October is cyber security month and this year the U.S. federal government has asked its citizens to be extra mindful. On May 12, President Biden signed Executive Order 14028, “Improving the Nation’s Cyber security” to support our nation’s cyber security and protect the critical infrastructure and Federal Government networks underlying our nation’s economy and way of life. Although the mandate does not apply to NGOs, everyone should follow good security hygiene.
When I look at the state of cyber security, it breaks my heart. We live in a world where security experts tell us to assume that most of our data has already been compromised because in all likelihood it has. While there are factors that are out of our control, many others are within our control. And yet we let opportunities to secure our data slip between our fingers due to lack of interest in cyber security.
Organizations are being hacked daily, their data exfiltrated and/or their systems locked cryptographically until ransoms are paid. Almost 50% of organizational compromises are the results of insiders. No, not malicious employee-hackers inside an organization but rather careless or clueless employees who fall for vishing, phishing, MIM and other attacks. These incidents can be greatly reduced via training and good cyber hygiene. Yet many users complain about security measures being anti-productive and cyber security training is not being allotted sufficient time by many organizations. Whether it’s time constraints or the idea that it’s solely the IT department’s job to keep them safe, the result is that cyber security training is often shunned.
![image_thumb[4]](https://www.falconitservices.com/wp-content/uploads/2022/10/image_thumb4.png "image_thumb[4]")
Sadly, we log only between 10-20 participants during our quarterly cyber security training. It’s rare to see business owners and managers attend despite the fact that their accounts would yield the greatest damage if they were to be compromised.
We often see tickets from users who have not attended cyber trainings asking whether obviously fake emails are real or stating that they cannot open attachments with links to Web sites that are indubitably malicious.
Until organizations and their employees start to take cybercrime as a problem that needs greater attention and cooperation, the dark Web will continue to increase in size with the data that has been stolen from us all, and hackers will continue to fill their coffers with the ill-gotten gains of our inexperience and carelessness.
Falcon IT Services publishes recommended baseline security practices which can be found at:
https://security.falconitservices.com.
In addition to yearly cyber security training, we urge everyone to review and implement good security practices and include policies and guidelines in your organization’s training and onboarding manuals. If you wish to receive an easy to edit electronic version, contact us for an Excel or Word-based file containing our cyber hygiene baseline policies