Cybersecurity and Cybercrime Prevention

For your home and organization

by John Bandler

This page is a mini-course outline to help individuals and organizations improve their cybersecurity and protect against cybercrime.

I also use this as a presentation landing page, and structure some of my courses and speaking presentations around it, including my new and free Udemy course on cybersecurity.

This is a comprehensive outline, and not every section gets equal weight or time devoted to it depending on the audience and the need. Some sections might be covered in a minute or two, some might require extensive discussion.

Every person and organization starts from a different place. Make your goal to take a few steps to move forward and improve.

1. Introduction

Cybersecurity and cybercrime prevention requires knowledge of some important areas, and is a process of continual improvement.

Important areas include:

  • Cybercrime threats
  • Technology basics
  • Cybersecurity basics
  • Organizing and improving a personal or family cybersecurity plan
  • Establishing and improving an organization's cybersecurity program
  • Cybercrime criminal laws (mostly for organizations)
  • Civil laws and regulations regarding cybersecurity and data breach notification (mostly for organizations)
  • Privacy concepts and laws (mostly for organizations)
  • References and digging into deeper details

As we go through each area I will keep the text short and simply provide relevant references. Generally, the introductory level references are listed first, then the details come later.

2. Cybercrime threats

If we understand the cybercrime threats and risks, we can protect against them and spot them when they occur.

By analogy, if we understand that burglars might try to break into a residence or business, we can think about measures to try prevent or deter that crime, or detect it as soon as it happens.

Immediate focus should be on the Three Priority Cybercrime Threats, and it helps to have a general knowledge of cybercrime and identity theft.

3. Technology basics

A foundation in technology is often a prerequisite. Not that you have to become an expert, just have some knowledge.

As another analogy, we know that burglars might look to see if a door or window is open, and if not, they might try to use a certain amount of force. So we know that shutting and locking a door is a good security measure. High security locks and alarms are also available. We need to think how technology works and where our electronic windows and doors are.

Think about your technology as four components

  1. The human that configures and uses technology
  2. Computer devices
  3. Data and online accounts
  4. Networks and internet

To learn a little bit more, see these:

  • Technology basics
  • Cybersecurity for the Home and Office, Chapter 5 Basic Computer Principals
  • Cybersecurity for the Home and Office, Chapter 6 Basic Networking and the Internet
  • Cybercrime Investigations, Chapter 3 Introduction to Computers, Networks, and Forensics

4. Cybersecurity basics

People need a foundation in basics of cybersecurity, and what measures can be employed, and their relative effectiveness.

Cybersecurity is about human decisions, including about managing risk.

A foundation in cybersecurity is essential:

5. Organizing and improving a personal or family cybersecurity plan

Now that we have some basic knowledge, how do we use that to protect ourselves?

Also consider that our personal life and home are the most important for us, so let's protect it, and get some hands-on practical skills with technology and cybersecurity while we do that. Cybersecurity starts in the home.

You can apply and follow my four pillars of cybersecurity, which are:

Bandler's Four Pillars of Cybersecurity
Bandler's Four Pillars of Cybersecurity

  1. Improve Knowledge and awareness to improve decision making from the CEO to newest hire. Learn about cybercrime threats, information security, technology, and legal requirements
  2. Secure computing devices
  3. Secure data
  4. Secure networks and use of the Internet

[Repeat! It's a continual process of improvement]

Some references include:

Individuals can skip to Point 10 (because points 6-9 are for organizations)

If you are concerned solely with personal or family cybersecurity you can just skip to Point 10 (or so) where we start discussing if this is too much, not enough, and additional references.

If you are concerned about your organization's cybersecurity, keep reading. We build upon all of the above and keep going.

Organization cybersecurity

6. Establishing and improving an organization's cybersecurity program

Now we add some degrees of difficulty to the cybersecurity problem.

Hopefully, we have a degree of knowledge, awareness, and experience, thanks to all of the above, including working to protect and learn about our information systems at home and for the family.

We need to apply all we have covered to the organization, and that adds a number of challenges.

The good news is the four pillars of cybersecurity remains valid and helpful for organizations, especially small and mid-size organizations, but even for large ones too.

Now you are going to need some additional formality and documentation. As you do that we focus on the business mission, how to improve management and protection, be profitable and resilient, and comply with legal requirements.

We also need to think about policy work and governance documents.

We tiptoed into the law there, and remember that businesses and organizations face many legal issues, including relating to cyber. So more on law and cyber related law next.

7. Laws and cyberlaws introduced

Here is where we introduce some legal concepts, including law, cyberlaw, and all that entails.

Organizations need to be aware of all legal requirements that apply to them.

8. Cybercrime criminal laws (for organizations)

The average organization only needs to know a tiny bit about criminal law:  so they can properly investigate and report it if it happens to them, and how to avoid inadvertently violating it.

But those in law enforcement or who work regularly with law enforcement should have a solid understanding of criminal law, including substantive criminal law (the crimes people can be charged with) and procedural criminal law (you guessed it, the process, or procedure of investigating, arresting, and prosecuting defendants).

9. Civil laws and regulations regarding cybersecurity and data breach notification (for organizations)

All organizations need to know about the civil laws relating to cybersecurity and data breach reporting and notification.

Some organizations may have a legal duty to have a certain level of cybersecurity for certain data. All organizations have a duty to notify and report if certain data is breached. All organizations may have certain cyber duties in accord with traditional law concepts relating to contract and negligence.

Organizations need to manage other areas of a law also, including basic business law, contract, negligence, and intellectual property. Links for those at the bottom.

10. Privacy concepts and laws (mostly for organizations)

Privacy laws will almost always include a cybersecurity requirement and a data breach notification requirement, as covered above.

Privacy laws will also include specifics relating to consumer data, what information is collected from consumers, how it is used, shared, stored, and etc.

11. Conclusion

Thus we conclude this course outline (though this webpage content continues).

As always, none of this is legal advice nor consulting advice, nor tailored to your situation. Nothing can make you immune and impervious to cybercrime, but you should try to continually improve your cybersecurity and how you manage your information assets.

12. Wait, I'm feeling...

12a. Wait, I'm overwhelmed! This outline with resources is too much!

If you feel like this is too much, relax, it's OK. Between this article and everything I directly link to, plus everything those articles link to, it can seem like a lot.

You don't have to learn everything at once. Just try to learn one thing at a time, starting with high priority items. Think of it as a process of continual improvement and not about being perfect and learning everything.

Start with general principles and foundational basics. Usually that's the first article linked to.

Sometimes, professional expertise can help cut through some of the most difficult parts of getting started with or improving cybersecurity. I provide that expertise so see my services or contact me.

12b. I want more details! This isn't enough, it's too general!

I layer this with simpler concepts up front. If this page seems simple or basic, the linked articles have more detail. If those linked articles seem too simple, remember that they have more links and references, including the authoritative laws and frameworks. If you have read everything on this website then you've covered a lot of material. But still, there is only so much I can cover, and I try keep these articles relatively short.

Then I have written three (soon four) books, and they have considerable information within.

All of that is still just the writing of one person. There is plenty of good reliable information available, through reading, formal education, and certification study. Or customized training or expert help with your situation.

12c. This is perfect! I love how it is organized!

Thank you!

13. References and additional reading

Many references were provided above within each section. Here's a more complete compilation.

Cybersecurity and cybercrime basics

Cybersecurity related forms you can use to identify and list the information assets in your home or small organization (computer devices, data, accounts, network, etc.)

Basic Law resources

Cyber law resources

John's services

Organization management and policy work resources with the Five Components

Books and courses Policies and Procedures Bandler Book Front Cover

  • Policies and Procedures for Your Organization: Build solid governance documents on any topic ... including cybersecurity, by John Bandler, 2024
  • Cybersecurity for the Home and Office, by John Bandler, Published by the American Bar Association (ABA) in 2017, ISBN-13: 978-1634259071
  • Cybercrime Investigations: A Comprehensive Resource for Everyone, John Bandler and Antonia Merzon, CRC Press, 2020, ISBN-13: 978-0367196233 (Chapter 3 introduces technology, Chapter 4 introduces cybersecurity)
  • My Udemy courses (cybersecurity, law, cyberlaw, policies, etc.)

Speaking, training, and cybersecurity program development

14. External references

This page is hosted at https://johnbandler.com/cybersecurity-and-cybercrime-prevention, copyright John Bandler all rights reserved.

Posted 2/28/2023 (building on prior work). Updated 11/18/2024.