Cybersecurity

Cybersecurity Awareness Training 2025

by

Introduction

Right now, at this very moment, there are thousands of people trying to steal your money, your identity, and wreak havoc on your life. They wanna get rich at your expense, and their schemes never sleep. Do I have your attention? I hope so. My name is Ryan Burns, The Cyber Guy, and over the next few minutes, I’m going to be talking about cyber crimes, cybersecurity, and what you can do to prevent yourself and your organization from becoming a cyber victim.

Cyber security

Hacker Hank Appears

  • [Hank] Hey, wait, Ryan, what are ya doing without me?
  • Oh, no, Hacker Hank, everyone’s favorite cyber criminal.
  • [Hank] Ryan, you know it’s a few things about cyber crimes, but I’ve been thriving in those digital streets since the internet was just a little baby that Al Gore put to sleep with a little bottle at night. You need some real insider information.
  • Well, okay, Hank, thank you, sort of, for coming back. Back to where I was. What is cybersecurity and why does it matter? Let’s answer the second question first. In 2021, cyber crimes cost Texans over $600 million in losses, and affected over 40,000 victims.
  • [Hank] Yep, my cronies and I have been doing strong work out there, and you know who our biggest target was? The public sector.
  • I know, meaning cities and organizations just like you.
  • [Hank] Yep, taking it to the man. Cyber crimes and cyber criminals aren’t just fodder for fiction novels and movies. They are real. So back to the first question, what is cybersecurity?
  • [Hank] I know a bit about that. How to hack, but also how to stop hackers just like me.
  • So please remind everyone why such a vile and notorious hacker like you would be willing to help us out.
  • [Hank] Sure, Ryan. I’ve been hacking ever since I was a little boy, when I hacked the Pac-Man game at my local arcade to give myself the highest score. I’ve been hooked on hacking ever since, but when it comes to hacking cities, I’ve just gotten bored. I’ve been using the same old tricks for years, and I need a new challenge. I want cities to level it up, plus I have a lot of enemies in the biz, and they’re all getting rich way too easily. So I’m sharing all my tried and true methods in hope cities will wise up and shut off the funnel that’s funding my foes.
  • That’s very generous.
  • [Hank] Don’t get used to it, Ryan. I wanna fund my trips to The Bahamas, but stop all those two-bit hackers from their beach vacations.
Cybersecurity

What is Cybersecurity?

Okay, so let’s talk about cybersecurity, which is the practice of protecting networks, devices, and data from unauthorized access. First, we’re going to talk about the types of data in your organization so we know what we’re protecting.

  • [Hank] And stealing.
  • [Ryan] Not if we’re doing things right. Second, we’ll discuss the four pillars of cybersecurity.
  • [Hank] The towers I love to topple.
  • [Ryan] Third, we’ll discuss common cyber threats.
  • [Hank] My personal playground.
  • [Ryan] But also best practices to avoid them.
  • [Hank] Make me work for it, Ryan.
    And finally, how to respond and report a crime if it does occur. You ready, Hank?
  • [Hank] A good hacker’s always ready, Ryan.

Types of Information to Protect

The first step for information security is knowing what types of information you have, and what you’re responsible to protect. There are five major levels of information. The least sensitive level is public information. It’s typically general information about your city, number of employees, address.

  • [Hank] Boring. Everybody knows this stuff. I can’t really make money off of it, Ryan,
    Right, it isn’t sensitive, and wouldn’t hurt you if it was disclosed. So it requires very little protection. With each rising level, the data becomes more sensitive and requires more consideration and layers of protection. Proprietary information is information that gives you the competitive advantage that you don’t want the world to know. Private information relates to employees or sensitive policies, great for HR to know, bad for hackers to steal. Confidential information is data that helps within the organization, but that you might not want competitors to find out. The highest is your sensitive data. This is the information that could truly harm your city or organization if disclosed and therefore requires the highest integrity and the most limited access.
  • I can make money off every level above public. It sells on the dark web like candy, or I can use it to ransom your organization and make you pay me to get it back. It’s a blast.
    So take an inventory of what information you have access to and what you’re doing to protect it, or better yet, what you should be doing.
Cybersecurity

The Four Pillars of Cybersecurity

  • [Hank] I love data, and as they say, data’s knowledge, and knowledge is power, and power is money in my pocket, money I can spend when I go to Barbados every year. Now I can hack this data at lots of levels, but there are four main pillars. Think of these as doorways into your organization. There’s the machine level. These are your physical devices. Say you lose your phone or a laptop. I find it, boom. Or if you’ve got a hacker in your workplace, and you leave your workstation unattended. Boom, we’ve got you again. I’ll hack your machine in a number of ways. Weak passwords, obsolete antivirus software, unprotected flash devices, lack of controls when you’re on a public network, or lack of administrator controls that would prevent me from tossing on a fun little malware program.
    Next up, the data level. This is the data itself, stored on a hard drive or in the cloud. Most employees aren’t aware of how much data they have, or where it’s all stored. But what happens when a hacker holds it for ransom, or it gets completely wiped out? Is it backed up? Is it protected? Organizations put their data level at risk when employees aren’t aware of the data created and the cost of losing it. Offsite backups aren’t done or not done regularly. Employees don’t believe their data is valuable enough for an attack, or data isn’t encrypted to protect it from hackers.
  • [Hank] You know, Ryan, I’m not above dumpster diving for all the computers just to see what data I can find on those tossed out hard drives.
    Why does that not surprise me, Hank?
    Next up is the network level. If I can hack your network, I can get to every connected computer and its data. No computer is an island these days, Ryan. We’re all connected. This stuff is much easier to hack when there isn’t a firewall or antivirus software. You aren’t doing scans at search for my malware, meaning my evil software will have longer to do its thing. There are no offsite backups. That way, I will know you’ll pay me lots of cash to get your data back, or there are no administrator controls on networks. And finally, my best friend, the internet level, connecting all the world’s knowledge and computers and data. And if you’re not careful, when and where you connect, boom, I’m gonna get you. You think you’re just having a little latte and doing some work, but I’m still in a latte of your information while you’re just sipping on your little coffee.
  • That’s a good one, Hank.
  • [Hank] Thanks Ryan, I’ve worked on that one for a while.
    Your internet level is at risk when your organization has no controls over when and where team members connect to the internet, public wifi is used continuously with no regard for risks, administrators do not limit access or control, work devices are used away from the workplace repeatedly, or employees are simply unaware of the risks.

How Cyber Attacks Work

Now Hank, tell us how you and your friends actually hack in and commit these crimes.

  • [Hank] Happily, Ryan, but don’t call the other hackers my friends. I’m a lone wolf on the prowl for data. I want your information or sometimes, I just wanna mess everything up and watch your world burn.
  • That’s messed up, Hank.
  • [Hank] Hacker’s gonna hack, brother, but hackers like me can hurt in a number of ways. We can steal your information, modify it, or I can just gain access and do whatever I want. My criminal mind loves all of these. After I have it, I can sell it for a profit. I can ransom your organization, or I can do really mean things like make all of your direct deposit paychecks go into my bank account. Basic stuff, Ryan.
    He’s right, and he’s a threat. So let’s look at the definition. A threat is the potential targeting of a network or system in an attempt to damage, harm, or disrupt its capability to operate. This targeting can potentially impact the confidentiality, integrity, and availability of your organization’s data.
Cyber security

Who is a Threat Actor?

Alright, so who is a threat actor, besides Hank here? Well, it’s anyone who tries to exploit vulnerabilities in an organization’s system or users. They profit, financially or otherwise, damage the victim or organization either financially or reputationally, gather data to trade it or sell it, or in his case, just evil curiosity. We don’t often know why threat actors choose the crimes they do, but we have to be on the ready.

Leave a Comment

© 2025 Marketer â€¢ Built with GeneratePress
Privacy Policy Terms Contact