A Guide to Cybersecurity [2022]

The word “cyber” refers to all things related to computers, information technology, and virtual reality. It includes the technology and processes designed to protect networks and devices from data breaches, identity theft, damage, and unauthorized access. Cybersecurity awareness is important for organizations as well as personal use (devices such as phones, computers, and tablets.) It is also important for the military, hospitals, as well as large and small corporations. Understanding cybersecurity, implementing defensive and offensive cyber protocols, and practicing continued diligence in staying up to date are all essential. Staying cyber secure starts with you.

Why is cybersecurity so important?

Proper use and knowledge of cybersecurity helps your organization and home create or maintain a defensive posture against cyber-attacks and breaches. These include unauthorized access, unauthorized deletion, and unauthorized modifications. This same proper use and knowledge helps prepare your organization or home offensively in the case of an attack or breach.  It is important to realize that not all breaches, attacks, or threats come externally (although a majority do). Some incidents may originate internally, with either malicious intent or incidents that occurred inadvertently. Everyone within an organization and in your home is responsible for cyber safety. Cybersecurity safeguards your systems, computers, and data from attacks that can lead to interruptions in services, information theft, or exposure of personal information

What are the main aspects of cybersecurity?

There are three pillars to cybersecurity, known as the CIA Triad. The three components stand for confidentiality, integrity, and availability. These are fundamentals when building your cybersecurity strategies.  

  • Confidentiality – Only authorized parties have access to your sensitive information and functions.
  • Integrity – Only authorized individuals may alter/add/remove sensitive information or functions.
  • Availability – Systems, functions, and data must be available on demand based on pre-determined, agreed-upon parameters. 

What are the most common types of cyber-attacks or threats?

  • Ransomware – Software that blocks access to a computer system. Without access to your files, the ransomware designer will ask for a ransom to be paid to unlock your files so you regain access.
  • Malware – Software that interferes with your computer’s normal functioning. These are viruses, trojans, or other malicious programs that infect your system or network. They may disrupt or damage your computer system or allow for unauthorized access to confidential information.
  • Phishing – The attempt to steal confidential information (credit card numbers, passwords, log-in information) through the use of email or other electronic communication forms. Typically, these appear to come from a reliable source. 
  • Social Engineering – A manipulation technique used to exploit the human error factor in cybersecurity. The goal is to steal private, personal, and financial information.
  • Denial of Service (DoS)/Distributed Denial of Service (DDoS) – Attacks that are intended to make an online service unavailable to its intended users on the internet. 
  • Man in the Middle Attacks (MitM) – Communication where two parties believe they are talking with each other but a ‘man in the middle secretly intercepts the information. The attacker controls the conversation and relays messages between the two parties. 
  • Cross-site Scripting Attacks (XSS) – Malicious scripts are injected into the code of a trusted website or application. The malicious link appears enticing and is clicked on by a user. This allows for code injection.
  • SQL Injection Attacks – Malicious SQL code is injected into an application allowing for backend database manipulation that provides access to confidential information.

Interesting fact: Injection attacks, which include XXS and SQL attacks, were the third most serious web application security risk in 2021.

What are the best practices to strengthen your cybersecurity?

Everyone within an organization and in your home is responsible for cyber safety. Increasing the cybersecurity awareness of all your employees or family members is critical. Creating, following, and updating your cybersecurity policies is key. Good cybersecurity involves multiple layers of protection using a combination of technology and best practices. Putting these practices in place does not guarantee you will avoid all attacks and threats. 

This starts with good preventative solutions. Install antivirus and firewall software. Download patches and updates regularly. Do take the time to know and understand what it is you are downloading before you click ‘install’. As an employer, know your network, who is on it, and what access they have been granted. Control and monitor cyber activity. Requiring strong credentials and having clear policies (for example, requirements for passwords that is known to all staff) sets the tone and stage for stronger cybersecurity. Create and follow workplace cyber policies such as Acceptable Use, Data Classification, Data Security, and Data Destruction.

At both work and home, passwords should be unique for different login credentials. At home, make it a habit to monitor your bank and credit accounts regularly. Frequently back up your data so that you have the most recent data and information possible in the case of a breach or attack. Be intentional online. This is very important with social media use. If you would not write something on a postcard and mail it, then do not put it on social media. Never post about traveling while you are traveling. 

Hint: you can back-post information or photos you do want to share on social media. These posts can play out, one day at a time, as if you were traveling but when you are back in your home and at work. 

How can I teach myself or gain more knowledge in cybersecurity?

There are many options throughout Montana. These include in-person, online, asynchronous, and rapid training program options. Individuals may take an introductory course to learn about cybersecurity, work towards a Certificate of Technical Studies, or pursue further higher education opportunities and degrees. Online options are available for work teams or individuals, including Security Awareness Training and Workforce Development. If you are in sixth grade through adulthood, CyberMontana offers learning and training opportunities for you. 

Keep Montana Cyber-secure

Cybersecurity awareness and in-house cybersecurity strategies are necessary best practices for any business or household. An array of options and opportunities are available to assist you in your cybersecurity growth. The first step is to define your need (awareness training, career opportunities, developing your workforce, a need for resources, or a need for incident response.) The second step is to do some research. The resource that is right for you is out there. CyberMontana does provide a variety of leads on our website, with the goal of continuing to add more statewide opportunities already available in the state. Consider your options (local/remote/in-person/online). Do a search that meets your needs. If you need help defining those needs, you may always contact us and we will connect you with the right resource in Montana.

Sources:

What is CyberMontnana’s Security Awareness Training?

We know that almost 90% of data breaches are caused by human error*; the human factor is very often the weakest link. Security-aware employees are a primary line of defense in our interconnected world. CyberMontana offers ongoing, focused training in cyber vigilance tailored to both employees & employers to help establish best practices in security awareness and aid Montana organizations in becoming more secure. Professional development in security awareness is one of our statewide efforts.

What Does Security Awareness Mean?

Cybersecurity is about being aware and mindful of different day-to-day, common activities. What understanding do end users have about best practices in cybersecurity and the threats that face us every day? Both as individuals and as employees or organizations.  

One interesting practice is to look up your email address and see if it has been a part of any breach. Think about which devices have been used to access that email address and the potential cyber breaches that may have accompanied that one email breach.

What is the cost of training?

CyberMontana is now offering free end-user Security Awareness Training for the months of September, October, and November 2022. We recommend continuing courses and creating a cyber secure environment. If your organization starts training and would like to continue after November 2022, please contact CyberMontana to discuss the cost and make a plan to continue moving forward. 

How long are the courses and how many should we complete?

Lessons are interactive, fully online, can be taken at any time, and are 20-30 minutes each in length. We recommend small businesses spend a week on each lesson. For larger businesses, we recommend two weeks per lesson. Currently, six courses are available, with more being developed. 

What lessons are available?

Currently, six lessons are available, with more being developed. Topics include: 

  • Phishing: The lesson defines phishing (a form of fraud in which an attacker masquerades as a reputable entity or person in email or other forms of communication), how to identify it, and what to do if phishing I suspected. Users are given several examples of phishing emails.
  • Password Creation: Users are taught the importance of proper passwords and how to construct them. Users are given examples of strong and weak passwords and will then practice constructing stronger, unique passwords. 
  • Social Media: Users learn best practices to keep themselves safe on social media. Users learn strong security settings and thoughtful consideration of what they share about themselves and their organization.
  • Malware and Ransomware: The lesson defines malware (malicious software) and ransomware (type of malware that blocks access to devices and/or data, often until payment). The lesson describes what attacks can look like, prevention methods to implement, and what impacts malware can have on an organization.
  • Work From Home: The Lesson focuses on securing the home workspace, work and personal devices, and your network. Users learn the dangers of unknown networks, the importance of securing devices in transit and in public places, and how to handle secure information in public places both on devices and in calls. 
  • Mobile Device: This lesson covers foundational information to keep data safe when using a mobile device. This includes app permissions, phone calls, and network/Bluetooth connection in public areas. It also includes what it means to share information on your mobile devices and what exact information you are sharing with those applications. 

Who should plan for cybersecurity awareness in the workplace?

Both the employer and employee are responsible for security awareness to protect the organization. Both are also responsible for deciding when it is time to learn more about security awareness. CyberMontana works with organizations to set their individual teams up for training. Your organization will designate a point of contact who will work with our point of contact to make sure your team is set up for success. Not all employees have to complete the training. It is important to decide which employees you think would benefit most from learning about cybersecurity.

Lessons can be completed in any order, although we do have a suggested path. There is a pre and post-test for each lesson, with test scores being delivered after each lesson. These reports allow you the opportunity to look at how the training has been beneficial to your organization. We also send reminders out a few days after lessons are sent to employees who have not logged in and started yet. 

Does Montana require SAT for employees?

Individual participants completing 5 of the 6 available lessons over the 3-month period will be awarded a digital badge/certificate of completion in Cybersecurity Awareness Training. Additionally, businesses will be validated as Cyber Aware if 75% of employees complete their assigned lessons.

How does your business benefit from Cybersecurity training?

Cybersecurity training is not required in the state of Montana. There are many benefits to having a cyber background. With the right knowledge, there is a decreased exposure to human-triggered cybersecurity threats. There are also cybersecurity liability insurance requirements often met by these pieces of training. 

Some organizations look for an employee to have a badge or certificate to accompany their training. Individual participants completing 5 of the 6 available lessons over the 3-month period will be awarded a digital badge/certificate of completion in Cybersecurity Awareness Training. Additionally, businesses will be validated as Cyber Aware if 75% of employees complete their assigned lessons.

Conclusion

Please contact CyberMontana if you would like to take advantage of our free end-user Security Awareness Training or any of our other cyber offerings to upskill or re-skill your existing cyber and IT workforce or build your future workforce pipelines with our existing training cohorts.  

*Tessian, 2020. The Psychology of Human Error

Early College Cybersecurity Information Session Overview [Sept. 2022]

No age is too young to start learning about cybersecurity. As an education hub for the state, CyberMontana provides training for a broad range of recipients. We are excited to walk with High School students as they start to develop what their passions are and what paths those passions will lead.  CyberMontana offers two opportunities for High School students to grow in their cybersecurity paths.

Currently, there are over 1,100 job openings annually in the state of Montana. There are about 598,000 cyber jobs available annually nationwide. Almost 90% of data breaches are caused by human error*; the human factor is the weakest link. Security-aware employees are one of the primary defenses in the business world.

Join the discussion about CyberMontana’s Early College Programs:

CyberMontana is holding a virtual event to answer questions regarding our High School options. This event will happen twice. Please join us on either September 14th from 6:30 p.m. – 7 p.m. or on September 21st from 7:00 p.m. – 7:45 p.m. During this time, you will learn about the program, and employment opportunities upon graduation, and hear from the instructors. 

Introduction to Cybersecurity (ITS 191)

Introduction to Cybersecurity provides an online early college option for high school students to explore cybersecurity topics and opportunities for careers. Students will develop a foundational understanding of Cybersecurity and its relation to information and network security. Upon completion of the course, students will earn 3 University of Montana credits. This course introduces students to cybercrime, security principles, technologies, and procedures to defend their networks. 

Cybersecurity Certificate of Technical Studies (CTS)

The Cybersecurity Certificate of Technical Studies is a set of 4 courses (12 credits) that provides students with an entry-level credential that can lead to the Associate of Applied Science degree in Information Technology. This certificate program can be completed in 1-2 years for High School Students. Students would enroll in ITS 215E Fall 2022, starting in October.

Upon completion of the courses, students receive special recognition indicating completion of an NSA-approved Cybersecurity Center of Academic Excellence program of study. Students will have the option of testing for the CompTIA Network+ and Security+ industry-recognized credentials, which are recognized by the U.S. Department of Defense for certain cybersecurity positions. 

Skills gained include:

  • Networking Concepts
  • IT system Components
  • System Administration
  • Fundamental security design principles
  • Cyber-threats and cyber defense
  • Cryptography
  • Policy, legal, ethics, and compliance

Why take these Cybersecurity courses in High School?

Cybersecurity is a need in society that is growing at a rapid rate. Whether used for personal or professional purposes, everyone needs to learn skills needed to keep safe in a technological world. Consider how many devices you use for school, as well as at home. Consider as well how many hands some of those devices have used. Cybersecurity is key to keeping information safe.

High school is a time to start looking at and thinking about the future. Many businesses require their employees to align their skills and certifications with the U.S. Department of Defense 8570 matrix for Information Assurance (Cybersecurity) positions involving:

  • Technical activities such as securing networks and computers
  • Management activities such as ensuring cyber compliance
  • Information Assurance Architecture and Engineering
  • Cyber Security Provider

Preparing yourself to be cyber aware is preparing yourself to be job ready. 

What is the cost of CyberMontana’s Early College Cybersecurity Courses?

Both the ITS 191 course and the Cybersecurity Certificate of Technical Studies are part of the 1-2-Free program. High school students may take up to two university courses (up to 6 credits) tuition free. After the two courses are complete, the cost is $57/credit (the academic year 2022-2023), which is half the standard Missoula college per credit rate.

There is a further scholarship available for students who (themselves or their households:

  • receive free or reduced lunch
  • participate in Montana Healthy Kids and or medicaid
  • receive SNAP or WIC benefits 
  • participate in the Head Start Program
  • are McKinney-Vento participants  
  • receive TANF or SSI benefits 
  • receive a Section 8 Housing Voucher

If you or your family receive any of these services, you are eligible to apply for a scholarship. 

What happens after completing the program?

Upon completion of the program, Students will have the option of testing for the CompTIA Network+ and Security+ industry-recognized credentials. Successful completion of the program sets up students to be prepared for entry-level cybersecurity positions. Students are also able to continue their education by completing an Associate of Applied Science in Information Technology. The 12 credits acquired in the CTS program may be applied to the AAS at the University of Montana, offered through Missoula College.

What are my next steps?

Join us for either an information session, on September 14th from 6:30 p.m. – 7 p.m. or on September 21stfrom 7:00 p.m. – 7:45 p.m. Hear from the professors, meet the cybersecurity staff, and of course, ask your questions! Let’s get started on this cybersecurity adventure together.

What Is the Cyber Rapid Training Certification of Technical Studies?

Cybersecurity is an increasing need in society and throughout the world. The field of cybersecurity is growing at an accelerated pace with about 1,100 cyber jobs available annually in Montana, and about 598,000 cyber jobs available annually nationwide. In Montana, the median hourly wage ranges from about $33 to about $36. Nationwide, the median hourly wage ranges from about $40 to about $50. The Cyber Rapid Training Certificate of Technical Studies Program provides an opportunity for adults to either enter this field or enhance their skill set and join this growing career path.

The Cyber Rapid Training CTS Program is an online, 4-course (12 credit) program on an accelerated 12–15 week academic track, differing from Missoula College’s traditional Cybersecurity CTS which is completed in a 2-semester timeframe. This program incorporates a new wraparound student case management and workforce development support structure to forward academic and career track progression and provide positive student outcomes.

Missoula College is one of two higher education institutions in Montana that has been awarded the designation of National Center of Academic Excellence in Cybersecurity (NCAE-C). Becoming an NCAE-designated institution is a rigorous process. Accredited institutions meet NCAE desired characteristics which include standards for curricular, faculty, and academic excellence.

What is a Certificate of Technical Studies?

A Certificate of Technical Studies (CTS) provides a student with an entry-level credential that can take less time to earn than a degree. Certificate programs often include coursework and testing that allows a graduate to claim mastery of a technical skillset on their resume. A Technical Studies certificate indicates a field of study such as computer science.

Who should enroll?

The Cyber Rapid Training CTS program is designed for two categories of adult learners. This program serves those interested in pivoting into entry-level job roles in the fields of IT and cybersecurity. This short-term academic track is also well-suited for those already positioned in entry-level job roles in these fields, but who are interested in reskilling/upskilling through academic and industry-recognized credentialing and associated career progression opportunities. Due to the nature of an accelerated program, students who work well independently, have strong time-management skills, and are motivated to succeed will thrive. 

What will I learn?

Four courses are required, covering basic networking, operating systems, ethical and legal issues, communication skills, and cybersecurity. Students learn NSA-recognized cybersecurity skills in:

  • Cybersecurity Foundations
  • Cybersecurity Principles
  • IT Systems Components
  • Basic Networking
  • OS Concepts
  • Cyber Threats
  • Policy, Legal, Ethics, and Compliance
  • Security Program Management
  • Security Risk Analysis
  • Basic Cryptography

After successful completion of this CTS program, graduates will be equipped to take the CompTIA Network+ and CompTIA Security+ Industry Recognized Credentials (IRCs). These standard entry-level IRCs are aligned with qualifications for the U.S. Department of Defense Information Assurance Technology and Management job categories. 

The CTS curriculum integrates current Career Readiness Competencies established by the National Association of Colleges and Employers (NACE) to aid students in becoming career ready in soft and hard skills, helping for gainful employment opportunities upon completion of the program.

Graduates of the program qualify for entry to mid-level jobs in the IT and cybersecurity sectors, including Network and Computer System Administrators and Computer Systems or Information Security Analysts.

What should I be prepared for?

This CTS program is an accelerated program. Students should plan to spend about 40 hours per week on course readings, assignments, and quizzes/exams. Before entering this program, it is recommended you speak with any employer and family members to assist and support you in creating dedicated time for coursework. 

Our leadership team devoted time and attention to the intentional laying out of the course sequence and individual course start and end dates. Although start dates and lengths of individual courses are staggered, you will be active in more than one course at a time throughout the semester. You should expect your workload to increase as you move through the semester, with the workload decreasing as you near the last weeks of the semester. 

Included in this Cyber Rapid CTS Program is a wraparound academic and career readiness component. A dedicated staff provides student support services deployed from initial student contact and continues throughout the advising, admissions, enrollment, registration, course progression, and pre-employment phases of the program. 

Where can I take this program? How do I enroll?

The Cyber Rapid Certificate of Technical Studies program is offered through Missoula College. Interested adults should email our Director of Workforce Training & Career Education, Christopher Prosa (christopher.prosa@mso.umt.edu). We will reach out to you to schedule an intake and admissions appointment, and provide you with materials to look at and absorb about the program. Our goal is to be fully transparent about program requirements and the commitment level students should prepare for.

During the intake and admissions appointment, you will answer a series of questions. These questions provide you with additional insight about the program to help you best assess if this accelerated program is right for you. Following the questions, we walk you through the admissions process. The goal of doing this together is to assist you in being coded properly during the admissions process. You want correct coding so that your tuition bill properly reflects the current tuition for this program and you do not run into roadblocks. We provide backend assistance throughout the process.

Once your admission is formally approved, you will schedule a registration appointment. Because the CTS program is offered both in person and online, we want to assist you in making sure you register for the correct course session. Once registered, you have one final step – complete tuition payment and secure course materials.

Tuition to enroll in the Cyber Rapid Training Certification of Technical Studies Program for the 2022-2023 academic year is $2,088.08 plus textbooks/materials. (Textbooks/materials are roughly $400.)

What now?

The Cyber Rapid Training Certification of Technical Studies Program is a valuable, rewarding, fast-track path on your journey toward becoming a cybersecurity professional. For more information visit our website (www.cybermontana.org). To express interest and receive contact from the Cyber Rapid Training CTS Student Case Management Support Services Team, email Christopher Prosa. We look forward to working with and supporting future cybersecurity professionals!