\n2.<\/strong> Walk barefoot uphill both ways (as my Grandparents had to).
\n3.<\/strong> Manage former President Trumps Twitter feed.
\n4.<\/strong> Check my bank account using open Wi-Fi in North Korea.
\n5.<\/strong> I\u2019ll stop there\u2026<\/p>\n
I recently added several things to my list of \u2018never want to\u2019 at the Security IT Roundtable we hosted for C-Level executives last week. Learning that YouTube<\/a> can walk anyone through tactics for malware distribution made me just about quit using the internet.<\/p>\n According to av-test.org<\/a>, there are over 450,000 new malicious programs every day. Now add that to the 40,700 search results on how to spread malware and you\u2019ve got yourself an eventful weekend in mom\u2019s basement.* To be fair, not all hackers are looking to ruin your life, some are just interested in the practical joke side of things<\/a>. <\/strong><\/p>\n *Only unethical hackers live in their mom\u2019s basement<\/p>\n To make my skin crawl just a little bit more, one of the presenters at our Security Roundtable event showed the group a real-time demonstration of how he could control the Wi-Fi traffic using a specific, readily available (unfortunately), hacking device. The takeaway here is that the tools exist to capture any information you put across a public or open Wi-Fi.<\/p>\n Some may think, \u201cNo big deal, I don\u2019t use public Wi-Fi.\u201d It\u2019s not just open Wi-Fi \u2013 any device that connects to these unsecure networks and then re-enters your business could <\/em>be carrying malware right in the front door.<\/p>\n What does this mean when you are traveling or frequenting your favorite coffee shops with your business device? Should we be nervously checking for Mr. Robot sitting in the corner? Unfortunately, no single magic formula exists for cybersecurity. The best defense an organization can implement to stop malicious attacks is a cybersecurity business plan with multi-layered protection that fits their specific organization. One size does not fit all.<\/p>\n Company management and IT should be engaging in discussions about cybersecurity strategy and what is being done to protect their company. Targeted questions are key, but think interview vs. interrogation. Both involve questions and seeking clarity but there\u2019s a difference in motive. Interviews get people to open up so learning happens. Interrogations assume blame and put people on the defensive.<\/p>\n If you\u2019re the manager asking questions, set the stage by being candid about the importance of the IT staff\u2019s role in keeping the company safe and your desire to understand what is being done. This approach will uncover ways that you can work together to make your IT security better. If you were on the IT side, this would be a great time to let management know all that you are doing to protect the company\u2019s interests.<\/p>\n Here\u2019s a great set of Security Conversation Starters<\/a> CCB has put together to help our customers have those deeper discussions. Ambiguity will fuel annoyance and insecurity, so clearly state your intent and objectives to disarm conversational landmines. Frame the questions specifically around the information needed and be prepared to share and listen sincerely.<\/p>\n I\u2019m not talking earpieces, overcompensating muscles and extra small shirts. I\u2019m talking about firewalls, anti-virus, and anti-malware\/spyware on all computers: security at the front entrance and protection wherever you go. If you aren\u2019t sure how things are going in this area, I strongly encourage you to go back to step #1 and revisit that conversation.<\/p>\n You can\u2019t build a secure line of defense if you don\u2019t have current technology that\u2019s properly configured to fit your organizational needs, exploring everything from cloud-based firewalls<\/a> to artificial intelligence solutions that alert you when malware has mutated and become active. Once you\u2019ve protected these points, you can begin looking at where your organization is most vulnerable and create a plan for everything in-between. Which brings us to step #3 of our cybersecurity business plan\u2026<\/p>\n I\u2019ve heard that up to 60% of small business that experience a data breech will close within six months! Understanding where your company is susceptible<\/a> is important, because lack of action can be devastating. So let\u2019s get the juices flowing with a few things that you hope never actually happen in your business:<\/p>\n One tool that would help in the last scenario is one our IT department uses at CCB \u2013 a KnowBe4<\/a> pop-up that makes you re-think before proceeding with a link. Below is a screenshot of what came up when I was pulling up the malware video on YouTube. (I sent this to one of our IT guys in a Teams message with no context to be funny\u2026 I don\u2019t recommend doing that.)<\/p>\n After fleshing out the scenarios you decide to use, ask these questions: <\/strong><\/p>\n 1.<\/strong> What would need to be true in order to prevent this from happening in our company? Sometimes knowing where to go next is a challenge for companies, that\u2019s why CCB developed our free<\/strong> Security Health Check<\/strong>. It\u2019s not an assessment of your environment, but it\u2019s a comprehensive first discussion. In just 30 minutes it can reveal areas that need addressing along with possible solutions you may not be utilizing. Contact us to set up your free security health check<\/a>.<\/p>\n Don\u2019t follow the analogy too far and miss my relatively simple point: You don\u2019t need to blaze a new trail for your cybersecurity business plan if you can find what\u2019s working and take it for yourself.<\/p>\n Finding multiple ways to stay connected to the industry is important because the security landscape is continually changing, and you need to be well informed.<\/p>\n The Leaky Bucket Principle applies here. Whatever IT trains us on or implements internally will slowly leak out of our head as more information is poured in. It\u2019s not intentional on anyone\u2019s part but it happens, so our IT team tests our employees periodically by sending out phishing emails to see how we respond. Then if needed, they gently<\/em> repeat what they\u2019ve already explained and test us again.<\/p>\n Do your users know:<\/strong><\/p>\n Be sure that end user security training<\/a> and testing are part of your cybersecurity business plan to secure your environment.<\/p>\n CCB has a team of experienced engineers who enjoy working alongside organizations and customizing business security solutions. Whether you\u2019ve got 30 locations or one part-time IT person, we can help. (And don\u2019t forget to request your Security Health Check.<\/a>)<\/p>\n![\"\"](\"https:\/\/ccbtechnology.com\/wp-content\/uploads\/2018\/02\/5-1-youtube-malware-cybersecuritybusinessplan-300x78.jpg\")
<\/p>\nHere are five steps to take when developing your cybersecurity business plan:<\/strong><\/h3>\n
\n1. The conversation starts with your IT team<\/strong><\/h3>\n2. Hire an intimidating bouncer and a flexible bodyguard\u00a0<\/strong><\/h3>\n
3. Assume the worst-case scenario and work backwards <\/strong><\/h3>\n
\n
![\"\"](\"https:\/\/ccbtechnology.com\/wp-content\/uploads\/2018\/02\/5-2-Cybersecuritybusinessplan-300x88.png\")
<\/p>\n
\n2.<\/strong> Are we prepared if this were to happen to us? If not, what needs to change?<\/p>\n4. Think like a pirate, not a pioneer<\/strong><\/h3>\n
\n
5. Train, test, then repeat<\/strong><\/h3>\n
\n
Want more help learning about security solutions?<\/h3>\n