As we’ve seen even in the last few weeks, cybersecurity threats are not going anywhere.
As attacks become more frequent, who in your organization should be on the lookout?
If you’re currently taking an ‘every man for himself’ approach to IT Security, you’re likely doing your business a severe disservice. The facts are that six in ten people will click on a malicious link, hand over sensitive data, or even send large cash payments when a criminal asks for something very specific in a phishing email.
Scammers are getting so good at deceiving staff and stealing from your company, that it really doesn’t matter how large or small your business is—you probably have people on staff that are misinformed, or not regularly communicated to about security issues—that will lead you to a company-wide cyberattack costing more than you’d ever imagine to clean up.
Today, I want to make sure businesses in and around Philadelphia are making sure that their IT Support teams have the right skills to prevent attacks. I also want to give you an understanding of how to mitigate damage as fast as possible if something were to happen.
After thinking a great deal this past weekend about the right skillset every IT person needs in order to successfully keep businesses safe.
I want to emphasize, it doesn’t matter whether you outsource your IT or have an internal team. Security and protecting your business should be one of the biggest priorities for your IT Support and should be top of mind when you are evaluating whether your IT Support, IT help desk, and IT strategies are sufficient in 2017 and beyond.
For the majority of businesses I’ve audited, I’m surprised how few have a security strategy in place or at all conscious of current cyberattacks and how to better prevent such attacks from happening. From my growing concerns over your business cybersecurity, I’ve come up with 7 essential skills ANY IT Support team needs to effectively protect your business.
Understand Security Tools—perhaps this one is a no brainer, but anyone looking out for your business’ security should (a) understand the cybersecurity landscape, (b) be familiar and understand how to implement available tools to protect and prevent data breaches and (c) continue on-going efforts to make sure security tools are working and detecting problems.
The tools your team should use should give you a 10,000 foot view of your entire network and infrastructure, but also give you granularity on specific incidents to identify resolutions to problems. If problems are arising from end-user errors, or hackers are exploiting specific software packages, your IT team should be able to identify the root cause your security problem. If there is sensitive data in places it shouldn’t be, the team should be able to scan and improve where sensitive data is stored to ensure it is properly protected.
Assess Security In Your Business’ Environment—understanding tools are important, but unless you have someone on your team that is able to acutely understand how your business functions—how everyone works and how every wheel turns—your security will fall flat. Your IT support team should have some business understanding for each of your departments and should be able to identify specific security issues across your entire network in order to prevent hacks and security events.
Process-Based Security— if your IT Support team isn’t following a process, they likely aren’t consistent in their approach to your security. Some guys still think that simply installing antivirus is good enough security oversight to protect your business.
Realistically, consistent monitoring, upgrades, firewalls, and security policies are all needed to ensure your business and its data are safe. Security-focused processes and management of the process are critically need nowadays, much more so than occasionally updating antivirus software.
What To Do When A Breach Happens—to avoid having a team running around pulling their hair out when a breach occurs, it’s critically important that your IT Support team knows how to react and respond to a cyberattack. They should understand how to quickly identify threats on the network, assess the breach situation and come up with a resolution plan. They should have the skills to identify what part or parts of the network were touched by the attack and be able to perform some simple forensics work on the network to come up with a plan for your business team (to address leaks of client, user or business data).
Have A Passion For Security—if your team isn’t interested in making your IT Security better, your business is likely not getting the IT Security it needs to keep safe from hackers who are passionate about stealing your money. If your team isn’t engaged and learning about the latest attacks and are proactively coming up with ways to make your IT Security even safer, they lack the passion for the job you critically need them to do.
Are Able To Relate To Your Users—soft skills are some of the hardest skills to learn. For most of us, we are either born wanting to interact with others or are more of the loaner who’d rather be shuttered behind closed doors and never talk to people.
Since attackers are getting better at social engineering, finding ways to exploit users’ behaviors to their advantage, your IT Support team needs to be engaged and constantly interacting with each and every user to ensure they are (1) using your business technology safely and effectively and (2) know how to recognize scams and attacks and feel comfortable to reach out to the IT Support team with any questions or concerns.
My Question To You: Does your IT Support team fit the bill? Have you evaluated them to see that they are consciously evaluating your business security?
Are you sure your business is being protected? Contact us today for a FREE external security assessment.