 |
Security Strong PodcastAuthor: Tobin Solutions
Get ready for the Security Strong Podcast. We tackle IT issues, discuss best practices for your technology safety and interview professionals that are on the front lines within their organization's technology infrastructure. And now your host, Owner and Founder of Tobin Solutions, Jeremy Cherny! Language: en Genres: Business, Management, Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
Security Awareness Training
Episode 25
Wednesday, 19 May, 2021
In this in-depth Security Awareness Training, host Jeremy Cherny explores how a security incident can occur, as well as how people can best protect their data to remain secure. What is a Security Incident? A Security Incident is any breach in your CIA. CIA is an acronym for these 3 areas with the first being the Confidentiality of your internal and/or external data or systems meaning that a breach occurs when someone has access to your data that shouldn’t. The “I” stands for the Integrity of your data and systems so it’s safe from corruption and unauthorized changes. Lastly, the “A” refers to the Availability of your systems and data so they are working and ready when you need them. So when you think of security breaches, think of the Confidentiality, Integrity, and Availability of your data and systems. Remember that security is only as good as your weakest links so make sure that you have all your blind spots covered! Common Vulnerabilities and Exposures (CVE) A CVE is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures. Every time there is a new security hole discovered in a device or software, it is given a CVE number. Over time, these vulnerabilities and security holes have been being discovered at a much higher rate which is one of the reasons why cybersecurity is so crucial in today’s day and age. Back in 1999, there were only 1,000 or so CVE’s that had been discovered versus in 2018 alone where there were over 16,000 CVS’s discovered. Another point to be made about CVE’s is that these are only the ones we know about and there could be thousands of other vulnerabilities that are out there which just have yet to be discovered. Face The Facts It’s almost certain that you will face multiple security incidents over time and although it may not be a big issue, it is still important to take the necessary steps to reduce the number and severity of security incidents. It is also important to note that even though steps can be made to reduce the number of incidents, you can’t eliminate them all because over time nothing is 100% effective. Although security incidents are becoming more complex every day, education, planning, and preparation are the only actions you can take to significantly reduce the number and scope of these incidents as well as to recover from any security incident you may face. Lastly, we advocate for you to trust no one and to always verify your security with a third party to ensure that you are staying safe. Top Reasons You Will Have A Security Incident Using Vulnerable Technology - If you use old technology that hasn’t been updated with security patches, or new technology which hasn’t had security patches applied can lead to vulnerability. Failure To Follow Best-Practices For Installation & Configuration - For example, many in-home routers will have a default password set up and a lot of people never change that password where the best practice would be to go in and change it to protect yourself. Lack of Written Policies - Written policies help you have a plan in place to protect yourself from security incidents. Lack of Education For Everyone In Your Organization - When people don’t know what they should be looking out for, they’re far more likely to stumble into something dangerous. Failure To Plan & Prepare - Planning and preparing is crucial to avoiding security incidents, as well as recovering when one does occur. Failure To Monitor, Audit, and Maintain Policies and Systems - Consistently ensuring that all your systems are functioning properly will decrease vulnerabilities. Security is Inconvenient - Many people will avoid security because it’s an extra password, or it takes more time so they bypass it leading to a higher chance of a security incident. People Are Human - This is the biggest reason for all security breaches as everyone at some point will click something they shouldn’t by accident. What is Security Awareness Training? Security Awareness Training is training and awareness for your computer users, training as part of onboarding new employees, newsletters and alerts about new security threats and scams, testing and reporting, targeted education for critical roles and repeat offenders, and lastly, ongoing education that never stops.
