Information Security

Information Security – Make it a regular conversation

By Blake Britton

Information security is a key part of business IT and needs to be a KEY part an overall business strategy. No longer is IT Security the only solution to damaging data breaches. Rather it is everyone’s responsibility to do IT securely. Security is discussed all the time, and we all are concerned about the safety of our data; but now is the time we need to be even more vigilant about security. The “attackers” are getting more sophisticated and can temp us with information that looks like an “everyday” email or piece of information. But sometimes what lies on the other end of a clickable link or image can bring your entire data infrastructure and business to a halt. Wade Kilgore, VP of Technical Operations, wrote an article last month introducing our partnership with a security learning management system. This is only one step in helping our end users identify and deal with threats to being compromised by attackers. Here are a few other things that can be done by companies to help combat the growing threat to our business.

 

Weekly/monthly company discussions about security

  • Making our workforce aware of common threats as well as talking about what you’re doing as a company to protect your data is a great way to keep this on the front of everyone’s mind. Department meetings or company meetings that happen on a weekly or monthly basis are a great time to remind everyone of the common threats and risks. Sharing an article or a story about recent companies that have been compromised is a great way to put IT security on the agenda. If security and awareness can make it onto a company agenda, it will really show your team how important it is to stay educated and vigilant about IT security.

Share with your entire company the impact it will have on your business

  • We must realize that it is not “if” but “when” a company will be compromised by either cryptolocker, ransomware, malware infection, or phishing attempts. When this happens, you’re faced with limited options, most of which come down to restoring from your most recent backup. This is assuming the backup has not been infected as well. The fact of the matter is you need to have a plan to deal with the “what if”. We think it is important to keep your team up to date on the impact it will have on your business and the recovery plan. Most companies will be down the better part of a day to restore systems to their most recent backup. Just knowing the impact and discussing it with your team is a big step in being more proactive.

Training

  • This one cannot be overlooked, businesses need to invest in training our people what is out there and what to look for when it comes to malicious content. Axxys has invested in a partnership with KnowB4, an information security learning management system. With this learning management system we can work with clients to create a training plan that best suits their organization. The training is mainly a series of videos for specific content. We also have the ability to send emails to everyone in the company to “test” them as to whether they would click on links they should not be clicking on. In the event a link is clicked within the “spoofed” email, the simulated breach is logged in the learning management system, and the user can then be enrolled in a training course that will help them to identify this threat in the future. This system is a great way to keep everyone up to date with the latest threats in information security.

 

Invest in your people, have the conversations, and keep information security on the forefront of your business conversations. It is imperative that we do all we can to keep our data and infrastructure protected!