网络安全的最终指南

If asked you to list the most valuable things you own, how would you answer? I guess this would be another way of asking the infamous “What would you grab if your house was on fire?” question.

For me, I’d grab an old keepsake box filled with things from my childhood, my engagement ring, my phone and computer (for pictures and writings!), and an old Iowa sweatshirt of my dad’s.

But I’d also have to say that my identity, social security number, credit cards, and bank accounts are valuable to me.

While these things can’t exactly burn down in a fire, theycanbe stolen … and if I were to ask a computer hacker what they thought my most valuable possessions were, they’d probably quote the intangible.

That’s why we’ve compiled this guide on cybersecurity. Below, we’ll talk about why you should care about cybersecurity, how to secure your and your customer’s digital data, and what resources to follow to stay up-to-date with emerging tech.

Personal data is incredibly valuable. Hackers know it, and businesses know it. That’s why both go to great lengths to collect it — albeit one following a much more legal and moral avenue to do so.

Unfortunately, as technology and data collection practices progress, so do the methods that hackers follow to steal data. As business owners, we have a special responsibility to protect our customers’ data and be transparent with our practices.

为什么您应该关心网络安全

In the first half of 2019, data breaches exposedover 4 billion records。Moreover, a recent study found that hackers attackevery 39 seconds— that adds up to, on average, 2,244 attacks per day.

中小型企业（SMB）尤其处于危险之中。您可能会看到像Target和Sears这样的公司成为头条新闻的最高数据泄露受害者，但实际上是黑客更喜欢目标的SMB。

为什么？与您的普通消费者相比，它们拥有更多（更有价值）的数字资产，但比大型企业级公司更少的安全性……将它们置于“raybet电子竞技黑客的网络安全甜点。”

Security breaches are frustrating and frightening for both businesses and consumers.Studies showthat, after a company data breach, many consumers take a break from shopping at that business — and some consumers quit altogether.

但网络安全不仅仅是避免a PR nightmare. Investing in cybersecurity builds trust with your customers. It encourages transparency and reduces friction as customers become advocates for your brand.

“Everyone has a role in helping to protect customers’ data. Here at HubSpot, every employee is empowered to solve for customer needs in a safe and secure way. We want to harness everyone’s energy to provide a platform that customers trust to correctly and safely store their data.” — Chris McLellan, HubSpot Chief Security Officer

Keep your business ahead of the tech curve with the tips, systems & recommended resources in our guide to staying current on emerging tech.

网络安全条款要知道

网络安全是一个非常令人生畏的话题，与众不同cryptocurrencyandartificial intelligence。It can be hard to understand, and, frankly, it sounds kind of ominous and complicated.

But fear not. We’re here to break this topic down into digestible pieces that you can rebuild into your own cybersecurity strategy. Bookmark this post to keep this handy glossary at your fingertips.

这是您应该知道的一般网络安全术语的全面列表。

Authentication

Authentication is the process of verifying who you are. Your passwords authenticate that you really are the person who should have the corresponding username. When you show your ID (e.g., driver’s license, etc), the fact that your picture generally looks like you is a way of authenticating that the name, age, and address on the ID belong to you. Many organizations usetwo-factor authentication, which we cover later。

Backup

A backup refers to the process of transferring important data to a secure location like a cloud storage system or an external hard drive. Backups let you recover your systems to a healthy state in case of a cyber attack or system crash.

Data Breach

Adata breachrefers to the moment a hacker gains unauthorized entry or access to a company’s or an individual’s data.

Digital Certificate

A digital certificate, also known as an identity certificate or public key certificate, is a type of passcode used to securely exchange data over the internet. It’s essentially a digital file embedded in a device or piece of hardware that provides authentication when it sends and receives data to and from another device or server.

加密

加密是使用代码和密码来加密数据的实践。当数据加密后，计算机会使用键将数据转换为难以理解的Gibberish。只有具有正确键的收件人才能解密数据。如果攻击者可以访问强大的加密数据，但没有密钥，他们将无法看到未加密版本。

HTTP and HTTPS

Hypertext Transfer Protocol (HTTP) ishow web browsers communicate。You’ll probably see anhttp://要么https://in front of the websites you visit. HTTP and HTTPS are the same, except HTTPS encrypts all data sent between you and the web server — hence the “S” for security. Today, nearly all websites use HTTPS to improve the privacy of your data.

Vulnerability

A vulnerability is a place of weakness that a hacker might exploit when launching a cyber attack. Vulnerabilities might be software bugs that need to be patched, or a password reset process that can be triggered by unauthorized people.Defensive cybersecurity measures (like the ones we talk about later)help ensure data is protected by putting layers of protections between attackers and the things they’re trying to do or access.

网络攻击是故意的，通常是捕获，修改或删除私人数据的恶意意图。网络攻击是由外部安全黑客犯下的，有时是由被妥协的用户或员工无意中的。These cyber attacksare committed for a variety of reasons.The majority are looking for ransom, while some are simply launched for fun.

这是四个最常见的网络威胁。

1.密码猜测（蛮力）攻击

A password guessing (or “credential stuffing”) attack is when an attacker continually attempts to guess usernames and passwords. This attack will often use known username and password combinations from past data breaches. An attacker is successful when people use weak passwords or use the password between different systems (e.g., when your Facebook and Twitter password are the same, etc). Your best defense against this kind of attack is using strong passwords and avoiding using the same password in multiple places as well as using two factor authentication,as we talk about later。)

2.分布式拒绝服务(DDoS)tack

A distributed denial of service (DDoS) attack is when a hacker floods a network or system with a ton of activity (such as messages, requests, or web traffic) in order to paralyze it. This is typically done usingbotnets, which are groups of internet-connected devices (e.g., laptops, light bulbs, game consoles, servers, etc) infected by viruses that allow a hacker to harness them into performing many kinds of attacks.

3.恶意软件攻击

Malware refers to all types of malicious software used by hackers to infiltrate computers and networks and collect susceptible private data. Types of malware include:

• Keyloggers, which track everything a person types on their keyboard. Keyloggers are usually used to capture passwords and other private information, such as social security numbers.
• Ransomware, which encrypts data and holds it hostage, forcing users to pay a ransom in order to unlock and regain access to their data.
• Spyware, which monitors and “spies” on user activity on behalf of a hacker.

此外，恶意软件可以通过：

• Trojan horses,通过一个看似benig感染电脑n entry point, often disguised as a legitimate application or other piece of software.
• 病毒, which corrupt, erase, modify, or capture data and, at times,physically damage computers。病毒can spread from computer to computer, including when they are unintentionally installed by compromised users.
• Worms, which are designed to self-replicate and autonomously spread through all connected computers that are susceptible to the same vulnerabilities. .

4.网络钓鱼攻击

Aphishing attackis when hackers try to trick people into doing something. Phishing scams can be delivered through a seemingly legitimate download, link, or message. It’s a very common type of cyber attack —over 75% of organizations fell victim to phishing in 2018。Phishing is typically done over email or through a fake website; it’s also known asspoofing。Additionally,spear phishingrefers to when a hacker focuses on attacking a particular person or company, instead of creating more general-purpose spams.

Cybersecurity Best Practices: How to Secure Your Data

网络安全不能归结为1-2-3步的过程。确保数据涉及最佳实践和防御性网络安全技术。将时间和资源用于两者是保护您和客户数​​reybet雷竞技下载据的最佳方法。

Defensive Cybersecurity Solutions

All businesses should invest in preventative cybersecurity solutions. Implementing these systems and adoptinggood cybersecurity habits (which we discuss next)will protect your network and computers from outside threats.

Here’s a list of six defensive cybersecurity systems and software options that can prevent cyber attacks — and the inevitable headache that follows. Consider combining these solutions to cover all your digital bases.

防毒软件雷竞技苹果下载官方版

Antivirus software is the digital equivalent of taking that vitamin C boost during flu season. It’s a preventative measure that monitors for bugs. The job of antivirus software is to detect viruses on your computer and remove them, much like vitamin C does when bad things enter your immune system. (Spoken like a true medical professional …) Antivirus software also alerts you to potentially unsafe web pages and software.

Learn more:McAfee,Norton。要么熊猫(for free)

Firewall

Afirewallis a digital wall that keeps malicious users and software out of your computer. It uses a filter that assesses the safety and legitimacy of everything that wants to enter your computer; it’s like an invisible judge that sits between you and the internet. Firewalls are both software and hardware-based.

Learn more:McAfee Livesafe要么卡巴斯基互联网安全

Single Sign-On (SSO)

单登录（SSO）是一种集中式身份验证服务，通过该服务，一个登录名来访问整个帐户和软件平台。雷竞技苹果下载官方版如果您曾经使用过Google帐户注册或进入帐户，则使用了SSO。企业和公司使用SSO允许员工访问包含专有数据的内部应用程序。

Learn more:Okta要么LastPass

Two-Factor Authentication (2FA)

Two-factor authentication (2FA)is a login process that requires a username or pin numberandaccess to an external device or account, such as an email address, phone number, or security software. 2FA requires users to confirm their identity through both and, because of that, is far more secure than single factor authentication.

Learn more:Duo

Virtual Private Network (VPN)

虚拟专用网络（VPN）创建了一个“隧道”，您的数据输入和退出Web服务器时会通过该隧道传播。该隧道对您的数据进行加密并保护您的数据，以免黑客或恶意软件读取（或监视）。雷竞技苹果下载官方版虽然VPN可以防止间谍软件，但它无法阻止病毒通过看似合法的频道（例如网络钓鱼甚至是假VPN链接）进入计算机。因此，VPN应与其他防御性网络安全措施相结合，以保护您的数据。

Learn more:Cisco's AnyConnect要么Palo Alto Networks’ GlobalProtect

Cybersecurity Tips for Business

除非您这样做，否则防御性网络安全解决方案将行不通。为了确保您的业务和客户数据得到保护，请在组织中采用这些良好的网络安全习惯。

Require strong credentials.

需要您的员工和用户（如果适用）来创建强密码。这可以通过实现最小的字符以及需要上下小写字母，数字和符号来完成。个人和机器人都很难猜测更复杂的密码。另外，要求定期更改密码。

控制和监控员工活动。

Within your business, only give access to important data to authorized employees who need it for their job. Prohibit data from sharing outside the organization, require permission for external software downloads, and encourage employees to lock their computers and accounts whenever not in use.

Know your network.

With the rise of theInternet of Things, IoT devices are popping up on company networks like crazy. These devices, which are not under company management, can introduce risk as they’re often unsecured and run vulnerable software that can be exploited by hackers and provide a direct pathway into an internal network.

“Make sure you have visibility into all the IoT devices on your network. Everything on your corporate network should be identified, properly categorized, and controlled. By knowing what devices are on your network, controlling how they connect to it, and monitoring them for suspicious activities, you'll drastically reduce the landscape attackers are playing on.” — Nick Duda, Principal Security Officer at HubSpot

Read about how HubSpot gains device visibility and automates security management inthis case study compiled by security software ForeScout。

定期下载补丁和更新。

Software vendors regularly release updates that address and fix vulnerabilities. Keep your software safe by updating it on a consistent basis. Consider configuring your software to update automatically so you never forget.

Make it easy for employees to escalate issues.

If your employee comes across a phishing email or compromised web page, you want to know immediately. Set up a system for receiving these issues from employees by dedicating an inbox to these notifications or creating a form that people can fill out.

个人的网络安全提示

网络威胁也会影响您作为个人消费者和互联网用户。采用这些良好的习惯来保护您的个人数据并避免网络攻击。

混合密码。

Using the same password for all your important accounts is the digital equivalent of leaving a spare key under your front doormat. A最近的研究found that over 80% of data breaches were a result of weak or stolen passwords. Even if a business or software account doesn’t require a strong password, always choose one that has a mix of letters, numbers, and symbols and change it regularly.

Monitor your bank accounts and credit frequently.

回顾你的语句,信用报告,和其他critical data on a regular basis and report any suspicious activity. Additionally, only release your social security number when absolutely necessary.

Be intentional online.

Keep an eye out for phishing emails or illegitimate downloads. If a link or website looks fishy (ha — get it?), itprobablyis. Look for bad spelling and grammar, suspicious URLs, and mismatched email addresses. Lastly, download antivirus and security software to alert you of potential and known malware sources.

Back up your data regularly.

This habit is good for businesses and individuals to master — data can be compromised for both parties. Consider backups on both cloud and physical locations, such as a hard drive or thumb drive.

网络安全资源reybet雷竞技下载

To learn more about cybersecurity and how to better equip your business and team, tap into the resources below. Check out some of the most流行的网络安全播客andcybersecurity blogs, too.

国家标准技术研究所（NIST）

NISTis a government agency that promotes excellence in science and industry. It also contains aCybersecurity departmentand routinely publishes guides that standards.

Bookmark:The Computer Security Resource Center (CSRC) for security best practices, calledNIST Special Publications (SPs)。

The Center for Internet Security (CIS)

CISis a global, non-profit security resource and IT community used and trusted by experts in the field.

Bookmark: TheCIS前20个关键安全控制, which is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today. It was developed by leading security experts from around the world and is refined and validated every year.

Cybrary

Cybraryis an online cybersecurity education resource. It offers mostly free, full-length educational videos, certifications, and more for all kinds of cybersecurity topics and specializations.

Signing Off … Securely

Cyber attacks may be intimidating, but cybersecurity as a topic doesn’t have to be. It’s imperative to be prepared and armed, especially if you’re handling others’ data. Businesses should dedicate time and resources to protecting their computers, servers, networks, and software and should stay up-to-date with emerging tech. Handling data with care only makes your business more trustworthy and transparent — and your customers more loyal.

Note: Any legal information in this content is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice or as a recommendation of any particular legal understanding.

编者注：该帖子最初于2019年2月发表，并已更新以进行全面性。