![](\"https:\/\/lh7-us.googleusercontent.com\/eP0-9cKFrhYlWwBrBg_f_R6VaglXCFs6N4V8Jf8urgKfer9AZRzN7yu0D482wrCnbHbhzRyv_52seTqKmZfvuJbVMRh1LZeaI9_7PfPKCGGedpeRPkDU6E81tOx4-qFgW1zgzBJ10h-vXuEz8k7mE9k\")
<\/p>\n\n\n\nFrom the business perspective, cybersecurity is quite tricky. As opposed to design and development, if the cybersec team performs at their best\u2026 nothing happens. And it\u2019s the best thing you could hope for. <\/p>\n\n\n\n
In a way, this is like buying insurance. You hope not to need it, but then a year passes and not using it feels a bit like wasted money. Especially if that\u2019s yet another year where you don\u2019t need it. And in many companies, where the excel sheet is a business oracle, this is how cybersec is perceived. A non-tangible cost.<\/p>\n\n\n\n
I would say that this shortsighted approach is a recipe for a disaster\u2026 But in the past, thinking that way, I found myself in the minority. Many companies \u2013 especially ones seeking investors \u2013 are short-term oriented. This is not necessarily always a bad thing \u2013 but you need to know what to trade off. Security and quality seems to me the worst possible choice.<\/p>\n\n\n\n
A security breach is a risk at many different levels. On the most basic, you need to restore your operations. And without proper business continuity protocols and backups this may take a lot of time. Time during which your company is not making money, but still has costs that have to be covered.<\/p>\n\n\n\n
Then, there\u2019s the matter of your reputation. You don\u2019t always know what the hacker\u2019s goal is. And it\u2019s not only money anymore. In the case of the Uber security breach<\/a>, the hacker was seeking attention and admiration. So it was in his interest to advertise it as much as possible. Some customers will forgive you, but some will just go elsewhere.<\/p>\n\n\n\n Another thing is that with ransom attacks, your backups might not be enough, and you will have to suck it up and pay. Reportedly, because of a simple human error, Garmin had to pay $10m to Russian hackers<\/a>. And they most likely did so through an intermediary, as the hacker group was subject to US sanctions. That would for sure mean a nice fat fee on the top of it.<\/p>\n\n\n\n Last but not least, we live in times of GDPR. The breach alone is grounds for a fine, but failing to notify affected users will increase it. If your company operates in different EU countries, remember that each GDPR office is a separate institution. So those are 27 angry European countries kicking you in the face, while you\u2019re already on your knees. <\/p>\n\n\n\n So, yeah \u2013 I\u2019d say that cybersecurity is pretty important.<\/p>\n\n\n\n We will go through many of those things in the Cybersecurity section of this blog. In fact the next article I\u2019ve planned is one on password managers. But to not leave you hanging for now, just remember this: stay alert. <\/p>\n\n\n\n Not clicking links or opening attachments automatically is basically a good habit to develop. The other is using password managers and generating strong and random passwords for all services you use. Also those services you use in your private life. <\/p>\n\n\n\n Talk with your development team about cybersecurity best practices, and ask them to implement them in their daily work. Do not assume that they\u2019re doing it. In one of the companies I worked with, the devops team for 6 years had one password to all clients\u2019 admin panels. Yes \u2013 both plural \u2013 many clients, many panels \u2013 one password. This was despite the fact I personally negotiated a licence for 1password for all team members with our CEO (again \u2013 yes \u2013 I needed to negotiate the $50\/month of licences). It took Russia\u2019s barbaric invasion of Ukraine, and the hacker attacks on EU infrastructure that accompanied it, to change that. <\/p>\n\n\n\n And the last thing for now \u2013 read about it and share articles on your internal communication channels. A constant drip of water wears away even a mountain. Below I share my favourite cybersec pages and some of the tools I use in my private and professional life. As I\u2019m Polish, some of the portals are in that language (and they\u2019re exceptionally good). However my foreign colleagues have no problem reading them with Google automatic translation on.<\/p>\n\n\n\n Cybercrime Magazine<\/a> \u2013 They have a whole separate section on cyberattacks cases. As they\u2019re from US, they often describe schemes that later one are used in other parts of the world. I also recommend their podcast.<\/p>\n\n\n\n Tripwire<\/a> \u2013 They are CyberSec company running a blog. They have a rich library of \u201chow to\u201d articles. It\u2019s worth to take a look from time to time.<\/p>\n\n\n\n Dark Reading<\/a> \u2013 I heard this is the best site for CyberSec. To be honest I prefer Cybercrime Magazine, but they have really good free reports. They have new articles everyday, so it\u2019s good place to stay up to date with cyber security.<\/p>\n\n\n\n Yubico Blog<\/a> \u2013 This is a product company running blog, so obviously they\u2019re circling around thing that YubiKey could be used for \u2013 but if you have one, you can learn how to use it more effectively.<\/p>\n<\/div>\n\n\n\n Niebezpiecznik<\/a> \u2013 One of the best Polish sites dedicated to Cyber Security. You will find here a lot of articles about threats, prevention and hints. They also have their own CyberSec alerts app that notifies users about active attacks in Poland.<\/p>\n\n\n\n Zaufana Trzecia Strona<\/a> \u2013 Slightly smaller team, but delivering very good CyberSec content. You will find detailed described cases and articles about Cyber Security. They\u2019re also running a podcast, and their editor in chief organizes annual \u201cSecurity Confession\u201d webinar where he shows what tools he use in his private and work life.<\/p>\n\n\n\n Sekurak<\/a> \u2013 A bit more technical website dedicated to Cyber Security issues. Here you will find much more about practical application and news about technology that indirectly affects security.<\/p>\n\n\n\n Kacper Szurek<\/a> \u2013 a blog run by a Polish CyberSec profesional. He has produced a lot of \u201chow-to\u201d articles and YT videos. You can learn from him about tools and apps improving security, but also what to do if you were affected by the attack.<\/p>\n<\/div>\n<\/div><\/div>\n\n\n\n Signal<\/a> \u2013 It\u2019s an encrypted end-to-end communicator, available for the most popular operating systems \u2013 including Android and iOS, not connected to any of the Big Tech companies and not selling your data. One serious con for people enjoying WhatsApp is that moving to a new device or reinstalling wipes the message history.<\/p>\n\n\n\n KeePassXC <\/a>\u2013 Free and open-source password manager that I use in my private life. As I consider it one of the most important day-to-day security measures, there will be a separate article about it.<\/p>\n\n\n\n Yubico NFC and 5C NFC<\/a> \u2013 a hardware authentication device \u2013 my favourite cybersecurity measure. The only problem is that it is still not very popular. In 2023 the first Polish bank will start using it to authorise users. And that will probably also be the first bank worldwide. But each year there are more and more popular. <\/p>\n\n\n\n Google Authenticator<\/a> \u2013 Wherever YubiKey is not available I use Google Authenticator. Recently they added an option to connect GA with your Google account \u2013 so changing or losing a device will not be that big a deal anymore.<\/p>\n\n\n\n Revolut (disposable virtual cards)<\/a> \u2013 The best option if you need to buy something from a source you don\u2019t know or trust much. I used it to buy the theme for this blog. You just top up your account with money, pay and in case it\u2019s hacked the card was one-use only. Additionally I don\u2019t keep any money on my Revolut account when I don\u2019t need to.<\/p>\n\n\n\n BLIK<\/a> \u2013 Polish payment method based on a 6 digit code generated for 30 sec. You type in the code and confirm on your phone. You\u2019re not sharing a CC number, so even if someone fooled you, all that is at stake is the amount you\u2019re paying. I also use it to withdraw money from ATMs to avoid scammers.<\/p>\n\n\n\n <\/p>\n\n\n\n Credits<\/strong><\/p>\n\n\n\n From the business perspective, cybersecurity is quite tricky. As opposed to design and development, if the cybersec team performs at their best\u2026 nothing happens. And it\u2019s the best thing you could hope for. In a way, this is like buying insurance. You hope not to need it, but then a year passes and not using…<\/p>\n","protected":false},"author":2,"featured_media":31,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-25","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"yoast_head":"\n![](\"https:\/\/lh7-us.googleusercontent.com\/1ConuUeIU28svB78nq9wM8eCI1Nh2MRXG6_R01xn9vSOoyoP6PigQIZg6gIjkNdXk9PCsb0it9mnGfnQv9RZamyd2tjWRqU3YJaMDIqf_vXrlyeJrM1FSa7iZWf2ewELEVi4QMCzRtF0o98TUXPwCNE\")
What can you do as a product professional?<\/strong><\/h2>\n\n\n\n
English speakers<\/div><\/div><\/div><\/li>Polish speakers<\/div><\/div><\/div><\/li><\/ul>\n\n\nMy short list of recommendation<\/strong><\/h2>\n\n\n\n
\n