Not many people know this about me, but I had the amazing opportunity to grow up in Coney Island, Brooklyn. This was not the hipster, overpriced Brooklyn that we know of today. This was the Brooklyn that you saw in Hip Hop Videos on Yo MTV Raps. While it had its challenges, the lessons and education I got from living there were invaluable.
One of the lessons that I still carry with me today is the ability to be “street smart”. I classify being street smart as: being always totally aware of your surroundings, the ability to adapt to any situation, and the skills to communicate with people from all races, genders, and socio-economic classes.
As we embark on yet another Cybersecurity Awareness Month, I am compelled to think of ways that we don’t limit the awareness to just this month, but take things with us that will stick with us for the remaining 11 months. One action I feel that we can take is becoming more “cyber-street smart" in our everyday lives.
From my perspective, the internet is probably one of the most dangerous neighborhoods in the whole world. That neighborhood is overrun with crooks and criminals that are making billons of dollars a year on taking advantage of people who are stuck in naivety. For example, imagine walking down the street and someone you don’t know asks you for your house keys or passcode to your alarm system—would you give it to them? I know it sounds like a silly scenario, but think about how many times you have blindly given out your username, email, passcode banking information, etc. without knowing better.
More often than not, we—myself included—give out the keys to our digital lives with frequency. Cyber-criminals know this is a conduit for their business model and exploit it every second of the day. So, how do we work on this? How do we use common sense or "street smarts" to protect ourselves and the organizations we work for?
The industry is notorious for making things overcomplicated and paralyzing us with information. I thought for this exercise, we should simplify and apply the physical examples of street smarts I referenced above.
1. Being aware of your surroundings: If you work at an office building, you know that it is important to be aware of your environment. Anything from someone unfamiliar entering an elevator, to making sure you park in a well-lit area of the parking lot, we take natural precautions of staying safe. This must also apply to how we utilize technologies inside of an organization. A suspicious email or an unfamiliar "delivery person" could lead to catastrophic damage to an organization from a cybersecurity perspective. In many cases, cybersecurity is all about doing a gut check: if it doesn’t feel right, it probably isn’t.
2. Ability to adapt to any situation: In the world we live in, the question is not if but when a cyber attack takes place, what do you do? Even with the many protections we can put in place, the likelihood of an organization experiencing a cyber attack is high. The question for an organization to ask is, how quickly you can we respond and recover? If you have been involved in a cyber-attack on your organization, you fully understand that it is not as simple as computers smoking or the Matrix theme playing over the loudspeaker. You fully understand the feeling of being attacked and the chaos that ensues on all levels of the business. That's why It is important to have a proactive plan in place that has been tested and explained organization wide, in order to prepare everyone for an attack3. Holistic communication skills: In my years of experience, the organizations that had the best cybersecurity programs and cultures where the ones with great corporate communications. I am not going to get into the software vs. onsite debate for security awareness training here—however, any program you institute should have the business in mind. If you are financial institution, are you going to spend time around HIPAA? Are you going to train the CEO in the exact same way that you train the sales and marketing team? While these are extreme scenarios, the point needs to be made that your security awareness program is your most important defense and the more customized the program is for the organization, the better the results.
For bonus security points, train your employees to understand to damage of what a cyber-attack can bring to an organization. Lost wages, important files destroyed, and the company shutting down are actual ramifications the company could experience from an attack. I know there might be a debate on this, however, if employees know what an attack can bring to their everyday life, it could cause them to pause before the click a little bit more often.
Are you ready to improve your cybersecurity strategy and align it to your business goals? That's exactly what we're here to do. Contact me or visit IGIcybersecurity.com to learn more.