Every manager knows that technology offers many business benefits, from driving productivity to transforming operations to optimizing workflows. However, there is a dark side also. Technology can open up a company to cyberattacks — a threat that, in most cases, companies are not equipped to handle. So who’s most at risk? Small and midsize businesses. The biggest problem is that 80 percent of CEOs are non-technical. As a result, they haven’t learned to manage a risk that, right now, is bigger than any other financial or legal risk. This is where managers need to be able to step in and take action.
Watch Email For Suspicious Requests
Managers need to realize that their teams are a company’s first (and best) line of defense against all of the people who are trying to break in. What this means for you is that you need to train your team to look out for unusual requests in emails. The bad guys may pose as employees of the company and send requests for money or sensitive information. If anyone receives an email with an urgent request that involves money and asks for confidentiality, they need to confirm that it’s legitimate before taking any action. If they have to, they should walk into the manager’s office and ask them, ‘Did you really send this?'” Alternatively they can send the note to IT and ask them ‘Is this real, or is this spoofed?’ At a bare minimum they should scroll over the email address to see if it really came from mycompany.com.
Backups Should Not Be Stored On Your Network
Most managers sleep well at night knowing that in the worst case, if something really bad happened, they could at least just restore everything to the way that it used to be a few days ago. This only works if you can trust your backups. When you are backing up your files, store them in the cloud or some other place that isn’t connected to your company’s network. By doing this even if your network is compromised, you’ll still have intact copies of your information. This is a crucial step to protect yourself against ransomware attackers, who will likely encrypt your network backups as well as your local files.
Have Your IT And Cybersecurity Teams Be Separate
These days just about every IT department has some form of a cybersecurity team. The big question is if this team is just a few of your IT team that get called on when there is a security incident or is it their full time job? Your IT team really should not be managing cybersecurity. It turns out that IT and cybersecurity teams should have very different goals.
The purpose of an IT department is to give people access to computers and technological assistance. This is different than what your cybersecurity experts do. They control access to technology and networks. Their job is to prevent breaches and find vulnerabilities in a company’s security systems and processes. Managers need to realize that it really doesn’t make any sense to have the people that might make security mistakes be responsible for figuring out what mistakes are being made.
Make Sure That You Understand The Trade-Offs
Managers need to understand that security does not come cheap. Any cybersecurity solutions that your company implements can be cheap, easy or secure — but they can’t be all three of those things at once. Managers will have to pick two of the above. What we need to realize is that we can’t have cheap security — that’s easy. You also can’t have easy security that’s cheap. We need to understand that there are trade-offs.
Train Team Members To Recognize Phishing Attempts
If you take a look at the statistics you’ll discover that about 90 percent of company breaches are caused by a phishing attempt. What happens is that a bad guy often poses as a co-worker — or a trustworthy organization such as a bank — and tricks people into handing over sensitive information like passwords or credit card numbers. It is possible for phishing attacks to be sophisticated, so it’s important to train employees to recognize the signs of phishing. These signs can include unusual requests for money or information, fake website addresses or suspicious email attachments.
What All Of This Means For You
So let’s face facts: the bad guys are out there. They’d love to find a way to break into your company and disrupt what is going on. As a manager, one of your additional tasks is to find ways to keep your company safe. In order to do this, you need to understand what the threats are and then guide your team to make sure that you are able to mount an effective defense.
That defense starts by having you instruct your team on how to keep their eyes open for suspicious emails. Your team is the company’s first line of defense. Making backups of all of your important information is a key task that needs to be done all the time. However, you also need to make sure that your backups are stored somewhere so that they’ll be unreachable if somebody does break in. You have an IT team, make sure that your cybersecurity team is a separate team. They have different goals and you need to keep them separate so that they can focus on their specific goals. Phishing is the #1 way that the bad guys are able to break in so you need to take the time to train your team on what to look for.
The good news is that with a little bit of training, your team can become a solid piece of the wall that your company puts up between them and the outside world. However, as a manager it is your responsibility to make sure that everyone on your team fully understands what their role is. Get this part of your job right and you’ll be able to sleep better at night!
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™
Question For You: How can you teach your team how to recognize phishing emails?
Click here to get automatic updates when The Accidental IT Leader Blog is updated.
P.S.: Free subscriptions to The Accidental IT Leader Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!