Cybersecurity and Cybercrime Prevention

by John Bandler

This page is a mini-course outline to assist individuals and organizations by providing a framework and references. I also use this as a presentation landing page and structure some courses and speaking presentations around it.

This is a comprehensive outline, but remember that not every section gets equal weight or time devoted to it depending on the audience and the need. Some sections might be covered in a minute or two, some might require extensive discussion.

1. Introduction

Cybersecurity and cybercrime prevention requires knowledge of some important areas, and is a process of continual improvement.

Important areas include:

  • Cybercrime threats
  • Technology basics
  • Cybersecurity basics
  • Organizing and improving a personal or family cybersecurity plan
  • Establishing and improving an organization's cybersecurity program
  • Cybercrime criminal laws (mostly for organizations)
  • Civil laws and regulations regarding cybersecurity and data breach notification (mostly for organizations)
  • Privacy concepts and laws (mostly for organizations)
  • References and digging into deeper details

As we go through each area I will keep the text short and simply provide relevant references.

2. Cybercrime threats

If we understand the cybercrime threats and risks, we can protect against them and spot them when they occur.

By analogy, if we understand that burglars might try to break into a residence or business, we can think about measures to try prevent or deter that crime, or detect it as soon as it happens.

Immediate focus should be on the Three Priority Cybercrime Threats, and it helps to have a general knowledge of cybercrime and identity theft.

3. Technology basics

A foundation in technology is often a prerequisite. Not that you have to become an expert, just have some knowledge.

As another analogy, we know that burglars might look to see if a door or window is open, and if not, they might try to use a certain amount of force. So we know that shutting and locking a door is a good security measure. High security locks and alarms are also available. We need to think how technology works and where our electronic windows and doors are.

Think about your technology as four components

  1. The human that configures and uses technology
  2. Computer devices
  3. Data and online accounts
  4. Networks and internet

To learn a little bit more, see these:

  • Technology basics
  • Cybersecurity for the Home and Office, Chapter 5 Basic Computer Principals
  • Cybersecurity for the Home and Office, Chapter 6 Basic Networking and the Internet
  • Cybercrime Investigations, Chapter 3 Introduction to Computers, Networks, and Forensics

4. Cybersecurity basics

People need a foundation in basics of cybersecurity, and what measures can be employed, and their relative effectiveness.

Cybersecurity is about human decisions, including about managing risk.

A foundation in cybersecurity is essential:

5. Organizing and improving a personal or family cybersecurity plan

Now that we have some basic knowledge, how do we use that to protect ourselves?

Also consider that our personal life and home are the most important for us, so let's protect it, and get some hands-on practical skills with technology and cybersecurity while we do that. Cybersecurity starts in the home.

I would love for you to buy and read my first book, but few of you will do that. But you can read my blog article here for free and follow my four pillars of cybersecurity, which are:

Bandler's Four Pillars of Cybersecurity
Bandler's Four Pillars of Cybersecurity

  1. Improve Knowledge and awareness to improve decision making from the CEO to newest hire. Learn about cybercrime threats, information security, technology, and legal requirements
  2. Secure computing devices
  3. Secure data
  4. Secure networks and use of the Internet

[Repeat! It's a continual process of improvement]

Some references include:


Individuals can skip to Point 10

If you are concerned solely with personal or family cybersecurity you can just skip to Point 10 (or so) where we start discussing if this is too much, not enough, and additional references.

If you are concerned about your organization's cybersecurity, keep reading. We build upon all of the above and keep going.

Organization cybersecurity


6. Establishing and improving an organization's cybersecurity program

Now we add some degrees of difficulty to the cybersecurity problem.

Hopefully, we have a degree of knowledge, awareness, and experience, thanks to all of the above, including working to protect and learn about our information systems at home and for the family.

We need to apply all we have covered to the organization, and that adds a number of challenges.

The good news is the four pillars of cybersecurity remains valid and helpful for organizations, especially small and mid-size organizations, but even for large ones too.

Now you are going to need some additional formality and documentation. As you do that we focus on the business mission, how to improve management and protection, be profitable and resilient, and comply with legal requirements.

We tiptoed into the law there, and remember that businesses and organizations face many legal issues, including relating to cyber. So more on law and cyber related law next.

7. Laws and cyberlaws introduced

Here is where we introduce some legal concepts, including law, cyberlaw, and all that entails.

Organizations need to be aware of all legal requirements that apply to them.

8. Cybercrime criminal laws (for organizations)

The average organization only needs to know a tiny bit about criminal law:  so they can properly investigate and report it if it happens to them, and how to avoid inadvertently violating it.

But those in law enforcement or who work regularly with law enforcement should have a solid understanding of criminal law, including substantive criminal law (the crimes people can be charged with) and procedural criminal law (you guessed it, the process, or procedure of investigating, arresting, and prosecuting defendants).

9. Civil laws and regulations regarding cybersecurity and data breach notification (for organizations)

All organizations need to know about the civil laws relating to cybersecurity and data breach reporting and notification.

Some organizations may have a legal duty to have a certain level of cybersecurity for certain data. All organizations have a duty to notify and report if certain data is breached. All organizations may have certain cyber duties in accord with traditional law concepts relating to contract and negligence.

Organizations need to manage other areas of a law also, including basic business law, contract, negligence, and intellectual property. Links for those at the bottom.

10. Privacy concepts and laws (mostly for organizations)

Privacy laws will almost always include a cybersecurity requirement and a data breach notification requirement, as covered above.

Privacy laws will also include specifics relating to consumer data, what information is collected from consumers, how it is used, shared, stored, and etc.

11. Wait, I'm feeling...

11a. Wait, I'm overwhelmed! This outline (and resources) is too much!

If you feel like this is too much, relax, it's OK. Between this article and everything I directly link to, plus everything those articles link to, it can seem overwhelming.

You don't have to learn everything at once. Just try to learn one thing at a time, improve one priority item at a time. Think of it as a process of continual improvement and not about being perfect and learning everything.

Start with general principles and foundational basics. Usually that's the first article linked to.

Sometimes, professional expertise can help cut through some of the most difficult parts of getting started with or improving cybersecurity. I provide that expertise so see my services or contact me.

11b. I want more details! This isn't enough, it's too general!

I try to layer things, simple up front, links to more articles on this website. If this page seems simple or basic, that's what the linked articles are for. If you have read everything on this website, you've covered a lot of material. But still, there is only so much I can cover, and I try keep these articles relatively short.

So remember that I have written two books, and they have considerable information within.

And consider that many of my articles point to external resources, so check those out too.

There is plenty of good reliable information available, through reading, formal education, and certification study. Or customized training or expert help with your situation.

11c. This is perfect! I love how it is organized!

Thank you!

12. Conclusion

Thus we conclude this outline.

As always, none of this is legal advice nor consulting advice, nor tailored to your situation. Nothing can make you immune and impervious to cybercrime, but you should try to continually improve your cybersecurity and how you manage your information assets.

13. References and additional reading

Many references were provided above within each section. Here's a more complete compilation.

Cybersecurity and cybercrime basics

Cybersecurity related forms you can use to identify and list the information assets in your home or small organization (computer devices, data, accounts, network, etc.)

Basic Law resources

Cyber law resources

More details on privacy law

Learn about the CIPP/US certification and my course on privacy and cybersecurity law.

John's services

John's online courses on privacy, security policies, and law

Now organized from a perspective of organization management, compliance, and efficiency with the Five Components

Books

  • Cybersecurity for the Home and Office, by John Bandler, Published by the American Bar Association (ABA) in 2017, ISBN-13: 978-1634259071
  • Cybercrime Investigations: A Comprehensive Resource for Everyone, John Bandler and Antonia Merzon, CRC Press, 2020, ISBN-13: 978-0367196233 (Chapter 3 introduces technology, Chapter 4 introduces cybersecurity)

Speaking, training, and cybersecurity program development

14. External references

This page is hosted at https://johnbandler.com/cybersecurity-and-cybercrime-prevention, copyright John Bandler all rights reserved.

Posted 2/28/2023 (building on prior work). Updated 1/4/2024.