How to
Jonathan Crowe
Nov 2015

10 Fundamental Cybersecurity Lessons for Beginners

Photo by: Padurariu Alexandru

Data breaches. Ransomware. State-of-the-art attacks targeting big corporations and small businesses alike. Rarely a day goes by without another reminder in the headlines that improving security should be a top priority.

Of course, there's a big difference between knowing you should improve security and knowing how to get started.

That's where our latest eBook, Cybersecurity Made Simple: A Getting Started Guide comes in. Check it out. We'd love your feedback.

With this guide, we set out to do two things:

  1. Clear up the misconception that you need to be an expert to understand security basics.
  2. Provide you with a simple framework that enables you to boil down your top security challenges and take action now.

You can download the complete eBook here. As a sneak peek, I've rounded up 10 core lessons from the guide that will help you understand your top security priorities and lay the foundation for a successful security initiative.

10 Fundamental Cybersecurity Lessons for Beginners

  1. “More” is not a strategy. Gartner estimates global spending on IT security will reach $100 billion in 2018. Clearly, the prevailing attitude is we need to be doing (and spending) more. But before you spend a dime on security you need to develop both clarity and buy-in around your top priorities and goals. If you start shopping for solutions before you understand your specific needs you'll run the risk of buying a hammer when your problem isn’t really a nail.
  2. Security isn’t just one person’s responsibility. To be truly effective, you need to develop a culture of security that transforms it into a company-wide effort. That said, you do need someone with expertise actively owning and managing security, even if you plan on outsourcing. Spending money on solutions is a waste if no one knows how to leverage them properly (or, in the case of outsourcing, hold them accountable).
  3. Outsourcing can make sense. But only if you have a clearly-defined goal to achieve or problem to solve, and only if you can find the right provider who can deliver on those specific needs. Download the eBook for a list of 10 things to consider to evaluate managed security service providers.
  4. The biggest threat you face isn't from an attacker, it's complacency. Improving security can require significant organizational change, and change requires buy-in. The most important thing you can do is convince leadership that security is important and worth investing in.
  5. Leadership only cares about security as it relates to the business. The key to a productive “buy-in” conversation is not to focus on how the business can improve security, but how security can improve the business. You'll find more tips and stats to help you make the business case for security in the eBook.
  6. Size does matter (but not in the way you think). Despite the prevalence of large company data breaches in the headlines, small actually doesn’t mean safe. In 2014, 60% of attacks were targeted toward small- to medium-sized businesses. But while they typically have fewer resources to utilize against threats, small businesses also have several natural advantages they can leverage. Find out what they are here.
  7. Spending isn’t what makes you secure. Don’t waste your money and political capital trying to keep up with the Joneses. Focus on addressing your own priorities and needs.
  8. There’s power in simplicity. “Big security” isn’t always better security. Expanding your coverage has obvious benefits in terms of reducing risk, but it can also introduce complexity, cost, and noise. The key is to determine your goals and risk tolerance and invest accordingly with an eye toward keeping things simple and streamlined as long as you can.
  9. Good security comes in layers. When evaluating solutions, it's important to understand not only the potential benefits and limiting factors of individual solutions, but how they can boost overall effectiveness when paired with other technology. See how the top security technologies integrate with one another by downloading the eBook.
  10. Improving security isn’t a one-and-done activity. It requires an ongoing, active, and iterative approach.
Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


2017 Cybersecurity Checklist

Are you focusing on the right things to protect your company against the latest threats? Find out now.

Get my checklist


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.