Yeah yeah, I hear you….. “another one of those cyber awareness articles telling me how the world will implode if I click on that link in an e-mail”.
We read literally every day that another company has had a breach, and that
their OUR data has been compromised. The victim company then announces that a message has been sent to the thousands of people whose credit card details, address, health records, passport numbers, etc,. are now in the hands of criminals. Nothing can be done about it by this point of course because the damage is already done, and to be honest 99.9999% of us read the message from our vendor and think ‘that sucks’ before clicking play again on the latest episode of Ozark. Some of us (a pretty small percentage) change our password if the service of the company which has been breached is connected to an online account immediately (you’re the savvy one), some wait until tomorrow, and some think it’s too much hassle. What are the chances of personally being a victim anyway?
It’s no secret that cyberattacks are an ever-growing threat in the modern world. From companies of all sizes to the healthcare sector and political campaigns, cyber risk is considered the top business concern for this year. ‘Whoaa, hang on, what about Coronavirus and the havoc that is creating?’ Well, actually something like a pandemic is yet another window of opportunity for cyber criminals. In fact, their strategy for tempting us to click on a link is either triggering our temptation or our fear senses. I’m very sure that if 10,000 people were sent a mail with this message “click here to find out three ingredients which guarantee immunity to coronavirus” a surprising amount of people would click. These attacks are not only incredibly costly, but also embarrassing for those involved.
- 46% of SMB’s (small-medium sized businesses have been targeted by ransomware.
- 73% have paid the ransom
- More than 25% of the total SMB survey group said that they lack a plan to mitigate a ransomware attack and 20% said their organization is unprepared for a ransomware attack. (1)
Who should manage these threats? Most people seem to think that cybersecurity is just something to be handled by the computer nerds of the world. This, of course, is not true. Cyber safety, like any physical safety practice, is handled in non-technical ways by every employee of a business. While technical digital security, blue teams, red teams etc., is obviously a big part of an overall cybersecurity plan, it is important that the non-technical aspects are recognized and fully implemented in order to fully protect employees, customers (us), and organizations alike and keep them cyber safe.
So – what can you do to at assess your existing strategy, and how you can improve it? If you don’t have a solid strategy at all – which includes annual cybersecurity compliance training of employees – where do you start? Here are FIVE points you can get started on:
- Take the time to identify your critical assets. – Before a cyberattack happens, take the time to fully identify your critical management aspects and take the necessary steps to protect them. When you know where your most important and sensitive information is before something happens, you will save time and effort in the event of an incident while also deciding the value of said data.
- Prepare a company-wide response plan. – Each and every member of your organization should know what to do in the event of a cyberattack and what they are responsible for. Your company should have this listed in a thorough plan and implement a protocol for things like the shutting down of critical systems, alerting of authorities, and a backup plan for communication.
- Double check third parties. – Just because you have taken the steps to protect your company doesn’t mean others have the same set of guidelines implemented. A visitor to the office with a laptop full of malware can take down your organization all the same. Make sure that any outside or third-party vendor associated with your company follows a cybersecurity plan as well.
- Designate a cybersecurity leader. – Your organization should have someone who is in a position of power making sure that cybersecurity is a top priority for all employees. He or she should make sure that training is enforced, security protocols are thoroughly understood by all employees, and emergency plans are in place should the worst happen.
- Make training a priority. – Every single member of your organization is responsible for the cybersecurity of said organization, which is why every single member must be trained. All it takes is just one click on a link to compromise a company.
As a follow on to this article, I invite you to spend 30 minutes for literally THE MOST exciting webinar of the last 3 months!!!! If you don’t register AND attend, yep, you guessed it – END OF THE WORLD time. I’m kidding, of course, but I hope you squeeze in the opportunity of listening to President of CertNexus, Jeff Felice ,who is currently one of the world’s most active emerging technology evangelists. He will give you some thought-provoking information and offer specific ideas on the most affordable way to easily role out a cyber compliance program and significantly reduce the risk of you or your employees/colleagues accidently falling into cyber criminals traps.
Title: Cyber Security Awareness: Your company is only as strong as your weakest employee!
Date/Time: June 2, 2020 at 7:30 AM EDT
To register simply click here
About James Varnham, Managing Director, Logical Operations EMEA
James has had an active profile in the training and certification industry for the past 20 years. His experience has traversed across private, academic, and public sector where he has held international management roles. His focus now is leading his team in helping Logical Operations’ channel of training organizations, learning institutions, government departments and agencies in Europe, the Middle East, Africa and India by distributing published learning tools and resources to improve competency development. Outside of work, James interests are playing tennis and running as well as playing the bass – and now embarking on a motorcycle license.