Cybersecurity and Cybercrime Prevention
by John Bandler
This page is a brief outline to assist individuals and organizations by providing a framework and references. I use this as a presentation landing page.
1. Introduction
Cybersecurity and cybercrime prevention requires knowledge of some important areas, and is a process of continual improvement.
Important areas include:
- Cybercrime threats
- Cybersecurity basics
- Organizing and improving a personal or family cybersecurity plan
- Establishing and improving an organization's cybersecurity program
- Cybercrime criminal laws (mostly for organizations)
- Civil laws and regulations regarding cybersecurity and data breach notification (mostly for organizations)
- Privacy concepts and laws (mostly for organizations)
As we go through each area I will keep the text short and simply provide relevant references.
2. Cybercrime threats
If we understand the cybercrime threats and risks, we can protect against them and spot them when they occur.
By analogy, if we understand that burglars might try to break into a residence or business, we can think about measures to try prevent or deter that crime, or detect it as soon as it happens.
Immediate focus should be on the Three Priority Cybercrime Threats, and it helps to have a general knowledge of cybercrime and identity theft.
- The Three Priority Cybercrime Threats
- Cybercrime
- Identity theft
- Cybersecurity for the Home and Office Chapter 2
- Cybercrime Investigations Chapter 2
3. Cybersecurity basics
People need a foundation in basics of cybersecurity, and what measures can be employed, and their relative effectiveness.
As another analogy, we know that burglars might look to see if a door or window is open, and if not, they might try to use a certain amount of force. So we know that shutting and locking a door is a good security measure. High security locks and alarms are also available. We need to think how cybercriminals might try to attack and steal from us electronically.
A foundation in technology is often a prerequisite:
- Cybersecurity for the Home and Office Chapters 5 and 6
- Cybercrime Investigations Chapter 3
A foundation in cybersecurity is essential:
- Introduction to Cybersecurity and Information Security
- Cybersecurity for the Home and Office Chapter 4
- Cybercrime Investigations Chapter 4
4. Organizing and improving a personal or family cybersecurity plan
Now that we have some basic knowledge, how do we use that to protect ourselves?
Also consider that our personal life and home are the most important for us, so let's protect it, and get some hands-on practical skills with technology and cybersecurity while we do that. Cybersecurity starts in the home.
I would love for you to buy and read my first book, but few of you will do that. But you can read my blog article here for free and follow my four pillars of cybersecurity, which are:
- Improve Knowledge and awareness to improve decision making from the CEO to newest hire. Learn about cybercrime threats, information security, technology, and legal requirements
- Secure computing devices
- Secure data
- Secure networks and use of the Internet
[Repeat! It's a continual process of improvement]
- Cybersecurity Tips from John Bandler (one page tip sheet)
- Bandler's Four Pillars of Cybersecurity
- Cybersecurity for the Home and Office (entire book)
5. Establishing and improving an organization's cybersecurity program
Now we add some degrees of difficulty to the cybersecurity problem.
Hopefully, we have a degree of knowledge, awareness, and experience, thanks to all of the above, including working to protect and learn about our information systems at home and for the family.
Now we need to apply all of that to the organization, and that adds a number of challenges.
The good news is the four pillars of cybersecurity remains valid and helpful for organizations, especially small and mid-size organizations, but even for large ones too.
But now you are going to need some additional formality and documentation. As you do that we focus on the business mission, how to improve management and protection, be profitable and resilient, and comply with legal requirements.
- Cybersecurity Tips from John Bandler (one page tip sheet)
- Bandler's Four Pillars of Cybersecurity
- Bandler's Free Starter Cybersecurity Policy
- Three Platforms to Connect (for compliance)
- Four Platforms to Connect (for compliance and mission)
- Five Components for Policy Work
- Policy Project Planning and Execution
- Cybersecurity, Privacy, You, and Your Organization
- Cybersecurity Laws and Regulations Part 1
- Cyber Insurance
- Cybersecurity and Working from Home
- Cybersecurity related forms you can use to inventory the information assets in your home or small organization (computer devices, data, accounts, network, etc.)
We tiptoed into the law there, and remember that businesses and organizations face many legal issues, including relating to cyber. So more on cyber related law later. We don't cover traditional law in this article but resources for that are on this site.
6. Cybercrime criminal laws (organizations)
The average organization only needs to know a tiny bit about criminal law: so they can properly investigate and report it if it happens to them, and how to avoid inadvertently violating it.
But those in law enforcement or who work regularly with law enforcement should have a solid understanding of criminal law, including substantive criminal law (the crimes people can be charged with) and procedural criminal law (you guessed it, the process, or procedure of investigating, arresting, and prosecuting defendants).
- Cybercrime
- Identity theft
- Cybercrime Investigations Chapters 5, 6, 7
7. Civil laws and regulations regarding cybersecurity and data breach notification (organizations)
All organizations need to know about the civil laws relating to cybersecurity and data breach reporting and notification.
Some organizations may have a legal duty to have a certain level of cybersecurity for certain data. All organizations have a duty to notify and report if certain data is breached. All organizations may have certain cyber duties in accord with traditional law concepts relating to contract and negligence.
- Cybersecurity Laws and Regulations Part 1
- Cybersecurity Laws and Regulations Part 2
- Cyber Insurance
- Cybersecurity for the Home and Office Chapter 14
- Cybercrime Investigations Chapter 9
Organizations need to manage other areas of a law also, including basic business law, contract, negligence, and intellectual property. Links for those at the bottom.
8. Privacy concepts and laws (mostly for organizations)
Privacy laws will almost always include a cybersecurity requirement and a data breach notification requirement, as covered above.
Privacy laws will also include specifics relating to consumer data, what information is collected from consumers, how it is used, shared, stored, and etc.
9. This was too much, I'm overwhelmed
Between this article and everything I directly link to, plus everything those articles link to, it can seem overwhelming. That's OK.
Start where you are, and try to learn one thing at a time, it is a process of continual improvement.
Usually, the first link is the most general and the place to start.
Sometimes, professional expertise can help cut through some of the most difficult parts of getting started with or improving cybersecurity.
10. This isn't enough, it's too general, I want more details!
If you have read everything on this website, you've covered a lot of material. But you are right, each blog article here is general, it is a short summary and overview
Have you read my books? Those obviously have a lot of detail. Even still, a lot of words were cut to trim those books to the size desired by the publisher.
There is more learning to be had, through reading, formal education, and certification study. Or customized training or expert help with your situation.
11. Conclusion
Thus we conclude this outline.
As always, none of this is legal advice nor consulting advice, nor tailored to your situation.
12. References
Many references were provided above. Here's a compilation.
- Five Components for Policy Work
- External Guidance
- External Rules
- Cybersecurity Laws and Regulations Part 1 (general legal overview and link to Part 2)
- Privacy
- Cyber insurance
- Rules
- Introduction to Law (Outline)
- Internal Rules
- Bandler's Three Platforms to Connect
- Bandler's Fourth Platform to Connect
- Policies and Procedures (and other governance documents)
- Policies, Procedures, and Governance of an Organization
- Policy Checklist
- Internal Rules Planning
- Internal Rules Building
- Policy and Procedure Research and References (I have researched and built out many articles on the topic and they are all listed here)
- Bandler's Free Starter Cybersecurity Policy
- Mission and Business Needs
- Practice and Action
- Cybersecurity Tips from John Bandler (one page tip sheet)
- Bandler's Four Pillars of Cybersecurity
- The Three Priority Cybercrime threats to protect against, including:
- Introduction to Cybersecurity and Information Security
- Cybersecurity, Privacy, You, and Your Organization
- Cybersecurity Laws and Regulations Part 1
- Cyber Insurance
- Cybersecurity and Working from Home
- Cybersecurity book overview page
- Cybercrime Investigations book overview page
- Cybersecurity related forms you can use to inventory the information assets in your home or small organization (computer devices, data, accounts, network, etc.)
Learn more about privacy law
Learn about the CIPP/US certification and my course on privacy and cybersecurity law.
- About the CIPP/US Certification, How to Study for It, and Reference List
- My coupon code at the Infosec Institute for my CIPP/US course (and others)
- Privacy (My simple blog article gets you started)
Basic Law resources
- Introduction to Law (outline), https://johnbandler.com/introduction-to-law-outline/
- Business Basics and Law
- Intellectual Property Law - An Introduction, https://johnbandler.com/intellectual-property-law/
- Contract Law
- Negligence Law
- My course on Udemy, “Introduction to Law”, https://www.udemy.com/course/introduction-to-law/
Cybersecurity and cybercrime resources
- Introduction to Cybersecurity and Information Security, https://johnbandler.com/introduction-cybersecurity-information-security/
- Cybersecurity Tips from John Bandler (single page tip sheet), https://johnbandler.com/cybersecurity-tips-from-john-bandler/
- Cybersecurity forms for the home or small office, https://johnbandler.com/cybersecurity-asset-inventory-forms-for-the-home/
- The Three Priority Cybercrime Threats, https://johnbandler.com/priority-cybercrime-threats/
- Bandler's Four Pillars of Cybersecurity, https://johnbandler.com/bandlers-four-pillars-of-cybersecurity/
- Free Cybersecurity Policy, https://johnbandler.com/cybersecurity-policy-free-version/
- Cybersecurity review and improvement for your organization - a checklist, https://johnbandler.com/cybersecurity-review-improvement/
Cybersecurity related forms you can use to identify and list the information assets in your home or small organization.
- Form 1: Cybersecurity Forms Explained and Checklist
- Form 2: Personal Primary Device and Data Account Summary
- Form 3: Personal Data summary
- Form 4: Home Device (computer) Inventory
- Form 5: Personal Email & Internet Account Inventory
- Form 6: Network and Internet Summary
Governance and policy work
- Free Cybersecurity Policy, https://johnbandler.com/cybersecurity-policy-free-version/
- Policies and procedures, https://johnbandler.com/policies-and-procedures/
- Internal Rules, https://johnbandler.com/internal-rules/
- Bandler’s Five Components for Policy Work, https://johnbandler.com/five-components-for-policy-work/
- Bandler's Three Platforms to Connect (for compliance), https://johnbandler.com/bandlers-three-platforms-to-connect/
- Bandler's Fourth Platform to Connect, https://johnbandler.com/bandlers-fourth-platform-to-connect/
- Policy and Procedure Research and References, https://johnbandler.com/policy-and-procedure-references/
- Policy Checklist, https://johnbandler.com/policy-checklist/
John's online courses on privacy, security policies, and law
John's book on cybersecurity
In 2017 my first book was published, Cybersecurity for the Home and Office, The Lawyer's Guide to Taking Charge of Your Own Information Security, from the American Bar Association (ABA).
Since then I have been providing continuing legal education (CLE) to attorneys about securing their information assets.
Many are afraid of technology and cybersecurity but should not be. It is a learning process and everyone can learn and improve.
Speaking, training, and cybersecurity program development
See Services
To explore more of this site:
This page is hosted at https://johnbandler.com/cybersecurity-and-cybercrime-prevention, copyright John Bandler all rights reserved.
Posted 2/28/2023 (building on prior work). Updated 03/19/2023.