Posts

Cyber Security in the Workplace Is Everyone’s Obligation

Cyber security is no longer just a technology challenge—it’s a test for everybody who uses and interacts with technology daily. That means: everyone in your organization.

The protection and security of employees’ work and personal lives are no longer separate. They have been intertwined with evolving trends of social networks, the internet of things, and unlimited connectivity.  Because of this, cybersecurity is no longer just the responsibility of the company IT department. It is now the responsibility of every employee, not just to protect their work assets but their personal data as well.

Failure to do so puts your organization at risk.

Cyber attackers do not care about age, gender, race, culture, beliefs or nationality.  They attack based on opportunity or potential financial gain. They attack irrespective of whom the victim is, whether it’s an 8-year boy at home playing computer games on dad’s office laptop or an employee sitting in the office reading emails.

So why are so many organizations experiencing cyber breaches?

Cyber breaches occur because of three major factors:

  • The Human Factor
  • Identities and Credentials
  • Vulnerabilities

Today people are sharing a lot more information publicly, ultimately exposing themselves to more social engineering and targeted spear phishing attacks. The goal of these attacks is to compromise devices for financial fraud or to steal identities in order to access organizations that employees are entrusted with protecting. Once an attacker has stolen a personal identity they can easily bypass an organization’s traditional security perimeters undetected, and if that identity has access to privileged accounts, the attacker can carry out malicious attacks in the name of that identity.

Employees power up devices daily and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get health advice, share their thoughts, and access their financial information.  As they use these online services they can quickly become a target of cyber criminals and hackers.  So, it’s critically important that everyone in your organization learns how cyber criminals target their victims, how to reduce their risk, and how to make it a lot more challenging for attackers to steal their information, identity or money.

When using services like social media people are often inadvertently sharing personally identifiable information—both physical and digital—like their full name, home address, telephone numbers, IP address, biometric details, location details, date of birth, birthplace, and even family members’ names.  The more information they make available online the easier it is for a cyber-criminal to successfully use that personal information to target them.

Did you know these facts? Cyber criminals and hackers spend up to 90% of their time performing reconnaissance of their targets before acting, meaning that they typically have a complete blueprint of their target.

With the increase in our digital activities, hackers and cyber-criminals have changed the techniques they use to target people, with email being the number one weapon of choice, followed by infected websites, social media scams, and stealing digital identities and passwords.  Reports and statistics in the past years have shown that more than 80% of data breaches have involved an employee as a victim—hackers claim that it is the fastest way to breach a company’s security controls.

This means that people—including your own employees—are on the front line of cyber security attacks. Threats can start from something as simple as a personal social footprint, and end up with individuals being used as a mule to gain access to your organization’s finances and sensitive information.

The time has come to create a balance between technology and people. We must increase our cyber security awareness to help us protect and secure both our personal assets and our company assets.  The time for a people-centric cyber security approach is now—which means that cyber security is everyone’s responsibility.

About the author: Joe Carson is a cyber-security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Chief Security Scientist at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

Cyber Security: Small Business Guide

If you’re a small or medium-sized enterprise (SME) then there’s around a 1 in 2 chance that you’ll experience a cyber security breach*.  For micro / small businesses, that could result in costs of around £1,400.  Further, from May 2018, there’s the possibility of increased fines from the Information Commissioner’s Office if you fail to meet your responsibilities under the General Data Protection Regulation (GDPR).

But don’t worrynew guidance from the NCSC shows how easy it can be to protect your organisation’s data, assets, and reputation.

Easy to understand advice

Falling victim to cyber crime can be devastating for your business, and when you consider that SMEs make up 99.9% of Britain’s 5.5 million private sector businesses, it represents a real threat to the whole of the UK economy. That’s why the NCSC has produced this Cyber Security: Small Business Guide, which contains advice that is easy to understand and costs little to implement.

Following the advice in this guide will significantly increase your protection from the most common types of cyber crime. If you do nothing else to protect your livelihood from this growing threat, then take these 5 steps.

If you want or need to improve your cyber security further, then you can also seek certification under the Cyber Essentials scheme, which has the benefit of demonstrating to your clients (or prospective clients) that you take the protection of their data seriously. And if you’re a larger business (or face a greater risk from cyber crime) then the 10 Steps to Cyber Security can help your approach to cyber security.

We’d welcome your feedback

Cyber Security can feel like a daunting challenge for many small business owners. But it needn’t be. The NCSC is working with representative bodies, law enforcement, charities, not-for-profit organisations and small businesses to ensure we present our advice in the best way possible. We’d welcome your feedback on the Cyber Security: Small Business Guide to help us continually improve our advice to small business.

Neil

SME Engagement Lead, NCSC

*The Department for Digital, Culture, Media and Sport’s ‘Cyber Security Breaches Survey 2017‘ reported that just under half (46%) of all businesses have identified at least one cyber security breach or attack in the last 12 months (and 38% have among micro-firms, 52% have among small firms and 66% have among medium firms).

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

Cyber Security Body of Knowledge: scoping the knowledge areas

In Chris Ensor’s blog ‘Building the Cyber Security Body of Knowledge‘ he introduced the work being done in a project called the Cyber Security Body of Knowledge (CyBOK). At the time, the project was seeking contributions from the cyber security community to help identify the Knowledge Areas (KAs) which, in the community’s view, form the foundations upon which the field of cyber security is built. The project’s work will underpin the design and development of cyber security educational courses, professional training and continuous personal development programmes.

That initial consultation is now complete. The input, both nationally and internationally, has resulted in the project’s first version of the CyBOK Scope Document. This document identifies the 19 Knowledge Areas that the collective community felt should be in the scope of the project.

Again, the project team wants your contributions on those 19 Knowledge Areas to help improve this first version of the Scope Document. You have opportunities to feedback both online and through consultation workshops, so please see the CyBOK website for information on how to participate. The closing date for feedback is 1700 on Sunday 15 October 2017.

This really is your opportunity to help shape the profession’s future. Please take time to contribute.

Michael K
Cyber Skills & Growth

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Cyber Security: Complex solutions made Simple

We use a number of methods and vendors to help completely secure our customers data. Backups for ransomware protection, password managers for credentials, multi-factor authentication, anti-spoof & anti-phishing protection, RADIUS authentication and device audit and management. Read more about how we help organisations.

Equifax Says Breach Affects 143 Million People

Attackers accessed Social Security numbers, birth dates, addresses, and driver’s license numbers.