business partners shaking hands

Making your company more cyber aware

The biggest problem companies face when it comes to cybersecurity is often not the technology; it’s the people.  And hackers know this. That’s why it takes more than strong IT to keep your company safe.

Beyond technology, the best way to protect your business from cybercriminals is with a trained and educated cyber aware company culture. It may seem like a large and daunting company initiative, but it isn’t.  There are a few corner stones that continue to build up, along with continuing education and strong corporate communication.

Let them know cybersecurity is everyone’s job

Leadership is always where a company culture starts. Employees and contractors, from entry-level to senior management, need to feel that cybersecurity is important to the company. If the executive leadership team values cyber safety, it will trickle its way down to all corners of workplace.

Cybersecurity should be more than just the responsibility of the Information Technology department. A statement by leadership must be delivered that it is up to everyone, beyond IT, to keep cyber criminals out of the company’s network.

Management shouldn’t be the exception to the rule.  Management most often have the highest privileged accounts.  Allowing management to bypass those safeguard not only put the organization at risk but sets a bad tone from the top.

Train and test your staff

Posters, employee newsletters, training sessions and regular meetings are avenues to communicate across the organization about how everyone can be more cyber aware. Regardless of what methods you choose, you should train staff on a regular basis. Monthly training is highly suggested. It can be via email or face-to-face. Or both.

Beyond training, it is good to see that employees are understanding and retaining the cybersecurity information. While you can trust that the staff is paying attention, it is recommended to test your staff as well.

Send a mock phishing email a little while after a training session or communication. It would be interesting to see who, if anyone, falls prey to the false hack.  This shouldn’t be a gotcha for those employees but a change for the organization to focus on more advanced training.

Teach your team that the inbox is the hacker’s favorite target

Based on current trends, cyber attackers are finding email to be the best route for penetrating a company’s security defenses. Trends Labs reports that 91% of targeted cyber-attacks use email as their way to breach networks. Likewise, Ponemon reports that 78% of targeted email cyber-attacks use malware embedded in an attachment.

Addressing targeted email attacks from leadership and your technology department is an essential piece of puzzle when creating a cyber safe culture. This should certainly be a topic addressed in employee training and even onboarding.

Have a password update plan

According to Verizon’s 2017 Data Breach Investigations Report, as many as 81% of hacking-related breaches were caused by leveraging stolen or weak passwords.

Often, employees are not aware of the risks. That is why password education is a great topic to include in cybersecurity training. Require complex password structures and explain the reasoning behind it.  Do not allow people to use the default password for more than the first login.

Have a formal cybersecurity plan

Your technology team should contribute significantly to a cyber aware culture and with cybersecurity training. Have the IT folks develop formal cybersecurity training with a documented plan to accompany it. The plan should be reviewed and updated often. Too many companies create cybersecurity plans and teams only to find that the plan becomes dusty and the teams include staff that’s no longer at your company.

Ask for a cyber security advocate from each of your departments like HR, Finance, Sales & Marketing, etc. since this casts a wider net to learn about targeted phishing and helps show that cyber security isn’t just for IT anymore.

No matter how great your CIO or CTO might be, one person alone cannot fight cybercriminals. Create a cyber aware culture and get everyone at your organization involved.


Busy man working with computer while talking on phone

Your IT guy won’t beat an MSP

Does your company work with a Managed Services Provider (MSP) like TimbukTech or are you relying on a “tech guy” in-house? We’re willing to bet that you’re relying heavily on a “tech guy” and hoping you don’t run into any difficulties. There are some drawbacks to that logic. Let’s take a look.

IT is the secondary role of your employee

Often, we find that your employee was not hired to be the IT guy, but in fact he’s the receptionist first and IT guy second. His core duties are scheduling, taking and making phone calls, routing email, directing visitors around, and much more. On top of these primary duties, your whole company is calling on this employee to fix their tech issues. At this point, he’s doing two jobs. It’s highly likely that this employee is not doing either job to his fullest ability as he can’t focus on one at a time.

Employee burnout

When one person is handling two jobs at the same time, the effort can really bog them down. He was asked to be a tech person because he knows a few things about computers and now that everyone’s aware of that, they’ll be calling upon him frequently. Anyone who has taken on extra duties beyond their core role knows that it is easy to get burnt out fairly quickly.

So now we ask, what if that employee quits? What happens when things turn ugly late at night? Is it up to this overworked employee to get up and come in to handle the situation? If he can’t come in until the next day, what does this mean for the company? Downtime can be costly.

Employee limitations

“The tech guy” can come with many limitations. Out of 40 hours in the workweek, how many are to be spent on their primary occupation and how many are to be spent on tech?

Another limitation might be training. It’s likely that this person has never read a page of a Network+ book, taken the MCSE test, or had any other IT training. Yet your company has him poking around in the network. What happens when he makes a mistake that brings the network down? Now you’re hiring a 3rd party anyway to come in and fix what’s broken. That can be expensive … often over $120 an hour, plus loss of business!

MSPs can help

When we come across a client that uses a “tech guy” in-house, we ask the following questions to assess lost revenue.

  • When was the last time your server was down?
  • How long did it take to bring it back up?
  • Were you able to conduct business without the server?
  • Did your tech person know how to fix the IT issue?
  • Did you need to call in a 3rd party to fix the IT issue?
  • How many times has the server or network gone down? Is this a fairly common occurrence?

The underlying cost of downtime could equate to a lot more than a monthly agreement with TimbukTech as your MSP. We’re here to help you understand the implications of not having a solid IT solution. Let’s explore your business’ options. Give us a call at 309-444-7263 and we’ll go through your specific needs and weigh your options.