Activities

The clinic operated three main strands of activity

 Public Engagement and Counseling: The clinic has developed and provided
tailor-made counseling to create cybercrime awareness and resilience for
individuals and organizations through a variety of media (e.g. face-to-face,
email, social networking). / Laboratories).
 Research:-The clinic has conducted research with children and young
people, seniors, and small and medium-sized organizations about their
experiences and concerns about cybercrime and how they would like to
receive cybercrime awareness tips in the future.
 Finally, based on the experiences and results of the counseling and research
chapters, the third chapter of the activity is to develop a transferable model
for the implementation of cybercrime awareness clinics that could be
implemented in other regions.
It also helps build and train the next generation of digital security leaders. It
teaches students through a hands-on approach, whereby they strengthen and
support organizations in implementing digital security practices using a holistic
and personalized approach.
It helps organizations proactively defend against digital threats, allowing them to
focus on fulfilling their missions and promoting social change. It consults directly
with civil society groups and provides them with the tools and knowledge to
defend themselves against politically motivated bad actors and digital threats

BENEFITS
The 2019 cybersecurity breach survey found that 31% of micro and small
businesses and 60% of midsize businesses have experienced a breach or attack in
the past 12 months. Average annual costs for companies that lost data or resources
following a breach were £ 3,650 for micro and small businesses and £ 9,270 for
midsize businesses. For charities, 19% of low-income charities and 32% of middle-
income charities have experienced a breach or attack in the past 12 months, with an
average cost (across all charities , including the largest charities) for those who
have lost data or assets of £ 9,470 (DDCMS, 2019). From previous activities that
Cybersecurity Clinics have provided, it offers a number of benefits for public
bodies in addition to cybersecurity advice. These include helping to clarify lines of
authority for the entire organization, provide an opportunity to re-evaluate
contingency action plans (not just for cyber attacks), replace outdated software
(also related to long-term cost reduction ) and, above all, take management risks
seriously. now, rather than after an event. Some other benefits as follows;
 Data protection from unauthorized access, loss or deletion
 Preventing financial fraud and embezzlement.
 Protection of intellectual property
 Prevention of cyber espionage.
 Prevention of fraud through financial transactions like wire transfers etc
 Improves customer confidence

Ahead of the 2020 primary elections, a U.S.-based volunteer-run voting rights

organization had growing concerns about the digital security of its team members
and the integrity of their data. In particular, the organization was concerned that
online disinformation campaigns could hinder its efforts to ensure fair and open
democracy

What cyber Clinic Did:

The Cyber Clinic team of students conducted an audit of the customer's
communication and information storage systems, as well as a comprehensive risk
assessment that led to the identification of the organization's key assets and
potential threat scenarios. As part of this process, the team met with several people
in the organization and rigorously documented the organization's information flow.

"Outcomes"
The team provided the client with a comprehensive report that included a risk
assessment, an explanation of the deliverables, and an inquiry into the original
project context. They created security policies and information workflows for
different roles within the organization, including board members, staff, and
volunteers, and drew a pattern of each member's access to the digital storage
system and how each member can manage permissions in an optimal way. In
collaboration with the fund's interim CEO, the team provided comprehensive
security training that introduced members to the threats they face, the new storage
system and security policies, and general best practices to follow on a daily basis to
maintain the safety of the organization.

Cyber Clinic Challenges

The biggest challenge with Cyber Clinics services is evaluating their effectiveness.
Initial efforts to test the model prevented a survey of participants during the Cyber
Clinic trial. One constraint is limited manpower: managing an investigation
requires trained and experienced staff. Finding experienced staff can be difficult at
the same time. Public participation is also difficult for a variety of reasons,
including absence of clinic staff, school / university breaks, and community groups
on break. Collecting actual data from cyber victims is sometimes difficult due to
lack of coordination. There are also privacy and security concerns with regards to
participant tracking. As a result, there is little data to determine whether
participants implemented the guidelines later and found it helpful.

Issues concerning liability and any legal and / or professional concerns in

establishing a cyber clinic
Startups should not access users' private details without their permission or request
permissions that are not required for their website or app. Start-ups should value
user privacy. It could be done by writing a privacy policy in a short, simple and
summary way and also in the regional language so that before accessing any
application, the user can easily read and understand the privacy policy, terms and
conditions. Startups must also enter into an agreement with their users so that they
will not share or use users' personal data, which in turn will help the startup itself
gain people's goodwill and trust. In the privacy policy agreement, the startup must
disclose what personal information the site collects, how the information will be
shared or sold to third parties. In case a new company takes care of any technical
thing or technical process to do something, then it should apply for a product
patent or process patent. The patent right is a negative right that will allow the
patent owner to make exclusive commercial use of his invention and prohibit
others from using it. The startup may obtain the copyright of the software
application, newspapers, articles, research papers or ideas presented on paper or
other literary or artistic work. Trade secrets are the most important intellectual
property right owned by an entrepreneur, a secret will no longer be a secret if it is
leaked and becomes known to many people. To protect trade secrets, new
companies must enter into a confidentiality / nondisclosure agreement with their
partners and employees. The new company must apply for registration of a
trademark or service mark, both for use and for that proposed. A trademark or
service mark is the identity of a business or service provider. Help customers
identify your products or services on the market.

Part 2
Steps to improve cybersecurity systems When it comes to cybersecurity in
organizations, you need to make sure that clear processes and procedures are in
place to detail the security domain, which includes breaches, threats and risks that
could potentially harm the organization. There should also be a procedure for
detecting when a security breach has occurred, which should include detecting
certain issues with the policy, perhaps the policy is out of date or needs to be
updated every time the system is also updated and the application of these policies.
Processes will also need to be put in place to define what can be done to defend the
organization or individual from any possible attacks or threats they may face.
Finally, procedures must be in place to deter potential hackers and attackers from
attempting to break into the organization's system.
Steps to avoid a potential attack
Individuals and organizations can take a number of steps to reduce the likelihood
of security breaches and mitigate the consequences of those that do occur. As a
result, threats must be taken seriously by both organizations and individuals.
Step 1: Keep the systems up to date;
This method of preventing a breach requires regularly installing security fixes to
software and hardware systems.

Stept2: training
Those who work with the most sensitive information in the firm should receive
special training. Data is a company`s lifeblood. Data loss is equally as expensive
and damaging to a company`s brand as a data breach.
Step 3: offline backup of critical data
Many companies and individuals never fully recover from data loss tragedies, and
some even fail. A secure offsite backup of sensitive data is a simple but important
step to take.

Step4: Policy Enforcement

Policies can be as simple as establishing a strong password, but they should ideally
go father security polices should be recorded and automated whenver possible to
avoid human error or omission. Returning to executive support, policies should be
a part of the culture that everyone hoose to follow.

Step5: Use a firewall and antivirus

Antivirus software protects the file system from unwanted programs, while a fire
wall prevents attackers or extenal dangers from every gaining access to your
system.
How to respond when a breach occurs
Step1: Survey the damage
The first step after a breach is to conduct an internal investigation to determine the
impace of critical business processes.

Step2: Attempt to limit additional damage

To prevent an attack from spreading, the company should take precautions. Some
preventative approaches include rerouting network traffic, screening or blocking
traffic and isolating all or parts of the infiltrated network.

Step3: Record the details

The information security team should document the response to the breach in
writing.
 Compromised account
 Affected system
 Information on services that have been disrupted is important
 The extent and nauture of the damage to the systems
 The incidence had an impact ondata and the network

Step4: Engage law enforcement

A major security breach should always be reported to authorities.

Step5: Notify those affected

The personal information of a person must be protected if a data breach occurs.
This quick response may allow them to take precautionary steps right away.
Benefits of above steps

We will start by talking about the steps individuals and companies can take to
strengthen their cybersecurity. One of them is keeping current systems and
software up to dat, which can prevent dat breaches from occuring. Software
updates help with security flaws and correct or eliminate computer problems.
Device updates can add new feature by removing existing ones. This also helps in
improving the efficiency of the device. Another smart idea is to keep the backup
files offline. Making backup files copies of the data obtained is essentail in data
management. Backup protect against human errors, hardware failures, malware
attacks, power outages and natural diasters. if these problem occur, backup can
save your time and money. Cyber security trainning improves the secruity of your
business. Making your staff aware of the various risks that exist, from data
breaches to ransomware, will prevent them from making simple mistakes that
could expose the security of your business.
We also discussed what to do if a cyber breach occurs. In shuch a scenario, the first
step is to assess the damage, which allowed the company to dientify the attacker,
uncover previously unknown secrity holes, and determine what improvements to
the IT system where needed, the second step is try to limit more damage, this step
is also important to reduce the risk of data loss. In the third step, keep track of
everything. Keeping a comprehensive record of violations will help you meet
accountability standards and is an dffective strategy for ensruing the security of
your processing. These records also help ensure that material violations are
reported in a tiimely manner. Many companies wait until after security breach
before contacting the police. The fourth step is to involve law enforcement,
coordinating with law enforcement, an organization can receive valuable non
public information that could help it identify the vulnerabilities exploited in
breach, the possible intent behind the incident and the source of the attack.

Ethical and professional issue

moral ideal and action of those involved, as well as professional standards, form
the foundation of all security systems. Humans are both part of the solution and the
majority of the promblem. Responsibe decisionmaking, confidentiality, privacy,
fraud and misuse, liability, copyright, trade secrets, and sabotage are all security
issues that an organization or individual many face. As networked technologies
grow more enmeshed in th fabric of professional life, this figurative arms race
shows no indications of slowing down.

IT security workers have access to confidential data and expertise about

individuals and firms networks and systems, which hives tema a lot of power
through the survey. That authority can be misused, either intentionally or
unitentionally. However, there are no mandated cyber ethics guidelines that
cybersecurity experts must adhere to. Many IT professionals are unaware of that
their work have ethical immplications. Nevertheless, they make ethical decisions
on a daily basis. Many ethical problems revolve around privacy.

Part 2
Steps to improve cybersecurity systems When it comes to cybersecurity in organizations,
you need to make sure that clear processes and procedures are in place to detail the security
domain, which includes breaches, threats and risks that could potentially harm the organization.
There should also be a procedure for detecting when a security breach has occurred, which
should include detecting certain issues with the policy, perhaps the policy is out of date or needs
to be updated every time the system is also updated and the application of these policies.
Processes will also need to be put in place to define what can be done to defend the organization
or individual from any possible attacks or threats they may face. Finally, procedures must be in
place to deter potential hackers and attackers from attempting to break into the organization's
system.

Steps to avoid potential attacks.

Individuals and organizations can take a number of steps to reduce the likelihood of
security breaches and mitigate the consequences of those that do occur. As a result, threats must
be taken seriously by both organizations and individuals.
Step 1: Keep the systems up to date.
This method of preventing a breach requires regularly installing security fixes to software
and hardware systems.

Stept2: training
 Those who work with the most sensitive information in the firm should receive special
training. Data is a company`s lifeblood. Data loss is equally as expensive and damaging to a
company`s brand as a data breach.
Step 3: offline backup of critical data
Many companies and individuals never fully recover from data loss catastrophes, and
some even fail. A secure offsite backup of sensitive data is a simple but important step to take.

Step4: Policy Enforcement

Policies can be as simple as establishing a strong password, but they should ideally go
further security policies should be recorded and automated whenever possible to avoid human
error or omission. Returning to executive support, policies should be a part of the culture that
everyone chooses to follow.

Step5: Use a firewall and antivirus

Antivirus software protects the file system from unwanted programs, while a firewall
prevents attackers or external dangers from ever gaining access to your system.

How to respond when a breach occurs

Step1: Survey the damage
The first step after a breach is to conduct an internal investigation to determine the impact
of critical business processes.

Step2: Attempt to limit additional damage

To prevent an attack from spreading, the company should take precautions. Some
preventative approaches include rerouting network traffic, screening or blocking traffic, and
isolating all or parts of the infiltrated network.

Step3: Record the details

The information security team should document the response to the breach in writing.
  Compromised account
 Affected system
 Information on services that have been disrupted is important
 The extent and nature of the damage to the systems
 The incidence had an impact on data and the network

Step4: Engage law enforcement

A major security breach should always be reported to authorities.

Step5: Notify those affected

The personal information of a person must be protected if a data breach occurs. This quick
response may allow them to take precautionary steps right away.

Benefits of the above steps

We will start by talking about the steps individuals and companies can take to strengthen their
cybersecurity. One of them is keeping current systems and software up to date, which can
prevent data breaches from occurring. Software updates help with security flaws and correct or
eliminate computer problems. Device updates can add new features by removing existing ones.
This also helps in improving the efficiency of the device. Another smart idea is to keep the
backup files offline. Making backup files copies of the data obtained is essential in data
management. Backup protects against human errors, hardware failures, malware attacks, power
outages, and natural disasters. if these problems occur, backup can save you time and money .
Cyber security training improves the security of your business. Making your staff aware of the
various risks that exist, from data breaches to ransomware, will prevent them from making
simple mistakes that could expose the security of your business.
We also discussed what to do if a cyber breach occurs. In such a scenario, the first step is to
assess the damage, which allows the company to identify the attacker, uncover previously
unknown security holes, and determine what improvements to the IT system where needed, the
second step is to try to limit more damage, this step is also important to reduce the risk of data
loss. In the third step, keep track of everything. Keeping a comprehensive record of violations
will help you meet accountability standards and is an effective strategy for ensuring the security
of your processing. These records also help ensure that material violations are reported in a
timely manner. Many companies wait until after a security breach before contacting the police.
The fourth step is to involve law enforcement, coordinating with law enforcement, an
organization can receive valuable nonpublic information that could help it identify the
vulnerabilities exploited in the breach, the possible intent behind the incident and the source of
the attack.

Ethical and professional issues

moral ideals and actions of those involved, as well as professional standards, form the foundation
of all security systems. Humans are both part of the solution and the majority of the problem.
Responsible decision-making, confidentiality, privacy, fraud and misuse, liability, copyright,
trade secrets, and sabotage are all security issues that an organization or individual may face . As
networked technologies grow more enmeshed in the fabric of professional life, this figurative
arms race shows no indications of slowing down.

IT security workers have access to confidential data and expertise about individuals and firms'
networks and systems, which gives them a lot of power through the survey. That authority can be
misused, either intentionally or unintentionally. However, there are no mandated cyber ethics
guidelines that cybersecurity experts must adhere to. Many IT professionals are unaware that
their work has ethical implications. Nevertheless, they make ethical decisions on a daily basis.
Many ethical problems revolve around privacy.