Building a Security Savvy Culture
Digital security is vitally important to the short- and long-term success of your business. The exponential growth of data storage and online transactions have become a magnet for criminals looking to get rich at your expense.
In the short term, breaches interrupt daily activity and drain the financial resources you need to keep your business operating. Being shut down by ransomware steals away hours or days of productivity and potentially tens of thousands or millions of dollars.
In the long term, repeated security issues will hurt your reputation and drive your customers away. Most people don’t want to keep their life savings in a bank that has been robbed or keeps getting robbed. The same goes with their personal data. They’ll move their business toward organizations they feel they can trust.
Reach Out To a Security Expert
If you’d like to make sure you’re taking the appropriate security precautions,
please reach out using the button below!
The Root of (Almost) All Losses
Most people and organizations operate under the assumption that their security software will take care of them. And to some extent, they’re right. Big name computer security firms are always working hard and doing more to help protect identities and data. But criminals are also always increasing their capacity to steal and destroy. That means the escalating technological arms race between hackers or other cyber criminals and businesses will continue. There is, however, an even more important element to cyber security that is often overlooked: human behavior. All the technology in the world can’t protect someone if they willingly disclose their passwords or social security number.
A 2014 study by IBM found that human error was the primary cause of 95% of all cyber security breaches.
Our decades of experience have taught us the same thing. Clever phishing scams are designed to trick unsuspecting users into disclosing private or sensitive information. Someone may think they’re checking their bank balance or updating their credit card account password but they’re really on a fake website, sharing their password with criminals. That’s why we believe the strongest defense of all is a well-educated workforce. Thieves always look for easy prey. With a combination of top-notch technology and a savvy staff, you’ll be the least attractive target on the block.
It Starts At The Top
Cyber Security Savvy is built on a foundation of knowledge, but it becomes impenetrable when it is a part of company culture. And culture starts at the top. Executives and management need to believe in the importance of Security Savvy and live it out. They need to elevate it as a normal topic of conversation and give it the status it deserves among business-building initiatives. Sending an email that tells everyone to take the occasional training course is not enough. Leaders should foster an ongoing conversation with employees and encourage them to speak up about their own security concerns and what they’re experiencing in their day-to-day activities. Then, when they do speak up, listen to them, thank them for sharing, and take relevant action to improve security in a way that’s symbolic of their involvement. Two heads are better than one, but a hundred heads are even better.
Why The Cloud Is Important
There’s a principle out there called “Least Privilege Access.” It means that information system users should only have access to the minimum amount of data they need to do their jobs well. Like security clearance at the CIA. You don’t give an intern access to the company’s Top Secret financial records or the password to the server where client credit card numbers are saved. Like other security measures, Least Privilege Access can’t be a passive, set-it-and-forget-it step. The whole spirit of Least Privilege Access needs to become part of the organization’s culture. Ideally, employees should come to their managers to report that they have access to more data or private information than they need.
It all starts with building the attitude that every employee is personally responsible for the security of the organization. Many feel privileged or special when they get access to more information. It makes them feel like part of the inner circle. Like they’re “in the know.” But if they start to understand that they are liable for the security of company or client information, they should want to avoid the data they don’t need and be on the lookout for the same amongst their colleagues. Access to company information is a responsibility, not a privilege.
Getting Physical For Security
Cyber Security takes many forms. Some, as we have discussed, live in the heart and mind. But some security measures will always live in the physical world. Here are a few ideas of the physical things you can do to develop a security conscious culture and lock down access to valuable information.
Posters & Signs
This is part of developing a Security Savvy staff and culture. Remember those great motivational posters about Teamwork and Excellence? Try posters or other signs with information about security-enhancing ideas, reminders, and other information to educate and encourage secure behavior.
Lock & Key
Network closets, server rooms, and even devices should also be secured under lock and key. Keep areas with networking hardware and servers locked 24/7. The only people who need to get in there are your IT professionals anyway. And when it comes to devices, a laptop can be far more valuable than a Rolex when you think about the access it has to private information. All someone has to do is dress up like a janitor and swipe a laptop to cause a big problem. Use cable tethers with locks for desktops and stow laptops in locked desk drawers when not in use.
Macro Connect has been helping Detroit-area businesses and schools deal with the ever-growing cyber security challenges for many years. We are, however, always growing, improving, and looking for new ways to protect client data. Enter TotalSecure.
TotalSecure is a bundled combination of the a-la-carte tools many of our clients already use to protect their business, organization, or school from digital-age criminals at the most common source – end users. There are five core components, each of which address a different pillar of optimal Cyber Security:
- Usecure – Ongoing cybersecurity training on the latest threats, including quarterly phishing simulations and individualized risk assessments for each employee.
- Inky – Advanced phishing protection that color-codes each email by its level of suspiciousness and sandboxes malicious links if they are clicked.
- Datto RMM & Patch Management – Ongoing monitoring of end-user devices and proactive management of performance and security updates.
- BitDefender AV & Workstation Encryption – Enterprise antivirus (AV) and device encryption to protect critical data stored on devices if it falls in the wrong hands.
- Acronis Workstation Backup – Cloud storage to secure user data and prevent data loss in the case of a device compromise or failure.
We’re excited to make this comprehensive set of products and services easier to implement, and thus a simple step any organization can make to take a major leap towards securing its data.
Taking The First Step
Macro Connect’s team of experienced IT professionals can help keep your business or organization safe from the threat of cyber security breaches. Our comprehensive TotalSecure offering addresses the most common Cyber Security issues at the most common entry points. If you want to learn more about TotalSecure, or just talk about why we think Cyber Security needs so much attention, give us a call. Our expert team is standing by and excited to help you better understand the world of Cyber Security. To get started, reach out and schedule a strategy appointment with one of our Client Solutions experts today!