	Chapter 18 Emerging Technologies Bring New Threats
		Relying on the Internet of Things
			Critical infrastructure risks
			Computers on wheels: modern cars
		Using Cryptocurrencies and Blockchain
		Cloud-Based Applications and Data
		Optimizing Artificial Intelligence
			Increased need for cybersecurity
			Use as a cybersecurity tool
			Use as a hacking tool
		Where Was This Laptop Really Made? Supply Chain Risks
		Nothing Is Trustworthy: Zero Trust
		Genius Computers Are Coming: Quantum Supremacy
		Experiencing Virtual Reality
		Transforming Experiences with Augmented Reality
Part 8 The Part of Tens
	Chapter 19 Ten Ways to Improve Your Cybersecurity without Spending a Fortune
		Understand That You Are a Target
		Use Security Software
		Encrypt Sensitive Information
		Back Up Often
		Do Not Share Login Credentials
		Use Proper Authentication
		Use Social Media Wisely
		Segregate Internet Access
		Use Public Wi-Fi Safely (Or Better Yet, Don’t Use It!)
		Hire a Pro
	Chapter 20 Ten (or So) Lessons from Major Cybersecurity Breaches
		Marriott
		Target
		Sony Pictures
		U.S. Office of Personnel Management
		Anthem
		Colonial Pipeline and JBS SA
			Colonial Pipeline
			JBS
	Chapter 21 Ten Ways to Safely Use Public Wi-Fi
		Use Your Cellphone as a Mobile Hotspot
		Turn Off Wi-Fi Connectivity When You’re Not Using Wi-Fi
		Don’t Perform Sensitive Tasks over Public Wi-Fi
		Don’t Reset Passwords When Using Public Wi-Fi
		Use a VPN Service
		Use Tor
		Use Encryption
		Turn Off Sharing
		Have Information Security Software on Any Devices Connected to Public Wi-Fi Networks
		Understand the Difference between True Public Wi-Fi and Shared Wi-Fi
Index
EULA