Cyber Security: Its Good To Talk

The future of cyber security for all organisations lies in a more proactive approach with management and employees. A proactive security approach is designed to prevent attacks rather than react after an attack has happened. The days of waiting for an attack to be detected, then taking steps to quarantine it have passed. 

Encouraging discussion around the threats people have faced can go a long way to helping others becoming more aware of what to look out for, and to avoid falling victim to cyber criminals themselves.

Phishing is one of the common attacks and is where cyber criminals ‘fish’ for personal data by sending you emails or social media messages that look like they’re from a legitimate sender or business. Punishing people for falling for phishing attacks isn't going to help anyone with cyber security, but showing empathy and being open to mistakes can help people learn how to stay safe online. The best way to approach keeping people safe from online threats is to talk about misjudgments and errors, and to do so in a way that lets them understand that almost everyone has made a cyber security mistake at some point.

Even the most seasoned information security professional will have made mistakes at some point, so it isn't right that everyone else should be chastised or even punished if they click on a phishing link, whether for real or during a company phishing test. It's not unusual for companies to attempt to run cyber security awareness campaigns around shame and fear by punishing or embarrassing employees who fail a phishing test, but often this doesn't help people get to grips with what, for many, is a subject that's still difficult to understand.

If anything, people should be encouraged to talk about the online security mistakes they've made, because not only could it help others be more aware of potential cyber threats, it demonstrates how everyone can make mistakes and that there's nothing for people to be ashamed of if they do fall victim to phishing, social engineering or other forms of attack.

The Dept. of Computer Science and Center for Information Technology Policy at Princeton University conducted a study assessing the security and privacy risks of phone number recycling by mobile characters in the United States. Such a risk could pose a threat to many users, as every time you change your mobile number, your carrier will recycle your previous number. They 'recycle' the number by assigning it to a new phone and corresponding customer. The problem arises when these recycled phone numbers end up granting new customers access to the private information of previous phone users.  In the hands of a new customer who decides to hack into a phone, a recycled telephone number could pose untellable security risks for many users.

Protections may be taken for granted by members of staff when they were at the company premises, and they may not take the required precautions to remain safe when working remotely.

There are many challenges facing businesses in 2021, but unfortunately, we have to count cyber security as one of the most significant amongst them. Your organisation should be doing everything possible to mitigate these risks and find ways to prevent weaknesses and vulnerabilities in your IT systems.

Princeton University:      TechXplore:      CPO Magazine:        ZDNet:      Hermes:      IFSec Global:

You Might Also Read: 

Get The Best Cyber Security Audits & Training In 2021:

 

« Preventing Ransomware Attacks
Online Fraud Costs British Investors £63m »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

TeleTrusT

TeleTrusT

TeleTrust is an IT Security association and network for IT security comprising members from industry, administration, consultancy and research.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

International Cybersecurity Forum (FIC)

International Cybersecurity Forum (FIC)

The International Cybersecurity Forum (FIC) has established itself as the benchmark event in Europe in terms of digital security and trust.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

EVVO LABS

EVVO LABS

EVVO Labs empower your business with the latest IT capabilities to get you ahead of your competitors. We are experts at converging technologies to build your digital transformation.