Making your company more cyber aware
The biggest problem companies face when it comes to cybersecurity is often not the technology; it’s the people. And hackers know this. That’s why it takes more than strong IT to keep your company safe.
Beyond technology, the best way to protect your business from cybercriminals is with a trained and educated cyber aware company culture. It may seem like a large and daunting company initiative, but it isn’t. There are a few corner stones that continue to build up, along with continuing education and strong corporate communication.
Let them know cybersecurity is everyone’s job
Leadership is always where a company culture starts. Employees and contractors, from entry-level to senior management, need to feel that cybersecurity is important to the company. If the executive leadership team values cyber safety, it will trickle its way down to all corners of workplace.
Cybersecurity should be more than just the responsibility of the Information Technology department. A statement by leadership must be delivered that it is up to everyone, beyond IT, to keep cyber criminals out of the company’s network.
Management shouldn’t be the exception to the rule. Management most often have the highest privileged accounts. Allowing management to bypass those safeguard not only put the organization at risk but sets a bad tone from the top.
Train and test your staff
Posters, employee newsletters, training sessions and regular meetings are avenues to communicate across the organization about how everyone can be more cyber aware. Regardless of what methods you choose, you should train staff on a regular basis. Monthly training is highly suggested. It can be via email or face-to-face. Or both.
Beyond training, it is good to see that employees are understanding and retaining the cybersecurity information. While you can trust that the staff is paying attention, it is recommended to test your staff as well.
Send a mock phishing email a little while after a training session or communication. It would be interesting to see who, if anyone, falls prey to the false hack. This shouldn’t be a gotcha for those employees but a change for the organization to focus on more advanced training.
Teach your team that the inbox is the hacker’s favorite target
Based on current trends, cyber attackers are finding email to be the best route for penetrating a company’s security defenses. Trends Labs reports that 91% of targeted cyber-attacks use email as their way to breach networks. Likewise, Ponemon reports that 78% of targeted email cyber-attacks use malware embedded in an attachment.
Addressing targeted email attacks from leadership and your technology department is an essential piece of puzzle when creating a cyber safe culture. This should certainly be a topic addressed in employee training and even onboarding.
Have a password update plan
According to Verizon’s 2017 Data Breach Investigations Report, as many as 81% of hacking-related breaches were caused by leveraging stolen or weak passwords.
Often, employees are not aware of the risks. That is why password education is a great topic to include in cybersecurity training. Require complex password structures and explain the reasoning behind it. Do not allow people to use the default password for more than the first login.
Have a formal cybersecurity plan
Your technology team should contribute significantly to a cyber aware culture and with cybersecurity training. Have the IT folks develop formal cybersecurity training with a documented plan to accompany it. The plan should be reviewed and updated often. Too many companies create cybersecurity plans and teams only to find that the plan becomes dusty and the teams include staff that’s no longer at your company.
Ask for a cyber security advocate from each of your departments like HR, Finance, Sales & Marketing, etc. since this casts a wider net to learn about targeted phishing and helps show that cyber security isn’t just for IT anymore.
No matter how great your CIO or CTO might be, one person alone cannot fight cybercriminals. Create a cyber aware culture and get everyone at your organization involved.
What to look for in Managed IT Services in central Illinois
Outsourcing your company’s IT can be complex. There are many factors to consider and many IT solutions out there. Before you start looking for managed IT services, you need to know what you’re looking for.
Not all IT solutions in central Illinois a created equal. A managed IT service may offer very minimal services or very extensive services and it’s up to you to determine what level of service you need.
On-premise or off-premise IT administration services.
A Managed Service Provider, or MSP, may provide services either on-site or remotely. If services are provided on-site, an MSP may complete hardware upgrades and troubleshoot hardware problems, while working directly with employees to resolve issues. If services are provided remotely, an MSP may operate primarily server-side and through screen sharing. Either way, IT administrative services will bridge any gaps a company currently has with its internal IT department.
Managed cloud services.
Many companies are moving towards cloud-based solutions. MSPs that specialize in cloud services will secure, protect, monitor, and maintain the company's cloud solutions, providing an as-a-Service infrastructure for the company. Companies that want to outsource their software solutions may want to establish a relationship with a cloud-based MSP, as they will be able to deploy the needed cloud-based solutions.
Help desk solutions.
Companies that don't have an internal IT department (or who want to refocus their IT department to higher priority tasks) can use the services of a help desk solution. A help desk solution will respond to trouble tickets from within the company, addressing internal issues and putting out fires. This frees up the company's own IT staff for more important tasks.
Data backup and protection.
Data is central to the operations of the modern business. MSPs may provide advanced data backup and protection suites, which will protect the company's data from malicious attacks or negligence. Frequently, cloud-based backup solutions are used to redundantly sync and protect data.
Security solutions.
Security-as-a-Service is becoming a more popular way to protect a company's infrastructure and its data. Advanced security solutions are able to monitor a network environment and identify potentially malicious behavior. An MSP will be alerted to security issues and can work to mitigate them quickly.
TimbukTech offers all of these services, so it’s time to assess your current IT infrastructure and pain points to determine the services that you need. We can walk you through the assessment in a short meeting to begin to develop a plan for your business going forward.
The needs of a company can vary depending on its industry. TimbukTech specializes in quite a few industries including financial, healthcare, local government, manufacturing, retail, and small business. Our experience in these industries makes us very knowledgeable and ready to take on industries beyond these as well!
A managed IT service provider is going to work with you as a partner. Once you find the right fit, you’re sure to improve upon and optimize your company’s entire IT infrastructure. Give TimbukTech a call at 309-444-7263 to begin exploring your options close to home!