Learn "The Five Things You Need to Know In Order To Create a Very Successful Tech Company"
from our President, Karyn Schell in Authority Magazine's ongoing feature "Inspirational Women Leaders of Tech"
Welcome New Clients!
A couple years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.
And yet, many employees do, and it’s almost always unintentional. Your employees aren’t thinking of ways to compromise your network or trying to put malware or ransomware on company computers, but it happens. One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in IT security.”
Where does this weakness come from? It stems from several different things and varies from business to business, but a big chunk of it comes down to employee behavior.
We all make mistakes. Unfortunately, some mistakes can have serious consequences. Here’s an example: an employee receives an e-mail from their boss. The boss wants the employee to buy several gift cards and then send the gift card codes to them as soon as possible. The message may say, “I trust you with this,” and work to build urgency within the employee.
The problem is that it’s fake. A scammer is using an e-mail address similar to what the manager, supervisor or other company leader might use. It’s a phishing scam, and it works. While it doesn’t necessarily compromise your IT security internally, it showcases gaps in employee knowledge.
Another common example, also through e-mail, is for cybercriminals to send files or links that install malware on company computers. The criminals once again disguise the e-mail as a legitimate message from someone within the company, a vendor, a bank or another company the employee may be familiar with.
It’s that familiarity that can trip up employees. All criminals have to do is add a sense of urgency, and the employee may click the link without giving more thought.
This happens when an employee clicks a link without thinking. It could be because the employee doesn’t have training to identify fraudulent e-mails or the company might not have a comprehensive IT security
policy in place.
Another form of carelessness is unsafe browsing habits. When employees browse the web, whether it’s for research or anything related to their job or for personal use, they should always do so in the safest way possible. Tell employees to avoid navigating to “bad” websites and to not click any link they can’t verify (such as ads).
Bad websites are fairly subjective, but one thing any web user should look for is “https” at the beginning of any web address. The “s” tells you the site is secure. If that “s” is not there, the website lacks proper security. If you input sensitive data into that website, such as your name, e-mail address, contact information or financial information, you cannot verify the security of that information and it may end up in the hands of cybercriminals.
Another example of carelessness is poor password management. It’s common for people to use simple passwords and to use the same passwords across multiple websites. If your employees are doing this, it can put your business at a huge risk. If hackers get ahold of any of those passwords, who knows what they might be able to access. A strict password policy is a must for every business.
Turn Weakness Into Strength
The best way to overcome the human weakness in your IT security is education. An IT security policy is a good start, but it must be enforced and understood. Employees need to know what behaviors are unacceptable, but they also need to be aware of the threats that exist. They need resources they can count on as threats arise so they may be dealt with properly. Working with an MSP or IT services firm may be the answer – they can help you lay the foundation to turn this weakness into a strength.
From Start-Ups To Best Places to Work:
How Culture Changes Everything
There are two parts to culture: people and systems. On the people side, consider the “Empathy Accountability Continuum.” Empathy is at one end of the spectrum and accountability at the other.
Then, based on who you are dealing with and the context of the conversation, figure out where you need to be on that continuum.
The more you get to know someone, the
easier it becomes to choose the right moment in time to lean toward either empathy
How do you know where to land on the scale? Be curious about the people on your team as well as people in the world around you. Ask what they are doing and how they are
A big part of maintaining curiosity and understanding also comes from being calm and connected. You can’t have a connection with your people unless you are calm. It’s part of being a leader within your organization.
To that effect, you need to be able to lead yourself and know where you are on the Empathy Accountability Continuum. We can’t lead others unless we can lead ourselves. So, we have to understand our own fears and concerns. Then it becomes easier to make those connections.
On the systems side of things, you have to “discover the core”: your core purpose and core values, which tell you what is important to you and your business.
As part of that, you also need to document the future. Plan, strategize and put it into writing. Where are you going? What is your vision? What is your BHAG (big, hairy, audacious goal)? What is your 10-year obsession?
Once you plan and put your future into writing, you have to execute relentlessly. This is how you make sure you get there. Live your system – use daily rituals like huddles and make sure they are useful. You should be constantly talking about your core values and goals.
Of course, as part of building a strong culture, you need a robust recruiting process. Find the right people and keep them engaged. Have a multistep and multiperson process when hiring and use a scorecard (a very detailed job description) when recruiting.
When you bring it all together – people and systems – be sure to show more love. Make sure there is peer recognition and recognition from leadership on a regular basis. Send them cards on their anniversary or birthday. Even have a budget for when bad stuff happens in people’s lives.
But don’t rush your culture. Take it one piece at a time – do something every day to work at it and build something great.
Tristan White is the founder and CEO of The Physio Co, a unique health care company based in Australia. While he’s led The Physio Co, the company has been ranked one of Australia’s 50 Best Places To Work for 11 consecutive years. In building this fast-growing company, White authored the book Culture Is Everything and started a podcast, Think Big Act Small. Learn more at TristanWhite.com and see his Petra Coach webinar at PetraCoach.com/from-start-up-to-best-places-to-work-how-culture-changes-everything-with-tristan-white
Disaster Recovery Planning is difficult and requires consistent effort and follow up in order to have the best possible outcomes. The only thing worse than a disaster is a disaster that you can’t effectively respond to. That’s why you need a plan that is dynamic that addresses a variety of plausible scenarios.
In this video, we will guide you through a few general types of disasters you need to consider for your disaster recovery plan. .
Watch the video here:
Social Media is the next frontier of phishing
While email is still the primary way phishing attacks are initiated to steal information, break into accounts, and install ransomware to cripple systems, phishing attacks continue to evolve and become more diverse. In 2021, Social Media is becoming an increasingly popular space for phishing attacks to occur.
Social Media is becoming as ubiquitous as email accounts, as there are an estimated 4 billion social media users in the world. About 1 in 20 phishing attacks are associated with social media in some way. While that may seem low, it is a rising number as it becomes more lucrative and effective for cyber-criminals.
It’s important to get out ahead of this and create strong awareness for the proper use of social media and the threats that are out there. Your diligence today will benefit you in the future, as the number of phishing attacks on social media inevitably rises.