SITE SEARCH:
video overview
ADS

IIr Associates, Inc.
Publisher of The Virginia Engineer

Print-Publishing Services
Web Site Design-Coding-Hosting
Business Consulting

Phone: (804) 779-3527
sales@iirassoc.com
iirassoc.com

THIS MONTH'S GUEST ARTICLE
Across a wide range of business and engineering topics, these articles are presented with the intent of sharing knowledge and provoking thought, possibly even serving as a catalyst for action. Send us your topic suggestions and abstracts. We are always in search of engaging professional content. Contact us at news@vaeng.com for details.

What Do My Employees Need to Know About Cybersecurity?
April 2018

By: Bryce Austin

A cybersecurity awareness culture is critical to the success of your company. Employees need to understand how their actions positively and negatively impact the cybersecurity posture of your company.

If you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your entire cybersecurity profile. Your employees have business-need access to a lot of important data, and their ability to protect that data—or to inadvertently let it walk out the door of your organization—is strong.

Lack of education was at the heart of a number of incidents of a major security breach. You have probably heard about the new HR employee that got an email from the president of the organization asking for all the W2 information on every employee, so that person sent them exactly as instructed. The employee did not recognize the fact that the email came from a hacker impersonating the CEO, and a major security breach took place.

Entire business models are based on this kind of fraud. Let’s pretend that I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first 10 for free (and those 10 are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.

No big deal, right? Wrong. In this scenario, I own this website and I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password. I will then extract any valuable information I can from those sites, sell the information for a profit, possibly ransom your own data from you to make even more money, and then move on to the next victim.

Need some numbers to illustrate why educating your employees about cybersecurity practices is important?

• Per IDG’s 2016 Global State of Information Survey, 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

• According to the Ponemon Institute, 60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default or stolen password.

So where can your company start? Start with a training program. Your employees need to be educated on cybersecurity best practices. One of the issues that any cybersecurity awareness training program should address:

Implement real password policies.

There’s no easy way to say this, so I’m just going to say it: Passwords stink. They are no fun to create, no fun to remember, and no fun to type in. That being said, passwords are still the most common authentication method today. It is imperative to implement a password policy requiring complex passwords that can’t easily be guessed, and end-user training to go along with it. Microsoft’s Active Directory “require complex passwords” setting is a start, but end-user training is also mandatory.

Many users use the same passwords for every online system they need a password for. This is a problem. If one site gets hacked, cybercriminals will try your credentials at all common websites, and possibly at your business’s VPN. It is imperative that your cybersecurity awareness training program encourage your team members to use different passwords for different sites, and especially for any system that your company uses.

Most companies have some sort of safety guidelines that their employees must follow or be aware of and cybersecurity should be no different. There are a number of companies that specialize in this type of training, and they may or may not be a good fit for your company culture. Picking the right type of training is critical; having a good cultural fit is more important than the actual content. Be sure to do proper due diligence to ensure that the training content offered by the company or companies you are considering is a good fit for the culture of your company.

The important message here is that you already know you must train your employees on certain things in order to have them perform their job functions. Cybersecurity is one of those things. If you are uncertain as to how to structure a cybersecurity training program, find an advisor that can help you.

Questions to explore this topic further with your company’s leaders:

• When was the last time you were trained on cybersecurity? What did you take away from it?

• Do your team members who have access to sensitive data get additional training above and beyond those who do not?

ABOUT THE AUTHOR:
Bryce Austin is the CEO of TCE Strategy, an internationally-recognized speaker on emerging technology and cybersecurity issues, and author of Secure Enough? 20 Questions on Cybersecurity for Business Owners and Executives. With over 10 years of experience as a Chief Information Officer and Chief Information Security Officer, Bryce actively advises companies across a wide variety of industries on effective methods to mitigate cyber threats. For more information on Bryce Austin, please visit www.BryceAustin.com.



Guest Articles
Below are listed the 12 most recent Guest Articles.
To see the entire list of Guest Articles, visit the Guest Article Archive.
To be alerted to new Guest Articles, subscribe to The Virginia Engineer Newsfeed: Atom / RSS

What Do My Employees Need to Know About Cybersecurity?
April 2018

A cybersecurity awareness culture is critical to the success of your company. Employees need to understand how their actions positively and negatively impact the cybersecurity posture of your company.

By: Bryce Austin

Seven Best Practices to Budget (and Spend) for Marketing
March 2018

For anyone charged with allocating marketing dollars, it can seem like an arduous and even dicey process to decide how much to spend annually, and on what.

By: Andy Slipher

Seven Methods to Put Management Pillars into Practice
February 2018

People management has drastically changed since earlier decades, where the corporation was king and people were just workers to serve operational efficiency. The operational model for today is mission, purpose and sustainability. Today, teams and team leaders are kings.

By: Jan Makela

Maintaining Business Stability Amid Political Turbulence
December 2017

Have there been times during your career where you felt like you lost focus in your business? Outside influences may have affected the course you had set, tossing your business plan into a turbulent storm of chaos.

By: Jeff Bush

Five Secrets to be a Great Interviewer
November 2017

With the generational and workforce demographic challenges adversely impacting everybody’s ability to attract, hire, engage, develop and retain people, you need a leg up on ensuring that you are putting your best foot forward in the employee selection process.

By: Magi Graziano

7 Secrets That Increase Your Leadership Impact
October 2017

A major concern for senior executives is “bench strength”—that is, the quantity and quality of up-and-coming, potential leaders who are in the pipeline. The problem is that too often these would-be leaders “hold back, shrink and play small.”

By: Brian Braudis

Mistakes to Avoid When Communicating Change
September 2017

Gulp. Suppose the time has come to communicate a major change for your organization. Maybe it is a downsizing, a restructuring, or a switch to total quality management.

By: Henry DeVries

Once is Not Enough
August 2017

As a professional or thought-leader, you are constantly selling your intellectual property (IP). There’s no reason that IP can’t be repackaged for many different media, like speaking, writing, training, consulting, coaching, and so on.

By: Cathy Fyock

AN INTEGRITY SELF-TEST FOR LEADERS
July 2017

Although many people struggle to completely define integrity, most everyone can recognize it.

By: Dave Martin

Closing Calls Like a Pro
June 2017

Telephone customer service may look easy, but until you’re responsible for navigating the world of tough calls, it’s difficult to appreciate the kicking, blocking, and sparring skills some customers have perfected.

By: Kate Zabriskie

6 C’s of A Visionary Organization
May 2017

Vision is the tension between what was, what is, and what will be. It reaffirms an organization’s reason for existence, identifies who it serves, and creates products and services to solve a societal or humanitarian problem.

By: Eliakim Thorpe

Three Questions that Capture Your Customer’s Attention
April 2017

You may be asking yourself, “Why didn’t I get the follow-up meeting with that recent prospect?”

By: Stu Schlackman


Guest Article Archive
 
 
The Virginia Engineer MobileOur Mobile site
m.vaeng.com
The Virginia Engineer on facebook
The Virginia Engineer RSS Feed