Cybersecurity and Cybercrime Prevention

by John Bandler

This page is a brief outline to assist individuals and organizations by providing a framework and references. I use this as a presentation landing page.

1. Introduction

Cybersecurity and cybercrime prevention requires knowledge of some important areas, and is a process of continual improvement.

Important areas include:

  • Cybercrime threats
  • Cybersecurity basics
  • Organizing and improving a personal or family cybersecurity plan
  • Establishing and improving an organization's cybersecurity program
  • Cybercrime criminal laws (mostly for organizations)
  • Civil laws and regulations regarding cybersecurity and data breach notification (mostly for organizations)
  • Privacy concepts and laws (mostly for organizations)

As we go through each area I will keep the text short and simply provide relevant references.

2. Cybercrime threats

If we understand the cybercrime threats and risks, we can protect against them and spot them when they occur.

By analogy, if we understand that burglars might try to break into a residence or business, we can think about measures to try prevent or deter that crime, or detect it as soon as it happens.

Immediate focus should be on the Three Priority Cybercrime Threats, and it helps to have a general knowledge of cybercrime and identity theft.

3. Cybersecurity basics

People need a foundation in basics of cybersecurity, and what measures can be employed, and their relative effectiveness.

As another analogy, we know that burglars might look to see if a door or window is open, and if not, they might try to use a certain amount of force. So we know that shutting and locking a door is a good security measure. High security locks and alarms are also available. We need to think how cybercriminals might try to attack and steal from us electronically.

A foundation in technology is often a prerequisite:

  • Cybersecurity for the Home and Office Chapters 5 and 6
  • Cybercrime Investigations Chapter 3

A foundation in cybersecurity is essential:

4. Organizing and improving a personal or family cybersecurity plan

Now that we have some basic knowledge, how do we use that to protect ourselves?

Also consider that our personal life and home are the most important for us, so let's protect it, and get some hands-on practical skills with technology and cybersecurity while we do that. Cybersecurity starts in the home.

I would love for you to buy and read my first book, but few of you will do that. But you can read my blog article here for free and follow my four pillars of cybersecurity, which are:

  1. Improve Knowledge and awareness to improve decision making from the CEO to newest hire. Learn about cybercrime threats, information security, technology, and legal requirements
  2. Secure computing devices
  3. Secure data
  4. Secure networks and use of the Internet

[Repeat! It's a continual process of improvement]

5. Establishing and improving an organization's cybersecurity program

Now we add some degrees of difficulty to the cybersecurity problem.

Hopefully, we have a degree of knowledge, awareness, and experience, thanks to all of the above, including working to protect and learn about our information systems at home and for the family.

Now we need to apply all of that to the organization, and that adds a number of challenges.

The good news is the four pillars of cybersecurity remains valid and helpful for organizations, especially small and mid-size organizations, but even for large ones too.

But now you are going to need some additional formality and documentation. As you do that we focus on the business mission, how to improve management and protection, be profitable and resilient, and comply with legal requirements.

We tiptoed into the law there, and remember that businesses and organizations face many legal issues, including relating to cyber. So more on cyber related law later. We don't cover traditional law in this article but resources for that are on this site.

6. Cybercrime criminal laws (organizations)

The average organization only needs to know a tiny bit about criminal law:  so they can properly investigate and report it if it happens to them, and how to avoid inadvertently violating it.

But those in law enforcement or who work regularly with law enforcement should have a solid understanding of criminal law, including substantive criminal law (the crimes people can be charged with) and procedural criminal law (you guessed it, the process, or procedure of investigating, arresting, and prosecuting defendants).

7. Civil laws and regulations regarding cybersecurity and data breach notification (organizations)

All organizations need to know about the civil laws relating to cybersecurity and data breach reporting and notification.

Some organizations may have a legal duty to have a certain level of cybersecurity for certain data. All organizations have a duty to notify and report if certain data is breached. All organizations may have certain cyber duties in accord with traditional law concepts relating to contract and negligence.

Organizations need to manage other areas of a law also, including basic business law, contract, negligence, and intellectual property. Links for those at the bottom.

8. Privacy concepts and laws (mostly for organizations)

Privacy laws will almost always include a cybersecurity requirement and a data breach notification requirement, as covered above.

Privacy laws will also include specifics relating to consumer data, what information is collected from consumers, how it is used, shared, stored, and etc.

9. This was too much, I'm overwhelmed

Between this article and everything I directly link to, plus everything those articles link to, it can seem overwhelming. That's OK.

Start where you are, and try to learn one thing at a time, it is a process of continual improvement.

Usually, the first link is the most general and the place to start.

Sometimes, professional expertise can help cut through some of the most difficult parts of getting started with or improving cybersecurity.

10. This isn't enough, it's too general, I want more details!

If you have read everything on this website, you've covered a lot of material. But you are right, each blog article here is general, it is a short summary and overview

Have you read my books? Those obviously have a lot of detail. Even still, a lot of words were cut to trim those books to the size desired by the publisher.

There is more learning to be had, through reading, formal education, and certification study. Or customized training or expert help with your situation.

11. Conclusion

Thus we conclude this outline.

As always, none of this is legal advice nor consulting advice, nor tailored to your situation.

12. References

Many references were provided above. Here's a compilation.

Learn more about privacy law

Learn about the CIPP/US certification and my course on privacy and cybersecurity law.

Basic Law resources

Cybersecurity and cybercrime resources

Cybersecurity related forms you can use to identify and list the information assets in your home or small organization.

Governance and policy work

John's services

John's online courses on privacy, security policies, and law

John's book on cybersecurity

In 2017 my first book was published, Cybersecurity for the Home and Office, The Lawyer's Guide to Taking Charge of Your Own Information Security, from the American Bar Association (ABA).

Since then I have been providing continuing legal education (CLE) to attorneys about securing their information assets.

Many are afraid of technology and cybersecurity but should not be. It is a learning process and everyone can learn and improve.

Speaking, training, and cybersecurity program development

See Services

To explore more of this site:

This page is hosted at https://johnbandler.com/cybersecurity-and-cybercrime-prevention, copyright John Bandler all rights reserved.

Posted 2/28/2023 (building on prior work). Updated 03/19/2023.