Cyber Security: Its Good To Talk

Uploaded on 2021-06-02 in TECHNOLOGY--Resilience, FREE TO VIEW

The future of cyber security for all organisations lies in a more proactive approach with management and employees. A proactive security approach is designed to prevent attacks rather than react after an attack has happened. The days of waiting for an attack to be detected, then taking steps to quarantine it have passed. 

Encouraging discussion around the threats people have faced can go a long way to helping others becoming more aware of what to look out for, and to avoid falling victim to cyber criminals themselves.

Phishing is one of the common attacks and is where cyber criminals ‘fish’ for personal data by sending you emails or social media messages that look like they’re from a legitimate sender or business. Punishing people for falling for phishing attacks isn't going to help anyone with cyber security, but showing empathy and being open to mistakes can help people learn how to stay safe online. The best way to approach keeping people safe from online threats is to talk about misjudgments and errors, and to do so in a way that lets them understand that almost everyone has made a cyber security mistake at some point.

Even the most seasoned information security professional will have made mistakes at some point, so it isn't right that everyone else should be chastised or even punished if they click on a phishing link, whether for real or during a company phishing test. It's not unusual for companies to attempt to run cyber security awareness campaigns around shame and fear by punishing or embarrassing employees who fail a phishing test, but often this doesn't help people get to grips with what, for many, is a subject that's still difficult to understand.

If anything, people should be encouraged to talk about the online security mistakes they've made, because not only could it help others be more aware of potential cyber threats, it demonstrates how everyone can make mistakes and that there's nothing for people to be ashamed of if they do fall victim to phishing, social engineering or other forms of attack.

The Dept. of Computer Science and Center for Information Technology Policy at Princeton University conducted a study assessing the security and privacy risks of phone number recycling by mobile characters in the United States. Such a risk could pose a threat to many users, as every time you change your mobile number, your carrier will recycle your previous number. They 'recycle' the number by assigning it to a new phone and corresponding customer. The problem arises when these recycled phone numbers end up granting new customers access to the private information of previous phone users.  In the hands of a new customer who decides to hack into a phone, a recycled telephone number could pose untellable security risks for many users.

Protections may be taken for granted by members of staff when they were at the company premises, and they may not take the required precautions to remain safe when working remotely.

There are many challenges facing businesses in 2021, but unfortunately, we have to count cyber security as one of the most significant amongst them. Your organisation should be doing everything possible to mitigate these risks and find ways to prevent weaknesses and vulnerabilities in your IT systems.

Princeton University:      TechXplore:      CPO Magazine:        ZDNet:      Hermes:      IFSec Global:

You Might Also Read: 

Get The Best Cyber Security Audits & Training In 2021:

 

« Preventing Ransomware Attacks
Online Fraud Costs British Investors £63m »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Nu Quantum

Nu Quantum

Nu Quantum is developing quantum photonics hardware to power the quantum revolution in communications, sensing and computing.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

TraitWare

TraitWare

The TraitWare mission is to increase user and company security while simplifying access to digital and physical resources through the elimination of the need for usernames and passwords.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.

SecureCyber

SecureCyber

Secure Cyber Defense offers industry-leading technology and managed detection and response solutions.

Affinity Technology Partners

Affinity Technology Partners

Affinity Technology Partners has been fueling the growth of Nashville, Tennessee businesses and nonprofits with reliable IT services since 2002.