This blog entry marks the start of a Cybersecurity series. Cybersecurity has become one of the biggest concerns among technology professionals over the last 20 years. That concern has increased almost exponentially the last 3-5 years. The sophistication of attack methods continues to boggle the mind. Who would have thought to hack the code supply chain 5 years ago? Though I could write a book on this topic, I’ll remain true to the nature of this blog and focus on one piece of the puzzle. Your people. Your employees, board members, vendors, volunteers….are your biggest strength and your biggest weakness. You need to build the muscle of vigilance within your organization. That starts with a Behavior Based Cybersecurity plan. This entails building a robust training plan for your organization. It includes an ongoing communications plan. It includes periodic testing of your employees. It includes accountability of your people. Consequences should be laid out in your employee handbook and should include termination for the most egregious acts of carelessness. One example I can give is a former employee, we’ll call Jim. Jim was having some issues with his iPhone when all of the sudden, his phone rang. He answered it. It was a person on the other line from Apple, surprise! Now we aren’t sure if Jim was doing something he shouldn’t have been or if this was just pure coincidence but the outcome was bad. The person convinced Jim to take out his laptop. Login to a portal and give control of his laptop to the person. The person then told Jim that he could go do other things and come back in about 30 minutes, which Jim did, kind of. After about 10-15 minutes, Jim’s instincts finally told him something was wrong. When he went back to his computer, it was obvious what the hacker was doing was not what he said he’d be doing. Jim shut down the computer and called our help desk. Jim was annoyed and unremorseful about what had happened. He was troubled that we were keeping him on the phone when he only cared about getting ready for his vacation. He was rude to our helpdesk and demanded a new laptop be overnighted before he left on vacation. Jim was fired. Your people are extremely important in this fight. We all have a vested interest in Cybersecurity. Make sure you put the investment needed into your people.
-Cheers
