Cyber security: how to protect yourself (and your business) from cyber threats

9 minutes

The internet gives us a portal into the world, but sometimes the world reaches back. Without proper cyber security, our most sensitive information may be vulnerable to data breaches and malicious attacks.

Even if your computer systems are equipped with antivirus software, it's usually not enough to protect you against all cyber threats. Below you'll find some of today's best practices when it comes to cyber security so that you can protect yourself and your data.

What is cyber security?

Cyber security (also known as information technology security) refers to a set of practices that protect computer systems, mobile devices, networks, and data from cyberattacks. Modern cyber security professionals often divide these security measures into several categories, including:

Network security

Network security protects an entire computer network from security threats, including malicious software (malware) or targeted attacks.

Information security

Information security broadly refers to the protection of sensitive data. Proper information security is designed to protect you from data breaches and malware that damages your data's integrity.

Application security

Application security focuses on specific devices and the software that powers them. It frequently starts in the design stage, creating programs that protect against cyberattacks.

Operational security

Operational security refers to a set of practices for granting users access to data and best procedures for storing and sharing this information.

End-user education

Cybersecurity education teaches users how to navigate the web without falling victim to cyber criminals, malicious software, or phishing scams. A cyber security training program might start by teaching users not to open suspicious email attachments or plug in unidentified USB devices.

Disaster recovery/business continuity

After a cyber-attack occurs, your organization needs to have ways to prevent fraud to ensure business continuity. These practices are designed to restore services and allow you to continue operating, even if you have lost access to certain resources or your computer system has been compromised.

What is a cyber attack?

A cyber attack is any deliberate attempt to alter or steal sensitive data or disrupt your operations. Cyber attackers can include corporate spies, terrorists, or even just lone actors and white-collar criminals.

It's a bigger problem than you might think. Data from 2022 shows that cybercriminals can penetrate 93% of company networks, yet fewer than 50% of U.S. businesses have a cyber security plan in place.

This oversight is partially responsible for the phishing attacks and other online scams that affect millions of consumers nationwide, resulting in billions of dollars lost to cyber criminals.

Types of cyber security threats

Compounding this threat is the growing number of cyber threats you must watch out for. Common cyber threats include:


Malicious software or "malware" refers to software that cyber attackers use to disrupt or damage your computer system. Common forms of malware include:

  • Viruses: Programs that "infect" your computer and spread malicious code
  • Trojans: Malware disguised as legitimate software
  • Spyware: Monitors a user's activities and can gain access to sensitive information
  • Adware: Advertising software that can spread or distribute malware
  • Ransomware: Locks your computer system until you pay a ransom

Malware can come from many sources, some of which may appear legitimate. This widespread availability is why it's important not to open unsolicited email attachments or download programs from unfamiliar websites.


In a phishing attack, a cybercriminal will disguise their inquiry as a legitimate form of communication, often from a financial institution such as your bank or the IRS. They will attempt to steal data by convincing you to provide your financial information (such as your bank account number or credit card details) or install malware on your computer system.

Some phishing scams are downright seductive — literally. The Cybersecurity & Infrastructure Security Agency warns of the rise of "romance scams," where a hacker impersonates a love interest to gain access to your passwords or financial data.

Denial of service

A denial of service (DoS) attack overwhelms your computer or network so that it can't respond to any online requests. When your computer systems are disabled, cybercriminals will seize the opportunity to conduct other types of cyberattacks.

A distributed denial of service (DDoS) attack works the same way, though the attack originates from a whole network of devices rather than an individual computer. "Botnets" are the networks used to mount DDoS attacks and are created when a hacker infects many computer systems and takes full control, leveraging them to abusive ends.

SQL injection

This cyber attack inserts malware into servers that rely on Structured Query Language (SQL). The server releases information when infected with this malicious code, allowing cyber attackers to steal sensitive data.


A man-in-the-middle (MITM) attack occurs when an attacker inserts themselves in a two-party transaction. This type of interception allows the attacker to steal data or install malware and is common when using public or unsecured WiFi networks.

Password attack

Cyber attackers can also gain access to your computer by using your password. Sometimes, attackers can deduce your password through social engineering methods.

You've probably seen those clever little social media games — "Name your first pet," "What was your first car?" and so on. These games are actually social engineering exercises designed to guess your password and hack into your accounts.

How to prepare for a cyber attack and prevent fraud

With so many cyber threats, you'll need to prepare for security risks proactively. Here are some of the best online safety tips that can help individuals prevent security breaches and protect themselves from cyberattacks:

1. Update your computer software/operating systems

One of the most basic cyber security measures you can take is to keep your operating systems up-to-date. This advice goes for your computer itself, as well as any mobile devices that are connected to the internet.

Doing so will connect you to the latest cyber security patches associated with that software. Depending on your operating system, attackers may have a harder time designing viruses that work with your latest update, which can protect you from malware.

2. Install antivirus software

Your computer may already come with some form of protection against malware. These built-in security measures can protect systems from most malicious actors, but if you spend a great deal of time on the web, you'll want to adopt software that has the power to detect and remove cyber threats.

Many third-party manufacturers offer some type of cyber security software package. Companies like Kaspersky, Norton, and Webroot are trusted by cyber security professionals, and these platforms can also offer continuous protection through a subscription package.

3. Change your passwords regularly

You should always use strong passwords to protect your accounts from intruders. Strong passwords typically include letters, numbers, and special characters like " _," "#," and "$." Using a capital letter will also add strength to your password.

Cybersecurity professionals also recommend changing your passwords regularly. That way, you'll be protected from password-guessing or brute force attacks.

Here's a tip: jot down your passwords in a secure notebook and keep it in your desk. That way, your passwords stay organized but out of the hands of anyone who might gain access to your computer or mobile device.

4. Don't open unsolicited email attachments

Unless you're expecting an email attachment from someone you trust, don't open any attachment you receive. Malicious code might be lurking inside that attachment, and opening it will expose an otherwise secure system to a cyber security threat.

Be careful because many attackers impersonate people you know when sending these attachments. In other cases, a friend or family member's computer might have been compromised, and the malware on their system is now using their contact list to spread throughout the web.

Similarly, you may receive emails that contain suspicious links. Be very careful when clicking these links, as they may also be masking malicious code that can compromise your system or cause a data breach.

Don't fall for scams, either. Some of these dangerous links will be sent by those claiming to represent someone you know or even the federal government.

For example, you might get an email from someone claiming to be the IRS, your bank, or another authoritative agency. They may pressure you to click a link to resolve a problem or dispute, but these links are designed to collect your data or harvest your personal information.

6. Avoid public WiFi networks

Public WiFi networks are a hacker's dream come true. Cyber security professionals often warn that network security is substandard and can leave you vulnerable to cyber threats.

One writer summarizes it this way: "Don't connect to a public WiFi anywhere you wouldn't go barefoot." If you'd be squeamish about taking your shoes off in an airport, park, or other public space, you might also think twice about connecting to the public WiFi.

How to protect your business from cyber fraud

These practices are great ways to protect individuals from cyberattacks, but how do you protect your business from these security threats? Here are some tips to improve the security of your workplace:

1. Provide cyber security awareness training

Equip your workers to recognize and respond to cyber security threats. This approach means teaching your employees the above habits and emphasizing the need to rely on secure websites while being wary of suspicious emails and links.

2. Assign someone to be in charge of your company's cyber security

You may consider delegating your cyber security needs to a single employee. If you have a large organization, you might consider hiring someone with specific training in cyber security. For example, a chief information security officer (CISO) is a managerial position that will oversee your company's overall security plan and data management.

3. Take an inventory of your devices

We tend to think of cyber threats coming mainly through our computer screens. But these days, we have a variety of smart devices connected to the internet. In an age of the "internet of things," we rely on smart speakers, POS systems, and more, all of which can leave customer data and other sensitive data vulnerable to cyberattacks.

Knowing what devices you use can go a long way toward shoring up your defenses and minimizing security risks.

4. Use a secure website for eCommerce

An eCommerce platform may be particularly vulnerable to cyberattacks. Since you're relying on private sector companies to provide you with online tools like for secure payments, ensure they have the necessary protocols to protect information and store the data collected securely.

Streamline your business with the latest software

Today's busy entrepreneurs can use any edge that they can get. That's why Invoice2go offers invoicing tools that can make it easier to submit invoices, get paid, and manage your finances. Sign up for a 30-day free trial, and see how you can take your business into the future.

Frequently asked questions

Here are answers to some of the most common questions regarding cyber security:

Is it true that mobile phones can't get viruses?

Viruses rarely affect mobile phones, but it's not impossible. This condition is especially likely if you frequently connect your smartphone to public WiFi, where network security can be sketchy at best. You can avoid this by practicing good internet safety and installing security tools on your mobile devices.

Am I financially responsible for data breaches in my company?

This inquiry begs a complex question. Cyber security experts say that sometimes you can be held responsible. If you fail to implement the proper security measures, you can be considered negligent, especially if you work in healthcare or another regulated industry.
Likewise, if your customers' sensitive information has been compromised, you must notify them immediately. Some companies offer cyber security insurance to protect you from large-scale cyberattacks.

Does my free antivirus software offer enough protection?

Generally speaking, the free version of any program will never match the performance of one from a major software provider. Most software companies offer essential services that can keep your computer systems secure. This software may be a wise investment for business owners who regularly deal with sensitive customer data.

Créer un compte

Recevez des conseils et des témoignages inspirants directement dans votre boîte de messagerie.