Docs: added content for cybersecurity

docs/cybersecurity/best-practices.mdx

@@ -0,0 +1,218 @@
+---
+title: "Best Practices in Cybersecurity"
+description: "Learn the essential cybersecurity best practices that protect individuals and organizations from evolving digital threats — from passwords to patching and beyond."
+tags: [cybersecurity, best-practices, security-awareness, safe-computing]
+---
+
+In cybersecurity, **prevention is always better than recovery**. Even the strongest systems can be compromised if users or administrators neglect basic security hygiene.
+
+This lesson explores the **best practices** followed by professionals and organizations worldwide to stay safe in an increasingly connected world.
+
+---
+
+## What Are Cybersecurity Best Practices?
+
+Cybersecurity best practices are **proven methods and habits** that minimize the risk of attacks, data loss, or unauthorized access.
+
+They’re not just technical steps — they’re a **mindset**.
+
+Think of them as your “digital seatbelts.”  
+You may not need them every day, but when danger strikes, they can save you from serious harm.
+
+---
+
+## 1. Use Strong and Unique Passwords
+
+Weak passwords are like leaving your front door unlocked.
+
+### Good Practices:
+* Use at least **12+ characters** with a mix of upper/lowercase letters, numbers, and symbols.  
+* Avoid using personal info like birthdays or pet names.  
+* Never reuse the same password across sites.  
+* Use a **password manager** (e.g., Bitwarden, 1Password, or LastPass) to store and generate passwords.
+
+### Avoid:
+* `password123`, `qwerty`, or `admin` — these are hacker favorites.
+* Using the same password for multiple accounts.
+
+---
+
+## 2. Enable Two-Factor Authentication (2FA)
+
+Even if someone steals your password, **2FA adds a second barrier** — like needing both your key and fingerprint to open a safe.
+
+### Common 2FA Methods:
+* SMS or email codes  
+* Authenticator apps (e.g., Google Authenticator, Authy, Microsoft Authenticator)  
+* Hardware keys (YubiKey, Titan Key)
+
+:::tip
+Prefer authenticator apps or hardware keys over SMS for stronger protection.
+:::
+
+---
+
+## 3. Keep Software and Systems Updated
+
+Cybercriminals often exploit outdated software to access systems.
+
+* Regularly install security patches for your OS, apps, and browsers.  
+* Enable **automatic updates** whenever possible.  
+* Don’t ignore update prompts — they often fix known vulnerabilities.
+
+*Example:* The WannaCry ransomware spread globally in 2017 because many systems skipped a critical Windows update.
+
+---
+
+## 4. Beware of Phishing and Social Engineering
+
+Phishing is one of the most common and successful attack methods — tricking users into revealing secrets or clicking malicious links.
+
+### How to Identify a Phishing Attempt:
+* The sender’s email looks suspicious or unfamiliar.  
+* Urgent tone (“Your account will be locked!”).  
+* Links don’t match the real website domain.  
+* Attachments you weren’t expecting.
+
+### Always:
+
+* Hover over links before clicking.  
+* Verify requests directly from official sources.  
+* Report phishing attempts to your IT or security team.
+
+---
+
+## 5. Use Secure Networks
+
+Avoid connecting to public Wi-Fi for sensitive activities like banking or work logins.
+
+### Safer Options:
+* Use a **Virtual Private Network (VPN)** when on public Wi-Fi.  
+* Turn off automatic Wi-Fi connections.  
+* Avoid using public computers for private tasks.
+
+*Why?* Attackers can intercept unencrypted traffic or create fake “Free Wi-Fi” networks to steal data.
+
+---
+
+## 6. Backup Data Regularly
+
+Data loss can happen from ransomware, hardware failure, or accidental deletion.
+
+### Best Practices:
+* Follow the **3-2-1 rule**:
+  * Keep **3** copies of your data  
+  * Store them on **2** different types of media  
+  * Keep **1** copy **offsite or in the cloud**
+* Automate backups whenever possible.
+* Test backups periodically to ensure they work.
+
+*Remember:* A backup is useless if it’s never tested.
+
+---
+
+## 7. Limit Access and Apply the Principle of Least Privilege
+
+Not everyone needs access to everything.
+
+* Grant users **only the permissions they require** to perform their duties.  
+* Regularly review access rights and revoke unnecessary privileges.  
+* Monitor admin account activity closely.
+
+This limits the impact of insider threats or compromised accounts.
+
+---
+
+## 8. Secure Your Devices
+
+* Use **strong screen locks** and **biometric authentication**.  
+* Enable device encryption (BitLocker for Windows, FileVault for macOS).  
+* Keep Bluetooth and file-sharing off when not in use.  
+* Install **trusted security software**.
+
+:::tip
+Treat your phone like your wallet, it contains sensitive data, and losing it can expose everything.
+:::
+
+---
+
+## 9. Educate and Train Continuously
+
+Human error remains the **#1 cause of cybersecurity incidents**.
+
+* Conduct regular **security awareness training**.  
+* Simulate phishing attacks to test readiness.  
+* Stay updated on the latest threats and trends.
+
+*Cybersecurity is everyone’s job — not just the IT team’s.*
+
+---
+
+## 10. Implement Network and Endpoint Security
+
+* Use **firewalls** to control incoming/outgoing traffic.  
+* Deploy **antivirus** and **endpoint protection** tools.  
+* Segment networks — isolate critical systems from public-facing ones.  
+* Monitor all network activity through **SIEM tools** (e.g., Splunk, ELK Stack).
+
+---
+
+## 11. Encrypt Sensitive Data
+
+Encryption ensures that even if attackers access your data, they can’t read it.
+
+* Encrypt files, drives, and communication channels (HTTPS, VPN, TLS).  
+* Avoid sending unencrypted confidential data over email.  
+* Use tools like **VeraCrypt** or **BitLocker** for local encryption.
+
+*Example:* When you see a padlock icon in your browser, it means the site uses HTTPS — encrypting your communication.
+
+---
+
+## 12. Have an Incident Response Plan (IRP)
+
+Even with all precautions, incidents can still happen.
+
+Create and maintain an **Incident Response Plan** that outlines:
+* How to detect and report suspicious activity.  
+* Steps to contain and recover from an attack.  
+* Contact list of key security personnel.  
+* Backup and communication procedures.
+
+Practicing your response plan reduces panic and speeds up recovery when real incidents occur.
+
+---
+
+## 13. Practice Safe Online Behavior
+
+* Don’t overshare personal information on social media.  
+* Verify friend requests or messages before responding.  
+* Avoid downloading software or files from untrusted sites.  
+* Always log out of accounts on shared devices.
+
+---
+
+## Summary of Cybersecurity Best Practices
+
+| Category | Best Practice | Why It Matters |
+|-----------|----------------|----------------|
+| Passwords | Strong, unique passwords | Prevent unauthorized access |
+| Authentication | Enable 2FA | Adds an extra security layer |
+| Updates | Keep systems patched | Fixes known vulnerabilities |
+| Awareness | Avoid phishing scams | Prevents identity theft |
+| Networks | Use VPN & secure Wi-Fi | Protects online data |
+| Backups | Follow 3-2-1 rule | Ensures data recovery |
+| Access Control | Least privilege | Limits potential damage |
+| Devices | Encrypt & lock | Prevents physical data theft |
+| Response | Have an IR plan | Reduces incident impact |
+
+---
+
+## Final Thoughts
+
+Cybersecurity isn’t about being paranoid — it’s about being **prepared**.  
+A small daily habit, like updating software or verifying an email sender, can prevent massive problems.
+
+> “The best defense in cybersecurity isn’t a firewall — it’s awareness.”
+
+By practicing these principles consistently, you’ll build a strong foundation of cyber hygiene and resilience — both for yourself and any organization you work with.