Microsoft warns wormable Windows bug could lead to another WannaCry

Microsoft warns wormable Windows bug could lead to another WannaCry

Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released
/
A Tough Week for IP Address Scammers

A Tough Week for IP Address Scammers

In the early days of the Internet, there was a period when Internet Protocol version 4 (IPv4) addresses (e.g. 4.4.4.4) were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various
/

Cybersecurity In Corporate Training

Over the years, I have had the opportunity to travel often for my career. Of all the cities I’ve visited, London is one of my favorites. On a recent visit, one thing became overwhelmingly clear; The city aims to build awareness in its citizens and visitors and to change their behaviorsHow so? You have probably seen a version of the famous London Underground sign: MIND THE GAP.

If you aren’t familiar with it, this insignia is displayed at the edge of train platforms to remind passengers of the gap between the walkway and the train car. The purpose of the message is to boost awareness and ultimately, alter passenger behavior. Similarly, this is also the purpose of training in corporations – to increase the awareness of employees, to change their behaviors and increase their safety.

Over the last few decades, companies have reacted to legal and financial threats, as well as safety threats, by building a collection of mandatory training for their personnel. Following the founding of OSHA in the 70’s, we saw a rise in training around safety-related behaviors, both in the field and in the office. In the 80’s, sexual harassment was a hot topic, and even lawyers joined the business of training clients on both the law itself, and the behaviors that were and were not acceptable. Following major ethical lapses and the Enron failure in 2001, corporations set their sights on ethics training. Today, those training topics are the norm, and new topics continue to be added in, such as cultural sensitivity, and improving diversity in the workplace.

These surges in training topics usually follow months or even years of accidents, injuries, lawsuits, and/or bad press. After years of data breaches, data privacy concerns, and the next wave of internet connected devices, cybersecurity has now reached that threshold. Given current risks to data privacy and work product, here is the question:

Why hasn’t cybersecurity awareness training been added to every corporate training program?

If we are aware of the gap, why aren’t we using training to lessen our risk? Look at the list of required training in your own company – you will likely find the classics, but is there anything focused specifically on cybersecurity?  Should you care? The answer is yes because, of course, the gap presents a risk to any business, especially considering following factors.

  • Unawareness
    Awareness is the first step to change. Unfortunately, the majority of people are largely unaware of the cyber risks they face every day at work. Ask the next 10 people you see, “Do you use the cloud at work?” Most will say no. Then ask if they’ve checked Facebook. The answer will be “of course”, but they are missing the fact that Facebook is cloud. What would happen if you called 10 users in your organization and asked for their passwords while masquerading as the Helpdesk? Research shows that a high percentage of people will willingly give you their password without asking for any verification.
  • The Rise of BYOD
    Gartner predicts that in 2017, 90% of organizations will support some aspect of a BYOD (Bring Your Own Device) strategy. As BYOD programs grow and users have more and more company data on their personal devices, employers are losing visibility over data and where it is stored. Additionally, in many countries, privacy laws make it difficult for a company to delete or recover data from an employee’s phone, so companies are losing access and control, as well.

Once aware, employees understand the risks and can adopt behaviors to better protect themselves and their organization’s data. They must limit exposure to risk by knowing what to, and what NOT to do.

Training can enlighten and empower employees, but safe cyber behaviors must be integrated into the culture, “baked in – not bolted on”, as they say. Phishing campaigns and other security initiatives can be included, in order to strengthen the overall training effectiveness. Train your employees from day one – Include cybersecurity training in onboarding, remind them in meetings, re-enforce the positive behaviors and track the risky ones. Build the cultural awareness, and reinforce it with annual refresher training. The cyber train is coming – Mind the gap!

By Ann Steel, Manager –  Enaxis Consulting

Cloud Syndicate

The 'Cloud Syndicate' is a mix of short term guest contributors, curated resources and syndication partners covering a variety of interesting technology related topics.

Contact us for syndication details on how to connect your technology article or news feed to our syndication network.

CISSP® Exam Prep Course

CISSP® Exam Prep Course

The CISSP® Exam Prep Course prepares test-takers for the Certified Information Systems Security Professional exam, as administered by the International Information System Security Certification Consortium (ISC)2. The CISSP® certification is recognized worldwide and adheres to the strict standards of ISO/IEC ...

$549.00Enroll Now

CompTIA Cloud+ Basic Bundle

CompTIA Cloud+ Basic Bundle

CompTIA Cloud+ validates the expertise needed to maintain and optimize cloud infrastructure services. IT professionals certified in Cloud+ can better realize the return on investment of cloud infrastructure services. Unlike other certifications, which may focus on a specific vendor or ...

$458.00 $449.00Learn More

How Blockchain Could Be The Solution To Many of the Problems in Healthcare

How Blockchain Could Be The Solution To Many of the Problems in Healthcare

Blockchain Can Solve Many Healthcare Problems Emma decides to see a primary care physician after she witnesses a series of ...
What makes ‘Cloud’ a dependable solution for the independent field workforce?

What makes ‘Cloud’ a dependable solution for the independent field workforce?

5 Reasons to Switch from Paper to Digital! The web of wireless networks has connected the entire world. It’s not ...
10 Enterprise Analytics Trends to Look Out For in 2019

10 Enterprise Analytics Trends to Look Out For in 2019

10 Enterprise Analytics Trends Today’s intelligent world requires more from businesses then they have ever had to deliver. Prioritizing and ...
Multi or Hybrid Cloud, What’s the Difference?

Multi or Hybrid Cloud, What’s the Difference?

Multi Cloud You’ve likely heard about the latest trend in cloud computing commonly referred to as multi-cloud, and it is ...
Survey results reveal the biggest Artificial Intelligence challenges

Survey results reveal the biggest Artificial Intelligence challenges

Biggest Artificial Intelligence Challenges We’ve been told countless times over the past few years what an impact Artificial Intelligence (AI) ...
Key Findings of the 2018 IDG Cloud Computing Study

Key Findings of the 2018 IDG Cloud Computing Study

IDG Cloud Computing Study The results of the 2018 IDG Cloud Computing study highlight how interest in the technology isn’t ...
Six Major Data Breach Trends

Six Major Data Breach Trends

Major Data Breach Trends It seems like the moment the security industry collectively comes to grips with the latest publicly ...
Load Testing Tools

Load Testing Tools

LOAD TESTING TOOLS SMARTBEAR LoadComplete is software that simulates users and creates realistic load tests. No coding is required. Users ...