Cyber Security: Its Good To Talk

Uploaded on 2021-06-02 in TECHNOLOGY--Resilience, FREE TO VIEW

The future of cyber security for all organisations lies in a more proactive approach with management and employees. A proactive security approach is designed to prevent attacks rather than react after an attack has happened. The days of waiting for an attack to be detected, then taking steps to quarantine it have passed. 

Encouraging discussion around the threats people have faced can go a long way to helping others becoming more aware of what to look out for, and to avoid falling victim to cyber criminals themselves.

Phishing is one of the common attacks and is where cyber criminals ‘fish’ for personal data by sending you emails or social media messages that look like they’re from a legitimate sender or business. Punishing people for falling for phishing attacks isn't going to help anyone with cyber security, but showing empathy and being open to mistakes can help people learn how to stay safe online. The best way to approach keeping people safe from online threats is to talk about misjudgments and errors, and to do so in a way that lets them understand that almost everyone has made a cyber security mistake at some point.

Even the most seasoned information security professional will have made mistakes at some point, so it isn't right that everyone else should be chastised or even punished if they click on a phishing link, whether for real or during a company phishing test. It's not unusual for companies to attempt to run cyber security awareness campaigns around shame and fear by punishing or embarrassing employees who fail a phishing test, but often this doesn't help people get to grips with what, for many, is a subject that's still difficult to understand.

If anything, people should be encouraged to talk about the online security mistakes they've made, because not only could it help others be more aware of potential cyber threats, it demonstrates how everyone can make mistakes and that there's nothing for people to be ashamed of if they do fall victim to phishing, social engineering or other forms of attack.

The Dept. of Computer Science and Center for Information Technology Policy at Princeton University conducted a study assessing the security and privacy risks of phone number recycling by mobile characters in the United States. Such a risk could pose a threat to many users, as every time you change your mobile number, your carrier will recycle your previous number. They 'recycle' the number by assigning it to a new phone and corresponding customer. The problem arises when these recycled phone numbers end up granting new customers access to the private information of previous phone users.  In the hands of a new customer who decides to hack into a phone, a recycled telephone number could pose untellable security risks for many users.

Protections may be taken for granted by members of staff when they were at the company premises, and they may not take the required precautions to remain safe when working remotely.

There are many challenges facing businesses in 2021, but unfortunately, we have to count cyber security as one of the most significant amongst them. Your organisation should be doing everything possible to mitigate these risks and find ways to prevent weaknesses and vulnerabilities in your IT systems.

Princeton University:      TechXplore:      CPO Magazine:        ZDNet:      Hermes:      IFSec Global:

You Might Also Read: 

Get The Best Cyber Security Audits & Training In 2021:

 

« Preventing Ransomware Attacks
Online Fraud Costs British Investors £63m »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

Cloudentity

Cloudentity

Cloudentity combines Identity for all things with API and Application security in a unique deployment model, combining cloud-transformation and legacy systems.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.