two factor Authentication

30

Jul

You Think You Have Good Cybersecurity?

30 07, 2020 Article

Guest blog by Perry Timms, renowned blogger and global TedEx speaker on the future of work, who will also feature in Nowcomm’s expert-led security masterclass webinar being held on Friday 7th August at 10:30am. Register now to secure your place.

Seriously, no-one does (have good cybersecurity that is).

I’m not normally one to head up a post with a negative headline but cybersecurity is too important to fluff up in any other way.

The US Military, Twitter, Garmin, EasyJet, Travelex, 20 Universities and tragically some charitable organisations (through the Blackbaud attack) may have also said the same; and then boom!

Because you see, cyber-attacks are on the increase. The World Health Organisation no less, reported a five-fold increase in April 2020 (see here).

Why? We’re all now even MORE reliant on the interconnected world of digital platforms, applications and devices working in a dispersed way and also, we’re working using (potentially) vulnerable household broadband not secure office Virtual Private Networks (VPNs) or secure firewall-protected office spaces with servers located in rooms. We’re all on the cloud and there’s a lot more chances people will let a trojan or phishing attack hit your network somehow or other.

When Barack Obama’s Twitter account is compromised it’s proof that you can’t stop it, but you can limit damage, trap or recover quickly from a cyber-attack.

Multi-Factor Authentication might not be top of the board agenda, but if your patches aren’t up to date, your CRM, ERP or E-Commerce systems could be stripped bare, manipulated, exposed, sold or held to ransom (as in the case of Blackbaud).

Lamborghini-driving cybercriminals are out to make money off your shortcomings.

So if you’re a CEO, COO, CIO, CTO, CSO or CSA (Customer Service Agent), if you’re not hot on what constitutes cyber defence, you’re vulnerable.

But wait a minute. We’ve got a pandemic response to deal with, people to keep safe, get them up and running working in lockdown home situations. Why would we have the time or the headspace to focus on cybersecurity? Well, your cybercriminals know that too. And can start exploiting people who can no longer pop over to someone else’s desk and say ‘Is this email/LinkedIn request/webform submission looking OK to you?

Do you know who Jun Wei Yeo is? If you had a LinkedIn request from this man, he was likely looking to manipulate YOU not a clever line of code, to commit some form of cybercrime or attack.

Because humans are often the weakest line of defence in the digital world. We aren’t as reliable as an algorithm because it doesn’t have a bad day, is distracted and stressed and whose child has just downloaded a game filled with a virus whilst using your iPad that you’ve got work-sensitive data on.

So yes, you may THINK you have good cybersecurity but it has to be actively risk-managed as an essential part of your company infrastructure whether you’re a true platform business or not.

‘OK, you’ve got my interest piqued’ you say, ‘ so what can I do about it?’

Well, for starters join Nowcomm’s professionals and cybersecurity expert Jane Frankland (and me), at this webinar event on August 7th at 10.30 am.

You can register for the webinar here:

And then follow these key practices:

Think of cybersecurity as an enabling service. It’s like the lock on the doors to the office where there’s a locked safe protecting your most valuable information. It’s enabling you to feel confident you can operate your business with integrity and rigour.

Don’t feel too confident about your cybersecurity and have some comfortable discomfort with how well you’re protected and can manage incidents and risks.

Make cybersecurity a hygiene factor as it could affect all your other baseline operating functions like paying people, having a trademarked brand and ethical supply chain.

Ensure cybersecurity is for everyone not just leaving it to your CSO/CTO/CIO to be cybersecurity aware and active.

Be resilient in how you can rescue, remove threats and recover any breaches you experience. Practice drills and staged incidents plus replica hacks maybe your options here.

Ultimately, it’s the law to report an incident but you’d rather it not get that far.

We all need to be alert to the threats that could impair and even destroy an organisations credibility in the eyes of their customers, shareholders and the industry. It starts with being restless and alive to the need to be secure, safe and responsible about your vital digital infrastructure. 

We’re all potentially one hack away from a devastating incident. So let’s lockdown whilst in lockdown (and beyond).

By Perry Timms MCIPD FRSA

Founder and Chief Energy Officer – PTHR

3x member – HR’s Most Influential Thinker List

2x author and 2x TEDx Speaker on the Future of Work.