Conversations in Risk-Based Security

Cyber Security is Everyone’s Responsibility

Posted by Sam Friedman on Feb 6, 2019, 1:35:07 PM
bigstock-A-Fun-Of-Mini-Figure-Soldier-A-255229909

Companies spend millions every year on products and services to fix all their cyber security vulnerabilities. Then they spend just as much money on highly skilled, well-trained cyber professionals to manage those systems. All those resources are useless when an accountant, or a C-level’s executive assistant, or an HR manager, clicks a link they received in their email and BOOM. Now the company is the casualty of a cyber-attack which hurts the individuals whose data was stolen, as much, if not more, than the company breached. I’ve been in cyber security for the last 10 years, but I’ve been in defense for almost 20, and the rules don’t really change, when being attacked it’s all hands-on deck, and we are being attacked all the time. So, what do I mean by “all hands-on deck”?

The easiest way to explain this is to relate it back to the start of my military career. I started basic training with over 115 soldiers in my unit. About a year later, after basic, I advanced to special ops training, where there were only about 40 people left. However, most of those who didn’t complete the full training, wanted to stay with the unit in some capacity. Some became our medics, some our supply officers, some became our drivers, one of them even became our cook. The one thing they all had in common, was that they all had some level of combat training. Anyone who was affiliated with our unit, knew how to handle themselves in a combat situation. This meant that when we went on a mission, we knew that our base, equipment, even soldiers who just needed some down time, would still have another layer of security.

This needs to be the model that companies, and government agencies use when it comes to cyber security. I don’t mean that secretaries and assistants need to pass the CISSP or need to know how to prevent a DDOS attack, but by widening cyber security training and cyber security awareness, the potential for an attack to penetrate successfully is reduced significantly. Vigilance could make all the difference in securing your company, and your customers data.  Where should you start?  Consider the following 5 best practice tips to make sure your company doesn’t find themselves in a post cyber breach all hands-on deck scenario:

1. Regular cyber security awareness training to assure employees are mindful of persistent threats.
2. Make sure security updates are current for all net connected devices, including BYOD.
3. Do not open unknown links or attachments from unknown sources.
4. Scan files before opening even if sent from a credible source or colleague.
5. Try to be more vigilant and use better judgment when surfing the net from a work computer.

Topics: cybersecurity, cyber range