We’ve all heard "if you see something, say something," especially if you live and work in the DMV region. That notable quote began almost two decades ago during a Department of Homeland Security information campaign and became the beacon for post-911 vigilance.
Strangely, the mantra still rings true today in the corporate world, but on a completely different security front – cyber security. What happens when something looks “off” at your organization. Does everyone have a chance to raise a red flag or report something suspicious without it completely monopolizing the day?
Can they recognize the signs of a cyber-attack today?
A business leader’s cybersecurity goal
Your goal as a business leader is to help your company navigate through uncertain times. There is no doubt that the past two years have been a bench test for leadership.
You have been busy making tough decisions about COVID-19 protocols and a hybrid workforce. But lurking just around a dark corner is a possible cyber-attack against your organization. To prevent an attack, it first must be recognized early.
Recognizing a cyber-attack is not only the job of your technology team—it’s the job of everyone within your organization. Many times, the counter-attack plan starts with leadership.
The first wall against a cyber-attack
One of the first walls against a cyber-attack is education. For the latest information, I reached out to MainSpring’s partner in cybersecurity, KnowBe4. KnowBe4 is an international leader in cybersecurity and security education.
If you want to prevent an attack at your organization, education is vital. Through education, your team will learn to recognize the warning signs of a cyber-attack. Education is not only for your technology team but for every employee within your organization.
Through KnowBe4, your employees can join Jenny Radcliff, world-renowned social engineer, and security expert, for an online course. In this free course, everyone will learn to recognize social engineering red flags.
Also, through KnowBe4, MainSpring offers a free cybersecurity evaluation and course. Together, we can teach your organization to build a Human Firewall through our Automated Security Awareness Program (ASAP).
Stay current on cybersecurity trends.
If the first wall against a cyber-attack is education, the second is trend awareness. Business trends are quickly changing, and it is the job of both the leadership and the technology team to watch and compare trends to cybersecurity protocols.
Two current trends will undoubtedly impact cybersecurity at your organization; both started with the COVID-19 pandemic. Work From Home (WFH) spun new trends and new ways to work.
Below, I show you two links to cybercrime. Indeed, both links existed before COVID-19, but the pandemic escalated the problem.
The link between your organization and social media
Last year, I wrote a blog about the dangers of social media to your organization. Today, the blog remains one of the most-read on the MainSpring website.
Yes, all business leaders need to be aware of the danger of employee posts containing information about the company’s brand and confidential information. But do you know that social media is often the cracked door to cybercrime?
We have all seen the posts on social media platforms. What’s your favorite food? Where was your first job or the name of your first pet? I cringe when I see those posts…and see social media friends play along with the game. Answer just a few of those cute social media questionnaires, and a cybercriminal is on their way to building a profile.
Many do not see the red flag.
“Employees waste over an hour a day scrolling through social media on their phones”—Business News Daily
It is not just a productivity problem for your organization. Because of WFH, more than 85% of companies are now asking their employees to use a personal phone to access business data; the link between social media and cybercrime is chilling.
Remember, those employees are scrolling through social media on a business smartphone or a phone that they also use to access company applications and data.
A hybrid workforce cybersecurity red flag
Ask a MainSpring vCIO, and they will tell you that a hybrid workforce can be a security landmine. Employees are constantly moving in and out of the company network, and many are using laptops on public networks. With a rapid shift to a hybrid workforce, cybersecurity protocols may be hard to monitor.
Teams are overworked, and leaders may be distracted. And this is where the "helpful" employee unknowingly starts a chain linked to cybercrime.
“88 percent of global information technology decision-makers believe that employees have increased a company's risk of a security breach by using personal devices for work and downloading software (to do their jobs) not approved by IT.”—Investis Digital.
Maybe the employee is trying to be helpful. Perhaps they are looking for a shortcut to shorten their WFH days but downloading non-approved software to a company device is a red flag.
My question is, “did you notice?” Do you know that employees are unknowingly leaving your organization’s door open to cybercrime?
Did you notice?
Often, preventing cybercrime is taking a moment to notice the small red flags. It is also training your entire organization to notice those small red flags through education.
About the Author
Ray Steen is the Chief Financial Officer & Chief Strategy Officer for MainSpring and has been with the firm since 2014. With over 25 years of experience in strategy, consulting and communications, his expertise arms clients with the strategies, tools and resources to meet their mission. Ray is a proud dad and coach of 5 kids, a fantasy sports nut and bleeds for the Chicago Bears and Boston Celtics.