CyberSecurity Awareness Month: Creating a Culture of CyberSecurity in the Workplace
While information security should be a priority among the leaders of any organization, the cooperation of every employee is essential in order to create a secure work environment.
Creating a culture of cybersecurity involves several steps. Companies whose employees know how to recognize phishing emails, know not to allow strangers to "tailgate" behind them through secure doors, know not to pick up and use random USB sticks and know not to install unauthorized apps or software onto company-owned equipment are more secure.
Employees are security's "weak link," but without an executive "champion," security policies don't get implemented and training and updates get overlooked. A champion also informs employees on the policies and practice their company expects them to follow and why.
So how do leaders create the security culture at work?
- Acknowledge There Are Threats: Apathy is one of the most serious threats a company can face. If you believe you're too small or don't have enough intellectual and customer data to attract hackers, you've already lost the security battle.
- Know Your Basics: Your IT security budget isn't as robust as that of a large organization, so hackers are more likely to target your technology and your people. Leaders develop processes for securing applications and infrastructure, implement them, train their staff, and then update and test these processes regularly.
- Track Your Metrics: After developing your processes, you should create methods to identify and analyze how these threats impact your company's bottom line. This helps you determine the tools and strategies you need to fight these threats.
Purchasing equipment and allowing the technology to counter the threats is a necessary step, but it simply won't address the "people problem."
According to a recent Sword & Shield white paper, employees don't consider company data as important as their own personal information. Educating your employees about the value of your data and your policies and the importance of protecting it is one of the most critical aspects of your threat defense.
A managed security service provider
can help small and mid-sized businesses plug gaps while ongoing vulnerability assessments help you pinpoint where you need help the most.
Let Sword & Shield be your partner for a secure future by contacting us at 865-244-3500 or via email at email@example.com
Capture the Flag Competition Creates Learning Experience for Sword & Shield Team
Recently, the Sword & Shield pentest team made our annual pilgrimage to Louisville, KY to attend one of the best InfoSec conferences in United States, DerbyCon
Derbycon is a conference for hands-on security professionals by hands-on security professionals. Talks range from security 101 to advanced kernel exploitation techniques.
Training plug: As a side note, I took the Corelan Foundations
exploit development training there and I must say this was one of the best courses I have ever taken. The course is created by corelanc0d3r
and was taught by Corelan team members Lincoln
. I highly recommend it if you are interested in software exploitation and exploit development.
During the conference, we participated in the Capture-The-Flag competition, along with our good friend Stephen Haywood (Twitter: @AverageSecurityGuy
). If you are not familiar with CTF events, see here
. We ended up placing a reluctant eighth in the competition after we ran into a problem that was a valuable learning opportunity for us (the whole point of a CTF anyway) and felt it would be valuable to share. See More Other Blog Posts: Are You Staying Protected While Always Connected? CyberSecurity Month: Layered Security Unites Defenses to Protect Data
Risk Management Conference: Bill Dean to Speak
Sword & Shield Director of Computer Forensics and Security Assessments Bill Dean will present, "Addressing Today's Advanced Threats" at Scott Insurance's 2015 CFO/CPO Risk Management Conference on Wednesday, Nov. 4.
The conference is at the Grandover Resort and Conference Center in Greensboro, NC from 8:30 to noon.
For more information or to register for the conference, please visit Scott Insurance's website