At Resilient Excellence Consulting, we believe protecting your information doesn’t have to be complicated. Below are answers to common questions about information security and cybersecurity that can help you stay safe while using technology for personal or business activities.

1. What is information security?

Information security, also known as InfoSec, is about protecting all forms of information (i.e., physical, digital, spoken) from unauthorized access, inappropriate use, or destruction. It covers everything from keeping your personal identity and business records safe, to making sure your sensitive data like health, education, and financials are managed appropriately.

2. What is cybersecurity, and how is it different from information security?

Cybersecurity is a branch of information security that focuses on protecting technology that includes systems, networks, and electronic devices from attacks, damage, or unauthorized access. This could be anything that is connected online (e.g., online accounts, computers, cell phones, medical devices, cars, televisions, appliances, etc.). Information Security is the broader field that ensures the confidentiality, integrity, and availability of sensitive data in all forms.

Think of it this way: all cybersecurity is information security, but not all information security is cybersecurity. 

Here are some examples:

• Locking up sensitive paper files = information security

• Using a firewall to block hackers from entering your network = cybersecurity

• Installing badge scanning for access in and out of data center = information security and cybersecurity

• Using two-factor or multi-factor authentication account access = cybersecurity and information security

3. I don’t have a lot of money or expensive things, so why should I care about information security and cybersecurity if I don’t have anything of importance or value?

Cybercriminals target everyone, not just businesses, celebrities, or rich people. Everyday activities—like online banking, shopping, using social media, or checking email—can expose you to risks if you don’t take precautions. A single weak password or a clicked scam link can open the door to identity theft, financial loss, or business disruption.

4. How can I create a strong password?

A strong password should:

• Be at least 16 characters long.

• Include upper and lowercase letters, numbers, and symbols.

• Avoid personal information like birthdays, address, family and pet names as these can be easily obtained from social media or an Internet search.

• Be unique for each account. Do not reuse passwords across accounts.

Tip: Use a password manager to create and store strong, unique passwords.

5. What is two-factor (2FA) or multi-factor authentication (MFA), and should I use it?

Two-factor and multi-factor authentication add an extra layer of security beyond just the password. After entering your password, you must verify your identity using something else (like a code sent to your phone, a fingerprint scan, or an app notification). This makes it much harder for hackers to get into your accounts. You can even use an authenticator app that provides a code to enter for registered accounts. You should use 2FA or MFA to better protect your accounts and devices.

6. What is phishing, vishing, and smishing?

• Phishing is the tricky tactic of receiving an email where the sender pretends to be someone else to trick you into sharing sensitive information or giving access to their system. This might include pretending to represent a legitimate organization.

• Vishing is the phone version of phishing, as the phone call or voicemail instructs you to share sensitive information or perform an urgent action that is needed or else something bad will happen.

• Smishing is the texting version of phishing, where the text message is an alert or urgent message requesting that you click on a link or perform other tasks.

Do not trust, always verify. If something feels off or manipulative, don’t click and do not share any of your information.

7. What should I do if I think my device has been hacked?

• Disconnect from the Internet right away.

• Run a trusted antivirus or anti-malware scan.

• Change your passwords from another secure device.

• Contact your bank and monitor accounts for suspicious activity.

• Consider reaching out to a cybersecurity professional for a full check.

8. How do I protect my home Wi-Fi network?

• Change the default name and password for your devices and network Service Set Identifier (SSID).

• Use strong encryption for your router, such as WPA3 or WPA2.

• Keep your computer, cell phone, modem, router, and other connected devices up-to-date with manufacturer software updates. If your devices are no longer receiving updates, then this is a security risk. Please replace the vulnerable devices with newer supported devices.

• Turn off remote management on your router, especially if you don’t need it.

• Create a separate “guest” network for visitors.

For more tips on securing your home network, check out the U.S. Federal Trade Commission Consumer Advice on How to Secure Your Home Wi-Fi Network. 

9. Is it safe to use public Wi-Fi?

Public Wi-Fi (like in coffee shops or airports) is risky because hackers can intercept your traffic. If you must use it:

• Avoid logging into sensitive accounts (like email, health and financial related).

• Use a Virtual Private Network (VPN) for secure browsing.

• Stick to websites with “https://” in the address.

• Use your own mobile hotspot instead.

10. What is ransomware?

Ransomware is malicious software (also known as malware) that locks your files or devices until you pay money to the attacker. You are the first line of defense, and the best protection is prevention:

• Slow down, pause and verify before trusting any message.

• Keep your software and security updates current.

• Back up important files on devices regularly.

• Don’t click suspicious links or open unknown attachments.

11. How can small businesses protect their data?

• Train employees to recognize phishing, vishing and smishing scams.

• Require strong passwords and MFA.

• Regularly back up business data (i.e., human resources, accounting, etc.) related to financials, employees, and any other sensitive information.

• Limit who has access to sensitive information.

• Separate Administrator account(s) from user account(s).

• Enforce proper segregation of duties with access management controls.

• Have an incident response plan, business continuity, and disaster recovery plans in case of a cyberattack or any other business interruption.

12. What should I do if my personal information was exposed in a data breach?

• Change your passwords immediately.

• Enable MFA on affected accounts.

• Monitor bank and credit card statements and consider transaction alerts.

• Consider placing a credit freeze or fraud alert with credit bureaus.

• Use an identity theft monitoring service if available.

13. How often should I update my devices and software?

As soon as updates are available! Updates often include security patches that fix known weaknesses. Delaying updates can leave you open to vulnerabilities and attacks. Manufacturers have regularly scheduled update releases, like Microsoft’s second Tuesday of each month known as ‘Patch Tuesday’ and includes monthly maintenance window.

14. What are some quick steps I can take to improve my security today?

Start with these three:

1. Turn on multi-factor authentication for all your accounts.

2. Use a password manager to create and store strong passwords.

3. Keep your devices and applications updated with manufacturer system and software releases.

Need help protecting your personal or business information?
At Resilient Excellence Consulting, we provide security awareness training, risk assessments, and strategies tailored to your needs. Contact us today to build resilience and protect what matters most.