Winxnet University – Security Awareness Training
Earlier this fall, we started Winxnet University, an educational lunch and learn series designed to educate our customers on a variety of different IT matters. As part of this series, I conducted a Security Awareness Training and focused on social engineering and how to minimize the risk of becoming a victim.
In the wake of recently publicized cyber security attacks, such as the Equifax breach, the Defray ransomware, the BlueBorne malware, the BadRabbit attacks, many of our customers ask, “am I safe?”. And although it is very human and emotionally predictable, that is NOT the right question to ask. It isn’t, simply because the answer is inevitably ‘no’. Unfortunately, no one is ever safe - there is no way to be 100% secure from all cyber security threats. The right question is “am I safe enough?”. But then what is enough?
The good news for most of us is that we do not need to go all out to be secure. In many of my presentations, I often joke that you do not need to outrun the bear, just just run faster than your friend or others like you. Your goal is not to be 100% secure, which is impossible, but rather have enough controls in place to make it difficult and expensive for the bad guys to go after you. And trust me, they will go after someone else. We are rarely a direct target of someone’s attention.
How do we go about it? It is not that complicated. Here are the top couple things to get you started on the right path:
- Foster a Security Culture. Involve people from various departments in your organization to put security efforts in a documented framework, called information security program. It will define what you are trying to protect and how you are going to do it.
- PICNIC. This acronym stands for Problem in Chair, Not in Computer. Computers don’t make mistakes, people do. Educating your staff as part of building a culture of security should be very high on your priority list.
These are just a few things your organization can do to be more secure. If you feel as though your organization is not where you need to be from a security standpoint, it’s time for a conversation with our Managed Security Services team.