November 2023 Volume 5

OPERATIONS & MANAGEMENT

Cybersecurity 101: Be Better, Be Safer – Here’s How By Jim Kerr

Did you know that up to 90% of cyberattacks stem from some type of human error? Bad guys aren’t primarily trying to hack your tech – they’re trying to hack you. That’s why we can’t rely on technology alone. Developing a strong cybersecurity stance takes a layered approach. To be effective, it requires a smart combination of creating a positive cybersecurity culture (people), knowing what to do in case of an attack (process), and using the right proactive and reactive tools (technology). In this article, we’ll focus on how you can develop a positive cybersecurity culture along with some practical tips you can use right away. Cybersecurity Culture Defined Cybersecurity culture encompasses the values that determine how people think about and approach cybersecurity in an organization. Everyone’s knowledge, beliefs, and behaviors make the difference between protection and breach. People are at the center of everything; you can either be easy prey, or you can become an effective human layer of defense. The goal is to create a “human firewall” to reduce human error and help protect your company against cyberattacks. Technology Use Policies To start, make sure everyone in your organization understands that each one of them has a daily responsibility to protect company information and reduce the risk of a cyberattack. One way to do this is to create policies around the use of technology. While it isn’t glamorous, developing policies will help ensure everyone is on the same page when it comes to safely using company owned devices, personal devices (like personal cell phones that receive company email), and online activity. Consider including these areas: handling confidential company information, expectations for using company email (including knowing how to spot malicious phishing attempts), allowable internet use (including public Wi-Fi), and how to report a suspected IT security incident. Cybersecurity Awareness and Training Since the best way to learn is through doing, simulated phishing tests are an effective way to see who has honed their awareness skills and who needs to improve. Training can include everything from online videos to in-person workshops. The goal is to engage in

ongoing phishing testing and training to keep everyone sharp. Plus, providing proof of ongoing cybersecurity awareness and training is required to remain in compliance with many cyber liability insurance policies. You don’t need to go this alone. There are many excellent services that can make sending simulated phishing tests and providing training easy at a reasonable cost.

Practical Tips Building a positive cybersecurity culture takes time, but here are some basic tips that everyone can use right away: • Don’t share confidential company information in emails or on social media. • Be careful sharing ANY company information online without guidelines. The more you share, the more information cybercriminals can gather to try and trick you with email or phone phishing attempts. • Don't use public Wi-Fi. Cybercriminals can easily create Wi-Fi networks that appear to be legitimate but are instead being used to intercept data. Turn off “automatically connect to Wi-Fi” on your devices to avoid connecting by mistake. • Use a unique password for every online account (and don’t reuse them). Use a long passphrase whenever you can. Use a password manager if it’s available. • Don’t leave your device unattended in a public place, even just to warm up your coffee.

FIA MAGAZINE | NOVEMBER 2023 40