Craig discusses the problem that many businesses face — employee apathy and lack of security awareness.
For more tech tips, news, and updates, visit – CraigPeterson.com
Automated Machine-Generated Transcript:
We’ve got companies who are investing a lot of money to upgrade the technology, to develop security processes, boost it. Staff yet studies are showing that they’re overlooking the biggest piece of the puzzle. What is the problem?
Hey everybody. You’re listening to Craig Peterson.
Employee apathy has been a problem for many businesses for a very long time. Nowadays, employee apathy is causing problems on the cybersecurity front. As we’ve talked about so many times, cybersecurity is absolutely critical. For any business or businesses are being attacked sometimes hundreds of times, a minute, a second, even believe it or not.
Some of these websites come under attack and if we’re not paying close attention, we’re in trouble. So a lot of companies have decided while they need to boost their IT staff. They’ve got to get some spending on some of the hardware that’s going to make life. Better. And I am cheering them on.
I think both of those are great ideas, but the bottom line problem is there is million-plus open cybersecurity it jobs. So as a business, odds are excellent that you won’t be able to find the type of person that you need. Isn’t that a shame?
But I’ve got some good news for you here. You can upgrade the technology that’s going to help. But if you upgrade the technology, make sure you’re moving towards, what’s called a single pane of glass. You don’t want a whole bunch of point solutions. You want something that monitors everything. Pulls all of that knowledge together uses some machine learning and some artificial intelligence and from all of that automatically shuts down attacks, whether they’re internal or external, that’s what you’re looking for.
There are some vendors that have various things out there. If you sell to the federal government within three years, you’re going to have to meet these new requirements, the CMMC requirements, level three, four, level five, which are substantial.
You cannot do it yourself, you have to bring in a cybersecurity expert. Who’s going to work with your team and help you develop a plan. I think that’s really great, really important, but here’s where the good news comes in.
You spent an astronomical amount of money to upgrade this technology and get all of these processes in place and you brought in this consultant, who’s going to help you out. You boosted your IT staff. But studies are starting to indicate that a lot of these businesses are overlooking the biggest piece of the puzzle, which is their employees.
Most of these successful attacks nowadays are better than 60%, it depends on how you’re scoring this, but most of the attacks these days come in through your employees.
That means that you clicked on a link. One of your employees clicked on a link. If you are a home user, it’s exactly the same thing. The bad guys are getting you because you did something that you should not have done. Just go have a look online. If you haven’t already make sure you go to have I been poned.com. Poned is spelled PWNED
Have a look at it there online and try and see if your email address and passwords that you’ve been using have already been compromised. Have already been stolen. I bet they have, almost everybody has.
Do you know what to do from that? This is part of the audit kit that I’ll send to you. If you ask for that. Kind of goes through this and a whole lot of other stuff. But checking to see if your data has been stolen, because now is they use that to trick people.
So they know that you go to a particular website that you use a particular email address or password. They might’ve been able to get into one of these social networks and figure out who your friends are. They go and take that information. Now a computer can do this. They just mine it from a website like LinkedIn, find out who the managers in the company are.
And then they send off some emails that look very convincing, and those convincing emails get them to click. That could be the end of it. Because you are going somewhere, you shouldn’t go and they’re going to trick you into doing something. Knowledge really is the best weapon when it comes to cybersecurity.
A lot of companies have started raising awareness among employees. I have some training that we can provide as well. That is very good. It’s all video training and it’s all tracked. We buy these licenses in big bundles. If you are a small company contact me and I’ll see if I can’t just sneak you into one of these bundles.
Just email me @craigpeterson.com in the subject line, put something like training, bundle, or something. You need to find training for your employees and their training programs need to explain the risk of phishing scams. Those they’re the big ones. That’s how most the ransomware it gets into businesses is phishing scams. That’s how ransomware gets down to your computers.
You also need to have simulations that clarify the steps you need to take when faced with a suspicious email. Again, if you want, I can point you to a free site that Google has on some phishing training and it’s really quite good.
It walks you through and shows you what the emails might look like and if you want to click or not. But there’s a lot of different types of training programs. You’ve got to make sure that everybody inside your organization or in your, the family is educated about cybersecurity.
What do you do when you get an email that you suspect might be a phishing email? They need to know that this needs to be forwarded to IT, or perhaps they just tell IT, Hey, it’s in my mailbox, if IT has access to their mailbox, so IT can look at it and verify it.
You need to have really good email filters, not the type that comes by default with a Microsoft Windows 365 subscription, but something that flags all of this looks for phishing scams and blocks them.
There’s been a ton of studies now that are showing that there is a greater awareness of cybersecurity dangers, but the bottom-line problem is that employees are still showing a lax attitude when it comes to practicing even the most basic of the cybersecurity prevention methods. TrendMicro, who is a cybersecurity company.
We tend to not use their stuff because it’s just not as good. But TrendMicro is reporting that despite 72% of employees claim to have gained better cybersecurity awareness during the pandemic 56% still admitted to using a non-work application on a company device. Now that can be extremely dangerous. 66% admitted uploading corporate data to that application. This includes, by the way, things like using just regular versions of Dropbox. Do you share files from the office and home? Dropbox does have versions that are all that have all kinds of compliance considerations that do give you security. But by default, the stuff a home user does not get the security you need. They’re doing all of this even knowing that their behavior represents a security risk. And I think it boils right down to, it’s not going to happen to me. Just apathy and denial. So same thing I’ve seen, being a security guy for the last 30 years, I’ve seen over and over, apathy and denial. Don’t let it happen to them.
By the way, about 50% believe that they could be hacked no matter what protective measures are taken. 43% took the polar opposite. They didn’t take the threat seriously at all. 43% didn’t believe they could be hacked.
Some interesting numbers stick around. When we get back, we’re going to talk about Mac OS is driving cybersecurity rethink.
We’ll be right back.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: