{"id":55047,"date":"2023-10-16T12:18:00","date_gmt":"2023-10-16T16:18:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=55047"},"modified":"2024-11-05T17:51:20","modified_gmt":"2024-11-05T22:51:20","slug":"5-ways-you-can-succeed-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity","title":{"rendered":"5 Ways You Can \u201cKnow Enough to be Dangerous\u201d in Cybersecurity"},"content":{"rendered":"\n<p><em>October is Cybersecurity Awareness Month, and the U.S. Cybersecurity &amp; Infrastructure Security Agency (CISA) is calling on all of us to \u201cSecure Our World,\u201d with a simple message that calls everyone to action \u201cto adopt ongoing cybersecurity habits and improved online safety behaviors.\u201d This month, the JumpCloud blog will focus on helping you empower everyone in your organization to do their part regarding cybersecurity. Tune in throughout the month for more cybersecurity content written specifically for IT professionals.<\/em><\/p>\n\n\n\n<hr>\n\n\n\n<p>IT admins are tasked with becoming security analysts in response to today\u2019s hostile threat environment. That can be a difficult adjustment if it\u2019s new to them and they don\u2019t know where to begin. The onus (and the blame) is on them to act, despite potentially never having received training for or awareness of security best practices to develop a program that will satisfy management and protect the organization.<\/p>\n\n\n\n<p>A formal cybersecurity program is multifaceted and structured to control risks, but there\u2019s a few crucial concepts you should be aware of that will help you get to a place where you know enough to be dangerous. Armed with these core concepts, you can swiftly reduce your organization\u2019s exposure, or, at the very least, have informed discussions with an MSP partner to handle it. There are five main pillars small to medium-sized enterprises (SMEs) should focus on:<\/p>\n\n\n\n<ol>\n<li>Know your assets&nbsp;<\/li>\n\n\n\n<li>Patching<\/li>\n\n\n\n<li>Least privilege computing<\/li>\n\n\n\n<li>Email security<\/li>\n\n\n\n<li>Backups<\/li>\n<\/ol>\n\n\n\n<p>This article examines how to bring those concepts into action.<\/p>\n\n\n\n<p>This advice isn\u2019t an exhaustive checklist: it\u2019s part of a series of articles that provide additional guidance to <a href=\"https:\/\/jumpcloud.com\/blog\/building-security-program\">formalize a security program<\/a>. There are also <a href=\"https:\/\/www.fcc.gov\/general\/cybersecurity-small-business\">resources<\/a> for SMEs available from government entities to help guide you as you get started. IT admins should also consider training and education by pursuing certifications such as ECSS, GSEC, Security+, and SSCP to obtain baseline knowledge. I encourage you to check out my <a href=\"https:\/\/jumpcloud.com\/blog\/cisa-cybersecurity-steps\">journey<\/a> for more perspective.\u00a0<\/p>\n\n\n\n<p>Now, let\u2019s get real for a moment: SMEs don\u2019t necessarily have the capacity to establish a formal program and the typical mandate is always to do more with less. I\u2019ve encountered firms that would shock you when you glimpse behind the corporate veil; don\u2019t be one of them, have a plan, and be more proactive.&nbsp;<\/p>\n\n\n\n<p>That\u2019s where you come in. Be an effective change agent by focusing on the foundational concepts outlined above.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Know Your Assets<\/h2>\n\n\n\n<p>You can begin by creating a register of your IT assets, which is where a risk assessment begins. Start by identifying who \u201cowns\u201d the system or data and ask them about their departmental workflows. Then, ask questions about how these assets are configured, managed, and secured. They should at the very least be able to tell you what software and hardware they use, as well as where those records are stored. The outline below will help guide you. It\u2019s populated with real-world examples and notations from my work as a security practitioner working with SMEs.<\/p>\n\n\n\n<p>Below you\u2019ll notice that assets are categorized in three ways: technical, physical, and administrative. Those align with the categories of controls that are used to address the problem(s) uncovered when you list and evaluate your assets. This outline is useful when you move on to the next step of evaluating risks and the type of controls that are required to correct them. You may also encounter some examples that you can live with and eat the cost.<\/p>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#technical\" data-action=\"collapse\">Technical<\/a><div id=\"technical\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<ul>\n<li>A cloud productivity and email suite\n<ul>\n<li>Is it configured correctly?<\/li>\n\n\n\n<li>Are the correct authorizations in place?<\/li>\n\n\n\n<li>Are security baselines available?<\/li>\n\n\n\n<li>Is MFA enabled with a centralized directory?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Cloud storage\n<ul>\n<li>Who has access to what and why?<\/li>\n\n\n\n<li>Is any sensitivity labeling required?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Legacy domain controller\n<ul>\n<li>Is it supported and patched?<\/li>\n\n\n\n<li>Does it have policies? Are any of those policies conflicting?\n<ul>\n<li>Tip: Don\u2019t \u201cfire and forget\u201d policies. Changing one policy in response to a security incident may impact others.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Who has domain admin rights? Who has rights to other privileged roles?<\/li>\n\n\n\n<li>What service accounts are running?<\/li>\n\n\n\n<li>Is offboarding users disabled?<\/li>\n\n\n\n<li>Is there a plan for modernization to secure identities, endpoints, and apps?&nbsp;<\/li>\n\n\n\n<li>Is the domain controller even necessary?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>System backups\n<ul>\n<li>Where does everything reside if there are no backups outside of the siloed documents residing in the cloud?<\/li>\n\n\n\n<li>What are the plans in the event of a fire or flood?<\/li>\n\n\n\n<li>Is there any immutable backup attackers won\u2019t tamper with?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Physical security\n<ul>\n<li>Is there a functional CCTV system?<\/li>\n\n\n\n<li>Who\u2019s responsible for facilities and what will it cost to implement it?<\/li>\n\n\n\n<li>Are there controls to restrict server room access?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Drive encryption\n<ul>\n<li>Are workers remote on laptops?<\/li>\n\n\n\n<li>Is physical security weak?<\/li>\n\n\n\n<li>IT skills and security awareness<\/li>\n\n\n\n<li>Who can manage security awareness training?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>IT accountability\n<ul>\n<li>IT admins who were surfing the web while logged in as a super user (and didn\u2019t believe that was a problem)<\/li>\n\n\n\n<li>Are you able to provide a technical solution for privileged access management?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#physical\" data-action=\"collapse\">Physical<\/a><div id=\"physical\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<ul>\n<li>Sensitive files (analog and paper)\n<ul>\n<li>Where are they stored? In plastic bins, filing cabinets, secure storage?&nbsp;<\/li>\n\n\n\n<li>Are there any fire suppression or alarm systems?<\/li>\n\n\n\n<li>How are you going to protect those files?<\/li>\n\n\n\n<li>The cost of digitizing files is high, so what are the readily available alternatives?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Old PCs and IT waste\n<ul>\n<li>Old PCs were left around with drives intact with potentially personal and regulated information.<\/li>\n\n\n\n<li>Are you okay with sending them off to be disposed of?<\/li>\n\n\n\n<li>What\u2019s the plan going forward?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#administrative\" data-action=\"collapse\">Administrative<\/a><div id=\"administrative\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<ul>\n<li>Processes for handling PII\n<ul>\n<li>Poorly documented processes for employees to handle personal information<\/li>\n\n\n\n<li>What resources are available to train people?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div><\/div><\/div>\n\n\n\n<p>This exercise to uncover assets revealed a Windows 2008 Server that was past its end of life. One employee found it so worrisome that he turned it off every night (no exaggeration). Every PC that was joined to that domain was potentially insecure. This practice was permitted for a reason: senior management didn\u2019t want to spend what the MSP quoted for new on-prem hardware.<\/p>\n\n\n\n<p>Your list may resemble this firm or be more complex, but a comprehensive list of your assets is a starting point to assess weaknesses and vulnerabilities. It\u2019s up to you to determine the likelihood of those risks and what you\u2019re willing to absorb, based upon factors such as business impact or cost. The high-level formula for determining your risk is: <em>threat x vulnerability x probability of occurrence x impact<\/em>. Always consider context and information value.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>You can use a <a href=\"https:\/\/jumpcloud.com\/blog\/it-project-prioritization\">Priority Matrix<\/a> to determine where to start IT projects, which accounts for the impact on your organization and what costs and resources will be involved to mitigate risks.\u00a0<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>An MSP partner could also help to guide you through this process.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Patch Your Stuff<\/h2>\n\n\n\n<p>Now that you know what your stuff is, it&#8217;s time to learn what state it\u2019s in.&nbsp;<\/p>\n\n\n\n<p>There\u2019s a reason why a <a href=\"https:\/\/jumpcloud.com\/resources\/it-trends-report-remote-work-security-cloud-services\">majority of IT admins we\u2019ve surveyed<\/a> are more alarmed about software bugs than weak passwords (given MFA is enabled): bad actors are moving down the stack to <a href=\"https:\/\/www.npr.org\/2021\/04\/16\/985439655\/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack\">applications\/systems<\/a> and are swiftly targeting flaws in operating systems and business systems (such as popular browsers). I recently spoke with the CEO of a security monitoring company that specializes in examining events from log files in a data lake, and he\u2019s noticed that trend \u201cin the wild,\u201d so believe it. Patching is critically important and can be accomplished via policies to mandate that updates happen within a timely period, test patches within user groups, and\u00a0 <a href=\"https:\/\/jumpcloud.com\/platform\/patch-management\">patch management systems<\/a>. You\u2019ll also want to keep support current on network devices, which can also be exploited by attackers on your perimeter and behind the firewall.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Avoid antipatterns and don\u2019t make excuses not to patch or remediate issues when a patch isn\u2019t available. There\u2019s no perfect patch. Patching is <a href=\"https:\/\/jumpcloud.com\/support\/get-started-patch-management\">not as difficult<\/a> as IT operations makes it out to be.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>Patching reduces the possibility of emerging threats impacting your organization before your security systems can catch up to their existence, but it doesn\u2019t block avenues of attack. Your configuration is what could clear the way for a vulnerability to become a security incident.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Practice Least Privilege Computing<\/h2>\n\n\n\n<p>Having a registry of \u201cstuff\u201d helps you to keep up with the cadence that\u2019s needed to update everything, responsively. Application inventories should be limited to <em>allowed <\/em>products, and the way to accomplish this is through <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-least-privilege\">least privilege<\/a> computing or managing deployments using a solution for remote systems, such as Chocolatey for Windows and <a href=\"https:\/\/jumpcloud.com\/blog\/mdm-mobile-device-management\">MDM solutions<\/a> for Mac devices. Least privilege computing is the concept that users and systems should only be granted the minimal permissions that are required to do their job. For example, users don\u2019t need to unilaterally install new things, so they shouldn\u2019t have the rights to do so.\u00a0<\/p>\n\n\n\n<p>Least privilege extends to the capacity of malware to spread throughout your systems. Nothing\u2019s impossible for malware to accomplish when it\u2019s running under administrative permissions. There\u2019s countless places to \u201chide\u201d and any system that\u2019s been breached is inherently untrusted. Broad permissions will enable attackers to transform an infected device into a jumping point to scope out what else is unsecured within your systems to maximize the potential for ransom.<\/p>\n\n\n\n<p>This concept also extends to cloud services, website servers, resource groups, and even IT admins as they work. There\u2019s no reason why an IT admin should have access to vital resources: grant yourself the permissions that you need to get a job done and then revoke them afterward. A centralized cloud directory service such as JumpCloud can manage and monitor user permissions and dynamic groups can remove unauthorized users. JumpCloud also allows for <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-groups\">conditional access rules<\/a> that apply business rules to limit access to IT assets.<\/p>\n\n\n\n<p>Least privilege computing is an effective framework to follow, but people can be the weakest link, even when the best technical controls are in place. Software lacks human intuition and the ability to speak up and ask questions; conversely, people can also make poor decisions. It should come as no surprise that the median SME received 94% of its <a href=\"https:\/\/www.fundera.com\/resources\/small-business-cyber-security-statistics\">detected malware<\/a> via email in 2020. Since then, <a href=\"https:\/\/www.pwc.com\/sg\/en\/services\/reimagine-digital\/cybersecurity\/responding-to-the-growing-threat-of-human-operated-ransomware-attacks.html\">human-operated ransomware<\/a> has made these kinds of threats even more dangerous. That\u2019s why the next topic places special emphasis on email security, which is a vital asset to modern enterprises and most often the vehicle for cyberattacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Manage Email Threats<\/h2>\n\n\n\n<p>It bears repeating: most threats to organizations aren\u2019t complex or sophisticated. Cyber criminals are largely focused on finding common problems that are the consequence of inadequate employee security awareness training or poor IT hygiene, and email is your virtual front door to test these weaknesses. This risk is a well-understood problem and there are many effective ways to lock attackers out. Those include technical solutions that secure the email system and delivery of messages as well as training to empower your staff to learn and do better.<\/p>\n\n\n\n<p>Technical solutions can include the following:<\/p>\n\n\n\n<ul>\n<li>Configure the system that you have, or add a layer of threat protection via a third party, to be more secure on the server side.\n<ul>\n<li>Enable MFA for every user, immediately<\/li>\n\n\n\n<li>Using strong <a href=\"https:\/\/theintercept.com\/2015\/03\/26\/passphrases-can-memorize-attackers-cant-guess\/\">passphrases<\/a> and a password manager<\/li>\n\n\n\n<li>Configure DLP policies to limit the loss of personal and protected information<\/li>\n\n\n\n<li>Sign emails using an identity-based credential\n<ul>\n<li>This provides non-repudiation (nobody can say they didn\u2019t read a message)<\/li>\n\n\n\n<li>It also ensures that people within your organization are who they say they are. This is especially valuable when CEO fraud and other phishing attempts are used to socially engineer attacks specific to your group. Criminals use pressure tactics such as impersonating your boss and making demands on a tight deadline.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>There\u2019s no reason to host your own email unless you\u2019re a national security organization. Today\u2019s providers have more credentials and security protocols in place than you could ever imagine, let alone pay for.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Evaluate \u201cnext-gen\u201d solutions.\n<ul>\n<li>Some newer generation solutions utilize advanced AI to process the context of a message and block messages from being delivered.&nbsp;<\/li>\n\n\n\n<li>There\u2019s a hot <a href=\"https:\/\/news.crunchbase.com\/news\/anti-phishing-startups-score-130m-in-past-week-alone\/\">startup market<\/a> and several mature platforms.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Ensure that every endpoint uses EDR software, with special consideration for mobile devices. There\u2019s a push\/pull factor between privacy and security, and the jury is still out.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>According to <a href=\"https:\/\/www.linkedin.com\/newsletters\/cyber-savvy-broker-newsletter-7087099533603602433\/\">Coalition<\/a>, a leading general agent for managing cybersecurity risk, the risk of claims for business email compromise (BEC) and funds transfer fraud (FTF) events were found to be equally as bad with Microsoft 365 as on-prem Exchange. This is in stark contrast to companies using Google Workspace, which experienced a 25% risk reduction for FTF or BEC claims and a 10% risk reduction for ransomware claims. JumpCloud is a Google partner and Google <a href=\"https:\/\/jumpcloud.com\/blog\/jumpcloud-google-workspace-partnership\">recommends JumpCloud<\/a> as a directory solution for SMEs.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>User awareness training is the administrative solution for people. Your employees can become \u201chuman firewalls\u201d through education and simulations. The simplest answer is to teach people how to stop what they\u2019re doing and contact suspicious senders (or suspicious messages from legitimate senders) through a different medium (like pick up the phone) before opening or clicking on things.&nbsp;<\/p>\n\n\n\n<p>Many solutions exist in this realm and you can simply incorporate them into your onboarding process and have quarterly reviews. The benefits extend into home lives where personnel and their families could be acutely harmed by identity or financial theft. The cost of these training programs is a pittance compared to lost business and unrecoverable data.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Storage Is Cheap: Back It All Up<\/h2>\n\n\n\n<p>Suppose that your systems and users aren\u2019t up to speed and someone clicks on a ransomware payload. Unfortunately, their system has unfettered access to crucial information on your network that\u2019s business critical. Hopefully, this won\u2019t become a major catastrophe if you have working backups. Don\u2019t rely solely on endpoint security and assume that every attack will be handled. Nothing is foolproof. It\u2019s better to master the systems that you have and map out your recovery from cyber incidents than it is to overspend on too many security systems.&nbsp;<\/p>\n\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/202310-WP-CrowdstrikeJumpCloud-160x110-DesignedCTAImage.jpg\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n                    <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Secure Your SME with JumpCloud and CrowdStrike        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/resources\/secure-your-sme-with-jumpcloud-and-crowdstrike\" data-promo=\"JumpCloud Crowdstrike whitepaper\" class=\"button is-primary-green promo-small-banner-link\">Download the Whitepaper<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<p>You may have heard it said that your chances at recovery are only as good as the quality of your last backups. You\u2019ll spare yourself a catastrophic scenario if you invest time and resources into disaster planning; therefore, configuring good backups should be top of mind.<\/p>\n\n\n\n<p>One option is to use an offline backup, which is inexpensive, portable (you can remove it from your building), and can be disconnected from the network where threats will propagate. The downside is that backups can be corrupted if the hardware or software encounters problems, and theft is a concern. Make sure that any backup is also encrypted, which will limit damage and the potential for data exfiltration in that circumstance. Theft happens, and even though your office space isn\u2019t Fort Knox, physical controls such as appropriate doors and locks are effective protective measures.<\/p>\n\n\n\n<p>Online backups are another option (if you have a speedy, dependable internet connection). The quality of the backup may be higher given it\u2019s the core dependency of the backup vendor and off-site locations create redundancy in the event of disasters or fires. The potential downsides are that data is no longer in your hands, and remotely hosted data takes longer to download for recovery. Hackers will also try to find their way in, including ransomware that may lock up this type of backup, making it vulnerable to malware despite being an off-site service provider.<\/p>\n\n\n\n<p>Mature disaster recovery programs conduct tabletop exercises to practice disaster recovery. That\u2019s not something we\u2019d expect SMEs to do, but designating responsible individuals and having a process laid out in booklets in the event of a data breach is a good starting point.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Knowing Enough to Be Dangerous<\/h2>\n\n\n\n<p>This article is tailored to the modern IT admin of an SME and emphasizes the basics. You\u2019re well on your way to a good security strategy if you follow these pillars, independently, with your team, or in conjunction with an advisor or MSP. Security is a spectrum that can evolve in its breadth and scope almost indefinitely, but you can know enough to be dangerous and protect your organization while you plan for the long term.<\/p>\n\n\n\n<p>You can accomplish many of the technical controls outlined in this article by leveraging JumpCloud Directory Platform, which is free to use <a href=\"https:\/\/jumpcloud.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">on a trial basis<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Not sure where to start? In this article, learn about five core areas that will help you &#8220;know enough to be dangerous&#8221; in IT security.<\/p>\n","protected":false},"author":150,"featured_media":46935,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[2422,2420,2383,2373,2388,2374],"collection":[2775],"platform":[],"funnel_stage":[3015],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Know Enough to be Dangerous in Cybersecurity - JumpCloud<\/title>\n<meta name=\"description\" content=\"Not sure where to start? In this article, learn about five core areas that will help you &quot;know enough to be dangerous&quot; in IT security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"5 Ways You Can \u201cKnow Enough to be Dangerous\u201d in Cybersecurity\" \/>\n<meta property=\"og:description\" content=\"Not sure where to start? In this article, learn about five core areas that will help you &quot;know enough to be dangerous&quot; in IT security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-16T16:18:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-05T22:51:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"5 Ways You Can \u201cKnow Enough to be Dangerous\u201d in Cybersecurity\",\"datePublished\":\"2023-10-16T16:18:00+00:00\",\"dateModified\":\"2024-11-05T22:51:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity\"},\"wordCount\":2754,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg\",\"keywords\":[\"Be Cyber Smart\",\"IT Admin\",\"multi-factor authentication (MFA)\",\"security\",\"tutorial\",\"zero trust\"],\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity\",\"url\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity\",\"name\":\"Know Enough to be Dangerous in Cybersecurity - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg\",\"datePublished\":\"2023-10-16T16:18:00+00:00\",\"dateModified\":\"2024-11-05T22:51:20+00:00\",\"description\":\"Not sure where to start? In this article, learn about five core areas that will help you \\\"know enough to be dangerous\\\" in IT security.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg\",\"width\":780,\"height\":585,\"caption\":\"Teal lock closing two light blue doors together\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"5 Ways You Can \u201cKnow Enough to be Dangerous\u201d in Cybersecurity\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Know Enough to be Dangerous in Cybersecurity - JumpCloud","description":"Not sure where to start? In this article, learn about five core areas that will help you \"know enough to be dangerous\" in IT security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity","og_locale":"en_US","og_type":"article","og_title":"5 Ways You Can \u201cKnow Enough to be Dangerous\u201d in Cybersecurity","og_description":"Not sure where to start? In this article, learn about five core areas that will help you \"know enough to be dangerous\" in IT security.","og_url":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity","og_site_name":"JumpCloud","article_published_time":"2023-10-16T16:18:00+00:00","article_modified_time":"2024-11-05T22:51:20+00:00","og_image":[{"width":780,"height":585,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg","type":"image\/jpeg"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"5 Ways You Can \u201cKnow Enough to be Dangerous\u201d in Cybersecurity","datePublished":"2023-10-16T16:18:00+00:00","dateModified":"2024-11-05T22:51:20+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity"},"wordCount":2754,"commentCount":0,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg","keywords":["Be Cyber Smart","IT Admin","multi-factor authentication (MFA)","security","tutorial","zero trust"],"articleSection":["Best Practices"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#respond"]}]},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity","url":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity","name":"Know Enough to be Dangerous in Cybersecurity - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg","datePublished":"2023-10-16T16:18:00+00:00","dateModified":"2024-11-05T22:51:20+00:00","description":"Not sure where to start? In this article, learn about five core areas that will help you \"know enough to be dangerous\" in IT security.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/05\/it-security-multi-factor-authentication.jpg","width":780,"height":585,"caption":"Teal lock closing two light blue doors together"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/5-ways-you-can-succeed-in-cybersecurity#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"5 Ways You Can \u201cKnow Enough to be Dangerous\u201d in Cybersecurity"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/55047"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=55047"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/55047\/revisions"}],"predecessor-version":[{"id":117154,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/55047\/revisions\/117154"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/46935"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=55047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=55047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=55047"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=55047"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=55047"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=55047"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=55047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}