The biggest risk in your organization… your PEOPLE 3 Steps to train your team to STOP, BLOCK, and AVOID Attacks

●??????“Hey, how are you”/Letter from CEO section

●??????Upcoming events/opportunities (section for clients’ to import invitations to their events etc.)

●??????Top News section (summarize current cyber events/news/etc.)

●??????Tips & Education (share tips/education in short form/bullet point style)

●??????Client Spotlight (section for clients’ to spotlight recent client work and

●??????ICA (ideal client avatar) pain point agitation + Call to Action

You’re Invited/Will We See You There?

●??????Upcoming events/opportunities

?

?

Top CyberNews for March

?

The networks of two universities were taken offline due to cyber attacks. Tennessee State and Southern Louisiana universities had to restrict access to external sites such as Google and internal access to the campus VPN and wireless network.?Tennessee State has confirmed that ransomware was involved.

Chick-fil-a reported a security breach that resulted in 71,000 customers' credit card data being stolen in a cyberattack.?The attack occurred from Mid-December of 2022 through Mid-February of 2023.?The fast-food restaurant began notifying affected customers in March.

Cisco Systems has released security updates to fix two critical holes in the web-based user interface for several IP Phones.?Telephony administrators are advised to update any Cisco IP Phone in the 6800, 7800, 7900, and 8800 series as soon as possible.?See the Cisco Security Advisory to take action.

A new ransomware strain has been reported by American authorities. The newest strain is called Royal.?You can find more details about the ransomware and how to protect yourself from the ?Cybersecurity and Infrastructure Security Agency (CISA).?

?

What is the biggest risk to your organization?

?

March is Cybersecurity Awareness Month, and we want you to ask yourself, “What is the biggest risk to my organization?

?

In short, the answer is your people.?But before we start finger-pointing, we need to point out that the main reason your people are the biggest risk is not because of malice….but a lack of training.?Here are three steps to train your team to STOP, BLOCK, and AVOID attacks.

?

1. Build Awareness Through Exposure

We all learn differently; sometimes, paying attention to another PowerPoint training session can be hard.?Especially when our minds are distracted by our ever-growing to-do list.??Here are a few ways to build awareness of cyber risks that are more engaging:

●??????Phish, Your Employees??

○??????Conduct a mass spear phishing campaign.?Like a fire drill or severe weather drill, sending a fake spear phishing event can help you discern your employees’ ability to discern what is a real or malicious email.??

●??????Personalize Security Training

○??????One of the best ways to gain employee engagement in cyber training is to emphasize how these skills will prevent security breaches for not only their professional data but also their home data.?By emphasizing that their data is just as valuable as their professional data, employees are more likely to incorporate best security practices at work and home.

●???????Reward Staff for Security Awareness

○??????Take notice of employees following best practices and reward them for doing so.?

?2. Address Common Employee Security Misconceptions

There are a lot of myths surrounding cyber security that can confuse employees about what are truly a threat and what is a myth.?A survey by MediaPro found these common misconceptions surrounding cyber security awareness:?

●?????Proximity Leads to Infection

○??????According to a survey, 14% of the workforce thinks that if their computer or mobile device is in proximity to an infected one, it could also get infected with malware. Additionally, 39% of the respondents believe that not locking their computer could lead to a malware infection.

●??????You Can Store Sensitive Data Anywhere

○??????Surprisingly, 58% of employees do not believe that storing on-site company data in unsecured locations violates the company policy, while 69% of employees don't believe it is a violation to store personal data on their work devices

●??????You Don't Have to Encrypt Data

○??????Even with the lack of encryption as one of the main drivers for data breaches, more than 50% of employees think there is minimal risk to having unencrypted data on their work devices.?

●??????Authentication Isn't Necessary

○??????Over a quarter of employees think that having a password protecting their laptop or mobile devices has minimal risk to data security.?

●??????Compliance Isn't Employees' Responsibility

○??????While we may know of the compliance regulations for our business and industry, your employees most likely do not know.?Having this knowledge, however, is not their responsibility - especially if they were never made aware of these issues.?

3. Realize the Significant Costs of Poor Security Training

The single most common point of security breaches alone is email, resulting in the installation of ransomware, email compromise, or brand impersonation.?Even so, ?Mimecast's 2020 "State of Email Security," researchers found that:??

●??????42% of businesses do not have solutions to automatically remove malicious or unwanted emails from their employee's inboxes.??

●??????40% are not even monitoring for email-borne attacks or data leaks in internal emails.

●??????44% of organizations are not even protecting against data leaks or exfiltration in outbound emails, neither do 39% of those surveyed have a system to address email-borne attacks like malware and malicious links in outbound email,

Your business can protect themselves from becoming a statistic in the war against cyberattacks by paying attention to the above points and putting them into practice.?Have questions??We’ve got the answers - don’t hesitate to give us a call and learn more.

Pain point:

What is the best way to train my employees on cyber risks?

How can I track my employee's cyber risk knowledge?

Can I use software to monitor my employee's inboxes and outbound emails to protect us against email-borne attacks?

?

Letter from the CEO/President/Operator

Aside from the external risks posed by cyber-attacks and malware, another event can be just as damaging to our business, and these risks naturally occur.?As we emerge from yet another winter and look forward to spring, don’t let your data go unprotected. ?Warmer weather increases the risk of natural disasters from fire, flooding, hurricanes, or tornados.?Now is the best time to evaluate your disaster recovery procedures if this should occur near you.?

?

If you are in an area prone to these risks don’t wait.?Develop, or re-evaluate a backup strategy now.?We’d love to share some best practices with you.?Just give us a call at 917-715-7100 opt 1

?

Carl de Prado

Founder

?

?

Office hours??

Office hours:

M-F 8:30 AM to 5:00 PM