Cyber Best Practices for Critical Infrastructure

Critical infrastructure is often targeted by cyber criminals looking to disrupt vital services. By following cyber security best practices, you can help prevent these attacks.

Why is cyber security important in critical infrastructure?

As an employee at a critical infrastructure provider, you likely have numerous duties related to maintaining the confidentiality of sensitive data and keeping vital systems operational. Cyber criminals often have malicious intent and could look to bring systems down just to demand a ransom to bring them back up.

View Options Again

It's not important. Critical infrastructure providers do not need to have good cyber security. They only require excellent physical security on site. Critical infrastructure providers maintain vital services. A breach could result in severe financial costs and impact the day-to-day lives of people who rely on its services. Laws protect providers from cyber attacks, and strict penalties apply if a hacker is caught. This reduces the importance of cyber security.

The importance of data security

Data security is crucial for understanding what sensitive data we hold, the impact of it being accessed by an unauthorised user and how we can prevent unauthorised access.

To understand the importance of data, we first need to classify it. This process involves tagging data according to its type, sensitivity, and impact to the organisation if altered, stolen, or destroyed. It helps an organization understand the value of its data, determine whether the data is at risk, and implement controls to mitigate risks.

Controls dictating how to handle data are essential to ensuring its security. For example, confidential information should have strong controls in place, which could include multi-factor authentication to access the data, restricting view permissions based on a need-to-know basis, and only allowing access if certain devices are in use.

When data is no longer needed, its important to destroy it in a secure manner to prevent it from falling into the wrong hands. Depending on the data sensitivity this may include shredding paper documents, wiping electronic media, or using other secure destruction methods.

Is the following statement True or False:
Data security isn't important in critical infrastructure because it's just customer data.

Customer data is a highly sought-after commodity on the black market. This can include anything from customer names to emails to other forms of personally identifiable data. A breach of customer data could result in severe regulatory fines and reputational damage to providers of critical infrastructure.

View Options Again

True False

Staying cyber safe

Staying safe on the internet requires us to maintain good cyber hygiene practices

Ensure you use strong and unique passwords for all your applications. In the event one application is compromised, all your other accounts will remain secure. A practical method of implementing this is to use a password manager or a single-sign-on solution. Strong passwords should contain a mixture of numbers, letters, and special characters.

When you're online, be aware of your digital surroundings. If a website seems suspicious or if something feels wrong, trust your gut and leave the site. When using email, always be on the lookout for phishing attempts, and never click on links in unsolicited emails.

You should always ensure your devices are up-to-date and have the latest security patches applied. Cyber criminals are constantly finding new vulnerabilities in software and keeping your software up-to-date helps to prevent abuse of these vulnerabilities. This will help ensure your devices are safe and protected from new threats.

What is an example of a strong password?

Strong passwords are long passwords and ones that a human or computer would not easily guess. It is best to use special characters, upper and lower case, plus numbers and letters. Avoid using obvious passwords like sequential numbers or lazy passwords such as "password" or "qwerty". These are common passwords that are easily cracked or guessed.

View Options Again

qwerty password123 1234567890 TheFr0gJump3dHigh)1

What is an example of using caution online?

The correct answer is to be wary of suspicious emails; this is a textbook example of using caution online. You should always be on the lookout for potential phishing scams designed to masquerade as a company or someone you know. They could have the intent to steal your personal information or infect your device with ransomware.

View Options Again

Only browsing websites you haven't been to before. Only opening emails if they claim to come from known companies. Being wary of suspicious emails, especially those that contain links or attachments. Sharing your credit card information via email.

From a security standpoint, why should you always keep your devices up to date?

Whilst keeping your devices and software up-to-date will give you the added bonus of new features, from a security standpoint, the key reason to update is to ensure you have the latest security patches applied. By staying up-to-date, known vulnerabilities will be fixed, and your devices will be safer to use.

View Options Again

To avoid compatibility issues with my colleagues. It will help to ensure your devices don't have known vulnerabilities an attacker can exploit. Keeping your devices up to date is only for those people who like to keep up-to-date with the latest tech trends. New features could be useful for your organization and improve productivity.

Learn how to spot the phish

Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.

Compose

Folders

Inbox 6
Starred
Draft 3
Sent Mail
Spam
Trash

[URGENT] Claim Your Work From Home Set-Up Payment

Human Resources ( human-resources@webnotifications.net )to john.doe@mybusiness.com

Dear John,

Claim Your Work From Home Set-Up Payment

Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of $1500.00 USD to ensure that you have a suitable home working set-up.

To receive the payment via payroll, you will need to complete this acknowledgement form .

For more information on how to set up your home office space safely, please look at the:
https://www.workingfromhome.hr/arragements/concur/apps/track

Thank you,
The Human Resources Team

***This is an automatically generated email, please do not reply***

What are some indicators that an email is malicious?

Cyber criminals will often use spoofed sender addresses and urgency to try and bypass critical thinking and make an email seem trustworthy. They will then also commonly request personal information or request you to perform an adverse action.

View Options Again

All options are correct. Urgency in email subject. Requesting personal information. Fraudulent or spoofed sender address.

Goals of cyber security

The goal of cyber security is all about enabling businesses to adopt digital technologies in a safe and secure way. Depending on your priorities, the following principles may apply.

Confidentiality refers to protecting the secrecy of information and systems. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.

Integrity refers to the measures taken to protect information from unauthorized alteration. These measures provide assurance in the accuracy and completeness of data. The need to protect information includes both data that is stored on systems and data that is transmitted between systems, such as email.

Availability refers to ensuring that authorized users have access to information and systems when they need them. This means protecting against attacks that can disrupt access or cause them to become unavailable. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.

Why is Multi-Factor Authentication important?

MFA is an authentication method that requires more than one verification factor to validate a user's identity by using something they have, know, or are.

This type of authentication factor requires the user to provide something that only they know, such as a password or a PIN. This is the most common type of authentication factor and is often used as the first layer of protection.

This type of authentication factor requires the user to have possession of something, such as a security token or a smartphone. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.

This type of authentication factor is based on the user's physical characteristics, such as their fingerprint, face, or voice. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.

What is an example of Multi-Factor Authentication?

One-time passwords can be generated and sent to the user's cellular device via SMS. The correct user must be in possession of the device that receives/ generates the one-time password to access the system.

View Options Again

Using multiple virus detection methods. Letting only one other person know your password. Entering a password and receiving an SMS to verify your identity. Changing your passwords on a regular basis.

Wrapping up

Protecting critical infrastructure is a team effort. We each need to do our bit to ensure we're following cyber security best practices and reduce the risk of a successful cyber attack!

Cyber Best Practices for Critical Infrastructure

Why is cyber security important in critical infrastructure?

The importance of data security

Is the following statement True or False: Data security isn't important in critical infrastructure because it's just customer data.

Staying cyber safe

What is an example of a strong password?

What is an example of using caution online?

From a security standpoint, why should you always keep your devices up to date?

Learn how to spot the phish

What are some indicators that an email is malicious?

Cyber criminals will often use spoofed sender addresses and urgency to try and bypass critical thinking and make an email seem trustworthy. They will then also commonly request personal information or request you to perform an adverse action.

Goals of cyber security

Why is Multi-Factor Authentication important?

What is an example of Multi-Factor Authentication?

One-time passwords can be generated and sent to the user's cellular device via SMS. The correct user must be in possession of the device that receives/ generates the one-time password to access the system.

Wrapping up

Is the following statement True or False:
Data security isn't important in critical infrastructure because it's just customer data.