As a consultant and provider of cybersecurity services, I am often asked by bankers and other business owners what is the “one thing” that they should be doing to secure their businesses from cyber-attacks and malware. The answer I give does not involve installing the latest and greatest firewall, using a specific brand of antivirus or making use of a real-time intrusion protection system (although all of these are important components of a secure system). The “one thing” I recommend most is that they implement and effective Security Awareness Training program for all employees.
What, me worry? Once, not so long ago, IT security (now commonly rebranded as cybersecurity) was considered the concern of large organizations and governments protecting proprietary information. Antivirus and a decent firewall was enough to protect my small business. "After all, I’m too small to have anything of interest to hackers."
Risk Appetite is the amount of exposure to cyber security threats your business is willing to accept in order to compete effectively or gain a competitive advantage within your market. Accepting zero risk is no more realistic than pledging to go on a zero calorie diet. A certain amount of Internet exposure is necessary to keep your business alive but your inherent risk is directly linked to the number of points that your IT systems make contact with the public Internet. The key is to eliminate unnecessary risk while recognizing and controlling the necessary links to the outside world.
It seems like only yesterday that we finally replaced that last Windows XP machine, Windows 8 looks difficult to use and now they’re telling us that Windows 7 is in “extended support.” Windows 10 has been out since July 10 of this year. What should we do?
As an IT Auditor with responsibility to assure information security, I’m often asked “what is the one thing that keeps you up at night that could result in a data breach?” My simple answer is “social engineering.” Television and the movies might lead you to believe that the world is full of hackers using sophisticated technology to subtly sneak through your defenses. But the truth is that the bad guys are using common internet features like email, social media and web sites to trick you into opening the door for them. Fortunately, there is something you can do to shore up your virtual walls against the attacking hordes.