Cybersecurity is like an illness. Efrain Ortiz, a CISSP (Certified Information Systems Security Professional) for Symantec, recently discussed how, like the flu, cybercriminals push past our defenses and, most importantly, what we can do to stop them.
Ortiz pointed out during the fifth annual North American International Cyber Summit that there is more conversation about preventing or ending wars than general illnesses. But more people die from illness than from war. The same is true with cybersecurity. We focus our attention on cyber warfare – international attacks on other nation’s computers or information, but hacking, data breaches and ransomware are much more common and speak to the need for prevention, education and promoting safe online behavior.
We are all susceptible to illness. But how do we prevent it? We prepare. We eat healthy, go to the doctor and floss our teeth. We’re taught these healthy habits from an early age. Our parents remind us to cover our cough at every opportunity and wash our hands so much that it becomes second nature.
When looking through this lens, it seems preposterous to only discuss cybersecurity after a data breach. Cybersecurity needs to be an ongoing conversation.
Ortiz cited that, in the past year, 64 percent of government breaches were a result of information being shared accidentally. He then joked that you “don’t plug random USBs into your computer just like you wouldn’t pick up a random sandwich and eat it.” While this seems like common sense, lack of knowledge is what keeps us at risk.
Best practices must also be implemented and followed to prepare not for if an attack happens, but when. Continued education is the best defense against the inevitable. So, how can you create an open dialogue around cybersecurity at your business? Start with one (or all) of these tips:
1. Regularly talk about cybersecurity at staff meetings, in internal newsletters or even periodical emails.
2. Organize regular training sessions for employees. Be sure to include employees at every level from phone operators to the sales team.
3. Consistently test employees on their security knowledge to gauge the effectiveness of your trainings.
4. Create an open-door policy when it comes to security concerns and encourage employees to report anything that seems suspicious.
5. Enforce strong password policies. The strongest passwords are a combination of uppercase and lowercase letters, numbers and symbols. Mandate that passwords be changed frequently.
6. Have a plan in place in case a security breach happens.
It may take a little trial and error, but your business can’t afford to wait. For more tips on cybersecurity and technology, download Airfoil’s recently published eGuide: “Seven Ways Cyber Threats Should Turn Your Crisis Communications Plan on its Head” below.