Cyber Security: Its Good To Talk

The future of cyber security for all organisations lies in a more proactive approach with management and employees. A proactive security approach is designed to prevent attacks rather than react after an attack has happened. The days of waiting for an attack to be detected, then taking steps to quarantine it have passed. 

Encouraging discussion around the threats people have faced can go a long way to helping others becoming more aware of what to look out for, and to avoid falling victim to cyber criminals themselves.

Phishing is one of the common attacks and is where cyber criminals ‘fish’ for personal data by sending you emails or social media messages that look like they’re from a legitimate sender or business. Punishing people for falling for phishing attacks isn't going to help anyone with cyber security, but showing empathy and being open to mistakes can help people learn how to stay safe online. The best way to approach keeping people safe from online threats is to talk about misjudgments and errors, and to do so in a way that lets them understand that almost everyone has made a cyber security mistake at some point.

Even the most seasoned information security professional will have made mistakes at some point, so it isn't right that everyone else should be chastised or even punished if they click on a phishing link, whether for real or during a company phishing test. It's not unusual for companies to attempt to run cyber security awareness campaigns around shame and fear by punishing or embarrassing employees who fail a phishing test, but often this doesn't help people get to grips with what, for many, is a subject that's still difficult to understand.

If anything, people should be encouraged to talk about the online security mistakes they've made, because not only could it help others be more aware of potential cyber threats, it demonstrates how everyone can make mistakes and that there's nothing for people to be ashamed of if they do fall victim to phishing, social engineering or other forms of attack.

The Dept. of Computer Science and Center for Information Technology Policy at Princeton University conducted a study assessing the security and privacy risks of phone number recycling by mobile characters in the United States. Such a risk could pose a threat to many users, as every time you change your mobile number, your carrier will recycle your previous number. They 'recycle' the number by assigning it to a new phone and corresponding customer. The problem arises when these recycled phone numbers end up granting new customers access to the private information of previous phone users.  In the hands of a new customer who decides to hack into a phone, a recycled telephone number could pose untellable security risks for many users.

Protections may be taken for granted by members of staff when they were at the company premises, and they may not take the required precautions to remain safe when working remotely.

There are many challenges facing businesses in 2021, but unfortunately, we have to count cyber security as one of the most significant amongst them. Your organisation should be doing everything possible to mitigate these risks and find ways to prevent weaknesses and vulnerabilities in your IT systems.

Princeton University:      TechXplore:      CPO Magazine:        ZDNet:      Hermes:      IFSec Global:

You Might Also Read: 

Get The Best Cyber Security Audits & Training In 2021:

 

« Preventing Ransomware Attacks
Online Fraud Costs British Investors £63m »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Hush

Hush

Hush is a premium privacy service that gives people unprecedented visibility and control of their digital footprint. Hush assesses threats, and goes to work to eliminate digital risks on your behalf.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!

P3M Works

P3M Works

P3M Works delivers Cyber Security and Digital Transformation projects across both private and public sector clients.