{"id":232872,"date":"2026-06-17T12:26:00","date_gmt":"2026-06-17T16:26:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/17\/consider-these-4-pillars-of-cybersecurity-as-your-framework\/"},"modified":"2026-06-17T15:40:19","modified_gmt":"2026-06-17T19:40:19","slug":"consider-these-4-pillars-of-cybersecurity-as-your-framework","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/17\/consider-these-4-pillars-of-cybersecurity-as-your-framework\/","title":{"rendered":"Consider these 4 pillars of cybersecurity as your framework"},"content":{"rendered":"

Consider these 4 pillars of cybersecurity as your framework<\/a><\/p>\n

https:\/\/www.reuters.com\/legal\/legalindustry\/consider-these-4-pillars-cybersecurity-your-framework–pracin-2026-06-17\/<\/a><\/p>\n

Publish Date: 2026-06-17 12:26:00<\/a><\/p>\n

Source Domain: www.reuters.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. June 17, 2026 – We continue our cybersecurity series with a method to organize it using my Four Pillars of Cybersecurity, and we put it in the context of cybersecurity frameworks, a type of best practice.These Four Pillars guide security improvements on humans, computers, data, and networks. We introduced them in prior articles as we discussed other aspects of cybersecurity, especially management. Sign up here.We started with the emphasis upon management of cybersecurity because it is essential for law firms (and any other type of organization). Good management \u200bensures reasonable decisions are made and proper actions taken to protect the organization and its information systems.If your organization does not yet have a cybersecurity program, establishing one should be a first step, as I covered previously. (See, “Build your cybersecurity program in your firm or organization, opens new tab,” Reuters \u200cLegal News, Dec. 15, 2025). Build the cybersecurity program by putting a person in charge, having a written policy, training, and actively managing cybersecurity with an eye to continual improvement.Within this process of managing cybersecurity are the basics, which means dozens of things to do. Organizing them is aided through a framework.Individuals and families don’t need a policy or a program but still need cybersecurity, so they can skip the management formalities and start with these Four Pillars.Cybersecurity frameworksCybersecurity frameworks are essentially best practices that organizations can follow or adapt when deciding how to manage their own cybersecurity. Quality, written best practices reduce the need to “reinvent the wheel.” Put more broadly, they reduce the need to invent or build the car itself.Still, these frameworks are not magic buttons that enable security automatically and make \u200bdecisions for you. The car is there to be driven and used, but the organization still needs to decide how to maintain and drive the car.There are many cybersecurity frameworks and organizations can follow, adapt, or ignore. In my language of policy work, these frameworks are considered “external guidance” because they come \u200bfrom outside the organization and are not binding.In contrast, a law, regulation, or professional responsibility on cybersecurity would be binding for the organization to comply with, and those are considered “external rules” in my lexicon of policy work.One of the best-known frameworks \u2060is the Cybersecurity Framework (CSF) from the National Institute of Standards and Technology (NIST). It is funded by our tax dollars and free to download without registration or license agreement.The NIST CSF is excellent and comes with many resources. Still, organizations without internal expertise in cybersecurity or information technology will find it daunting and need to surmount a steep \u200blearning curve.The NIST CSF has six main categories (called “functions”) and those are further divided into 21 categories. It will be an investment of time \u2014 significantly so for a layperson \u2014 to understand what those categories entail and how to work on them.The 4 pillarsThis framework starts simple, and the basics are understandable with the first explanation. Through continual improvements over time greater \u200brefinement and comprehension is possible.The Four Pillars involve a continuous process to:\u2022Improve knowledge and awareness of people in the organization,\u2022Secure computing devices,\u2022Secure data, and\u2022Secure networks and use of the Internet.This process is never done. Organizations don’t simply ask for binary responses to questions such as “Are we secure?” or “Are we compliant?” but instead ask “How can we improve?”Reuters Image Purchase Licensing Rights, opens new tabKnowledgeKnowledge and awareness come first because cybersecurity is about the decisions people make. It helps the employee decide whether or not to click on the link, open the attachment, forward the wiring instructions, or send the bank wire.It also helps the managing partner (or other organization leader) decide the best path for the organization’s information systems; who to put in charge, how to select a vendor, and what to do during a serious cyber incident.An absence of \u200bsolid knowledge or awareness can mean that poor decisions follow. They might neglect to build a cybersecurity program in the first place, fail to maintain it, fail to implement two-factor authentication, or fail to protect transfers of funds.In contrast, organizations with a solid knowledge of legal requirements, best practices, and information security basics are well equipped \u200bto make reasonable decisions on technology and cybersecurity, and thus manage their information systems effectively.DevicesProtecting and securing computer devices comes next, with reasonable decisions about how they should be secured, including smartphones, tablets, laptops, desktops, and servers.Security on a device starts at purchase and ends when it is sold or recycled. The device needs to get on a list (an inventory) because the \u200corganization needs to know \u2060about it to properly secure it. The device should be configured securely from the start, including to protect against unauthorized access from the keyboard or screen (e.g., ensuring it locks itself when not in use) and from the internet.The device’s operating system needs to be kept updated and the organization should consider what applications (apps) are loaded onto it because each application is a risk. The applications need to be kept updated, and the device needs protection from malware and other threats.The human needs to exercise care with the device, including physical security because a lost or stolen device is a security risk and an administrative burden. The device should be used carefully. You wouldn’t drive a company sedan in extreme off-road situations and there are places on the internet you shouldn’t take your computer either.DataProtecting our data comes next, and it is everywhere. For many, the bulk of our data is in cloud accounts of behemoth tech companies such as Microsoft or Google, and includes our email messages, documents, spreadsheets, chat messages, and more. Data is \u200balso on devices, external hard drives, and servers.Data also exists within the dozens or \u200bhundreds of online accounts which we now are required to maintain and \u2060secure. From social media to business operations, legal research, and phone and internet service accounts. Many of the online accounts are portals to get things done or maintain services which means access and security are essential.Sometimes we forget about our data and accounts until it is too late, when the data is breached or ransomed, the online account is hijacked, we forgot to renew the service, or the employee with access to the account becomes unavailable.NetworksSecuring our networks and how we use the internet is our \u200bfourth pillar. There should be some awareness of the route our data takes to get to and from our devices, and the security of that route. Joining an untrusted Wi-Fi network is a risk, as are some public Wi-Fi locations.We \u200bwill leave the details of networking technology and security \u2060for another time but offer a vehicular analogy. If your data is travelling on a bus, you want the bus to be well-maintained, run by a reliable company, with a rested and competent driver at the wheel taking a safe route.RepeatCybersecurity is never complete and is a process of continual improvement.Each pillar needs periodic review and attention because there is always room for better understanding of the laws, technology, our information systems, threats, and options to address those threats.DiscoverIn a future column I’ll return with more details on the journey of discovery about your information systems, aligned with each of the pillars. This journey is known in plainer terms as an “inventory” and that might not sound like fun, but is important and \u2060ultimately rewarding \u2014 a step \u200btowards taking charge of your information systems.For example, if an organization can’t produce a list of computer devices then it might not be securing them properly, know who they are assigned to, nor be \u200bable to report them if lost or stolen.ConclusionThese Four Pillars are built into the cybersecurity program you can build yourself, discussed within my December 2025 article (cited above).Don’t let fear or uncertainty hold you back, take a step forward to improve today, improve your firm and achieve some peace of mind.John Bandler is a regular contributing columnist on cybercrime and cybersecurity for Reuters Legal News and Westlaw Today.Opinions expressed are those of the author. They do not reflect the views of Reuters News, which, under the Trust Principles, is committed to integrity, independence, and freedom from bias. Westlaw Today is owned by Thomson Reuters and operates independently of Reuters News.Purchase Licensing RightsJohn Bandler is a lawyer, consultant, author, and adjunct professor at Elisabeth Haub School of Law at Pace University. He helps protect organizations from cybercrime, improve cybersecurity and better protect and manage information systems. His latest book is “Cyberlaw: Law for Digital Spaces and Information Systems” (2025). His firm, based in New York, is Bandler Law Firm PLLC, and he can be reached at JohnBandler@JohnBandler.com.
<\/p>\n","protected":false},"excerpt":{"rendered":"

Consider these 4 pillars of cybersecurity as your framework https:\/\/www.reuters.com\/legal\/legalindustry\/consider-these-4-pillars-cybersecurity-your-framework–pracin-2026-06-17\/ Publish Date: 2026-06-17 12:26:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":232875,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reuters.com\/resizer\/v2\/ZXFLMK2NEZK47BEGX7CJAW2YSA.jpg?auth=712a469771122e37cc5c36bc12715a050bdf70046e1fc770bb6242634c04b907&height=1005&width=1920&quality=80&smart=true","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-232872","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232872"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=232872"}],"version-history":[{"count":0,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232872\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/232875"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=232872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=232872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=232872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}