We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
10
20
2016
3.1.2023

This Cybersecurity Month, Cultivate a Security Culture at Work

Last updated:
9.16.2020
3.1.2023
No items found.
cybersecurity meeting

If you work in IT, the idea of a data breach is probably a lot spookier than some ghost invading the data center. October is Cybersecurity Month in the United States, and organizations like the FBI, the National Cyber Security Alliance, Sophos, and others are promoting secure digital practices for home users and businesses. It’s the perfect time to reevaluate your approach to cybersecurity and make sure you’re cultivating a culture of cybersecurity.

With ransomware continuing to spread at an ever more rapid clip and the cost of IT system downtime hitting over $1 million for the average enterprise, you can’t afford to lose productivity to viruses, malware, or stolen intellectual property. Here are some quick tips to help foster secure digital practices in your workplace.

 

1) Don’t fearmonger, but make the threat real

You don’t want to get overly scary, even if it is the Halloween season. Workers are more likely to make fun of you for being dramatic if you’re too heavy handed with the examples of cyber threats. But you do need to make sure employees understand how real digital threats can be.

This will probably involve getting some kind of higher up support from executives or the C-suite, as the weight of their advice is more than a communication from “someone in the IT department.”

Point out the overall cost to businesses (which can be in the millions for large enterprises, and the hundreds of thousands for small businesses). Stress different attack angles for different departments – showing your finance team these overall costs, or how e-mail spoofing is used to secure wire transfers, while you instead show lower level employees phishing or social engineering attacks, like leaving a preloaded USB stick around the office waiting to be plugged in by an unsuspecting mark.

 

2) Keep awareness high

Once employees know about the risks, they’re likely to go ahead and forget about them or ignore them for the sake of convenience. Writing passwords down and keeping them short is easier, after all!

Leverage your internal communications team to keep awareness around cybersecurity practices high with regular communications, notifications about breaches in your industry, and public announcements via posters, e-mail, or meetings. When a major zero day vulnerability comes out, or just periodically throughout the year, remind everyone they should be updating their software regularly.

Don’t just broadcast, though. Get employees involved with competitions, mandatory trainings with rewards, or public call outs, either for screw ups or congratulations.


3) Train employees about the most common threats

Phishing, malware, ransomware, and social engineering are real possibilities in your data center or even in a typical office. Employees need to be trained to use strong passwords, avoid clicking on suspicious e-mails, and to confirm identities before divulging sensitive information or granting physical or digital access.

Start with new employee training materials and a company-wide meeting led by your CTO, CSO, or other high level manager. Add reminders on login to new services. Set strong password requirements and automatically force passwords to expire – but make sure users know why they have to adhere to these requirements.

Keep the concepts simple and easy to implement for users. Explain the importance of two factor authentication. License or preinstall a password manager for each employee. Set automatic updates on all company-owned devices, or explain why updates are vital for antivirus tools and operating systems.

The most common threats can be caught with a combination of strong passwords, regular patching and updates, an antivirus/antimalware tool, limiting access to sensitive information, and regular monitoring.

 

4) Test and measure your efforts

An example above of making the threat real involves leaving a USB stick around the office that is preloaded with software. This is one way to mimic a real attack. Of course you don’t want to install real malware on someone’s work machine, but having a fun image pop up, or even just reporting that the device has been plugged in to a central record, can be one way to test if your training is actually working.

Periodic tests for employees are another way to check that your training has penetrated memory and daily practice.

Encouraging reporting of suspicious activity by employees can give you further insight. Include a formal reporting process as part of your training and cybersecurity practices, then see if you receive more reports after six months.

 

While the initial effort might seem daunting, laying the groundwork for strong cybersecurity starts with your employees. They're on the front lines for most attacks, which are less likely to come via sneaking in the digital backdoor than by coming in through the front in sheep's clothing.

Recent Blog Posts

lunavi logo alternate white and yellow
5.23.2023
04
.
26
.
2023
Using Azure AI and Logic Apps to Reverse Engineer SMS Search Engines

There used to be entire companies providing SMS answering services. In 2006, one such company was valued at $6 million. Come along as we build the same system in Azure, almost for free, in 2 hours or less!

Learn more
lunavi logo alternate white and yellow
5.23.2023
04
.
12
.
2023
Security Technologies in Microsoft Azure AD: An Overview

Microsoft Azure AD offers a wide range of security technologies that help organizations protect their data and applications against various cyber threats. Learn how to leverage these advanced security technologies in your Azure environment.

Learn more
lunavi logo alternate white and yellow
4.3.2023
03
.
24
.
2023
Getting Started with Azure OpenAI

It's no secret that Microsoft is making waves in AI technology with significant investments in OpenAI, one of the world's leading Artificial Intelligence companies. Everyone is curious about AI abilities, but how can you use AI in your Azure space? One of Lunavi's lead developers will take you through the journey of implementing AI platforms like ChatGPT into your Azure environment.

Learn more