FUD (Fear Uncertainty and Doubt) are projected everywhere when it comes to cybersecurity. From my Facebook feed running ads of companies that say they can provide cybersecurity, to emails that I am afraid to click on that advertise the final solution to cybersecurity and more, the reality is there is no one click, one buy or single solution to meet your cybersecurity needs.
The bottom line is, the most vulnerable part of your network is the people. Sure, you must have the firewall, anti-virus, anti-malware and filtering, but one click, one user giving away their credentials, or one USB drive inserted in a company PC can undermine your security efforts. The easiest thing for a cybercriminal to use is social engineering, which leaves no trace. There are no firewall logs or evidence of the attack; simply missing data, money or productivity. So where do we start to help educate our teams?
First, we need to empower everyone to say NO. Here are some sample requests that can come in:
• A call from someone pretending to be from IT or from your IT provider. Verify their identity by calling your provider or IT staff at a known number and make sure the call is legit.
• A call from someone asking for payroll data or other confidential information. Even if an email follows from the president of the organization, it could be spoofed. Call them and verify the request. (Don’t just email back. It could be compromised.)
• Anyone asking for your network credentials.
Next, you need to educate yourself and your team. There are great programs out there with training to boost your knowledge, review tests and even some real world challenges to check that everyone really understands what they learned.
Finally, you need an open environment that allows your users to ask questions without the fear of being made to feel stupid. This way if something happens they will ask questions and limit your risk.
You obviously need to put the systems in place to protect your network from the outside. Once that is done, the next step is to train your users. Stay tuned as Nex-Tech will be leading the security front and releasing a new program to actively monitor your network from threats 24x7 and provide real time, activity-based, tracking.