Your IT support has their hands full with cybercrime because of three key things
- People (the non-IT people within the business)
- Vulnerabilities in hardware and software
- The type of person that provides good traditional IT support
GET YOUR FREE GUIDE HERE - Five ways to stay safe online
Often these cybercriminals are also smarter, more prepared and focused on ways to exploit their way to your wallet. No disrespect to the IT people out there!
In fact, I’ll bet that most IT people out there think there is no way that they could be fooled by the different phishing techniques out there – yet 24% of our IT staff clicked through on a phishing campaign that we trialled internally. It was an astonishing outcome and just goes to show that no matter what your IT skill level is, you are vulnerable to these types of attacks from cybercriminals.
In most cases, people are targeted for some sort of phishing campaign. There are a lot of different types of techniques, always changing to look for new and different ways to achieve their goals. I recently wrote an article about several different methods – 11 in fact. This is only some of the various types!
With the exponential uptake in technology, comes with it is new and different ways to access and exploit access to people and data. Often when products and services are developed to get them to market quickly, security may be inadvertently overlooked. That is why some hardware and software companies have a bounty program for bugs and vulnerabilities – they will pay if you find an exploit and bring it to their attention.
Let’s step back from those external factors and look at the IT guy or IT partner.
Often the IT guy is already getting smashed providing “keeping the lights on” support. They are pleasers and always trying to do the right thing but often get stuck in the “weeds” of day to day support that they don’t get the time to work on the more significant picture issues such as security for the organisation, primarily because it is not immediately in front of them.
It’s quite a common problem, Evolve IT have been in this situation before. Not to say that your internal IT guy or we didn’t know a bit about security, but that isn’t enough anymore. It has become such a booming specialisation for a reason.
That is why we now have someone focused purely on security, and security-related products and services that will have an immediate impact on protecting your reputation ahead of the new Data Breach Laws due in February 2018. It wasn’t good enough to get one person or a couple of people to focus on it, as it would become secondary to the day to day stuff that needs to be done.
So here is what you can do about it.
Put together an action plan for the different aspects of security of your ICT
Educate your people
Continue to develop and challenge the status quo on actions 1 & 2 constantly
There is more that you can do, but this is a good start. First, you need to figure out where your security is at, and put an action plan in place to get it to a level that you are comfortable with. There is no one size fits all. Different organisations have different risk profiles and budgets, so the goal should be to get it to a level the CEO or Owner is comfortable with.
Educate your people
The next step is to educate your people. People must hear your message seven times before they remember it. Education on what phishing is, what the possible techniques are, how it may impact them, and more are essential to arm your team with the knowledge for them to be able to identify a cybercriminal attack when it surfaces. It doesn’t stop at work; it will be valuable knowledge for when “Microsoft” call to let them know their home computer has a virus.
Continually develop your security plan
The third is the most important. Often in the past, you will invest in IT and have an IT company scope your requirements for the next three to five years. Gone are those days, especially with security and education on security. This must be an ongoing effort; otherwise, it will be obsolete very quickly, and your investment will be wasted when a new type of attack comes along.
HOW EVOLVE IT CAN HELP?
At Evolve IT, we understand the unique challenges of organisations and have helped a range of business improve their cybersecuirty.