The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 3: Getting Down to Brass Tacks

May 1, 2018
, , , , , Security

“We have met the enemy and he is us.” – Pogo

Review

Our last two blog posts have focused on revealing the greatest threat to your company’s security. The first cited a 2018 report published by PricewaterhouseCoopers that indicated cyber threats to the security of company data are continuing to increase and that employees are the top sources of security incidents. The second shared the finding that “100% of government entities see their own employees as the biggest threat to security.”

This week we wrap up the series by getting ‘down to the brass tacks’ of the best practices you can implement to minimize the greatest threat to your company’s security.

Respond

Myrtle Beach Data Loss PreventionKnowledge is power only if we use it. Now that we are aware that the greatest weakness in our systems appears to be the users, how we respond to that knowledge is key to protecting your data. Here are a few recommendations for your business.

  • Establish policies that define usage rights and responsibilities.
  • Develop a training program. The program should be formal and documented. Each module of the program should be comprehensive and comprehendible.
  • Start at the beginning. Include employee security awareness and expectations when onboarding new employees. Include computer use policies and cybersecurity awareness and practices as an essential part of employment.
  • Train continuously. Avoid falling into the “one-and-done” trap so common in business training. People to not retain everything they learn. Remind, review, and update training continuously.
  • Put employees to the test. Some companies have gone on phishing excursions. The company creates and sends “fake phishing” emails to employees to see who, if any, responds to them. Use the results to coach those employees and, discreetly, use their cases as examples during employee training.
  • Evaluate employee security performance. Cybersecurity has become an important and essential part of your business. It should, therefore, become an important part of the regular employee evaluation process.
  • Raise awareness of new threats. Stay abreast of new cybersecurity concerns as they arise. Communicate those dangers to your employees. Add the new threats to your cybersecurity training.
  • Reward employee performance and compliance. When employees spot a potential security issue, recognize their contribution. Do the same when they “pass” phishing tests or demonstrate an exemplary approach to their use of your technology.
  • Don’t expect perfection. Yes, after all, we are human. That is what makes employees the biggest threat to your company’s cybersecurity. An occasional reminder that you, too, are human is always helpful. The mistake that is made could be yours.
  • Always err on the side of caution. Need we say more?

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
2105 Leopold Street
Johns Island, SC 29455
843-282-2222 Office/Fax
843-902-6885 Cell

The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 2

April 23, 2018
, , , , , Malware

OOPS!

Oops! That’s the word you never want to hear from your barber, your surgeon, or your pilot.

Business owners are beginning to realize that it is not what they want to hear from any employee working at a company-owned computer – or a BYOD computer linked to the company system.

Last week, we shared some statistics that indicate that company employees may be the biggest threat to your digital data (click here for part 1). To underscore that foundation, we were stunned by one of the findings of a Netwrix 2017 IT Risks Report of government agencies:

“100% of government entities see their own employees as the biggest threat to security.”

Think about that for a minute. Not malware, not data breaches, not hackers, but employees.

The attacks may come from the outside, but the biggest threats are the employees on the inside. In fact, the report also revealed that 57% of actual security incidents among those agencies in 2016 we attributable to employee human error.

computer errorBefore taking comfort in “only 57%,” the remaining 43% had their root cause in “insider misuse.” In this case, insider means “employee.”

Obviously, we are trying to make a point here. It is not that you should consider your employees to be ill-intentioned culprits. It is that you should understand the reality that, although they are probably not the attackers, they are the actors via which attackers gain access.

ICU

Before we share some of the finer details and proven ways to protect your technology from damage by your own personnel, which we shall do next week, we want to emphasize and re-emphasize that the essentially cornerstone of security protection for your technology is having an ICU approach. Perhaps we should say an “I see you” approach.

We are talking about an approach in which activity is monitored for the ability to identify aberrations that typically point to security issues and better position your company to handle the potential threats to your systems.

SPY

Secure and Protect Your Technology

Other than the logistical and operational issues we will discuss in the next article, there are two important obstacles that business leaders must foresee prior to making a bona fide commitment to protecting your technology.

1.   The rapid advance of digital technology is not going to stop or slow down to wait for you to catch up or keep pace.

2.   Some employees will perceive monitoring as a violation of their rights.

In Daniel Boone’s day, advancing pioneers secured a position then developed their operational resources within. Today, new resources are coming at us at a furious pace that security often follows rather than leads. If you are going to commit to advancing technology, you must commit to guarding it.

Employees (those people whom government agencies see as their biggest security threat) must be groomed to understand that it is not their activity that must be protected. It is your data. And it is your digital technology. Reasoning to the next level, savvy employers must change to employee paradigm in such a way that they become protectors of your security rather than perpetrators of OOPS moments that could bring your business to its knees.

You don’t have to be a techie or a geek or understand all the ins and outs of cyberspace. We are here to help you guard your technology. The first step is raising your awareness of the need before the need becomes an emergency. The next step is raising your employees’ awareness.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
2105 Leopold Street
Johns Island, SC 29455
843-282-2222 Office/Fax
843-902-6885 Cell