CYBERMANIACS CYBER SECURITY AWARENESS https://thecybermaniacs.com Serious Security Awareness through Laughter. Tue, 04 Aug 2020 17:14:42 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.2 https://thecybermaniacs.com/wp-content/uploads/2018/04/NJ00831-Icon-Logo.png CYBERMANIACS CYBER SECURITY AWARENESS https://thecybermaniacs.com 32 32 Cyber Security Awareness: Role, Unicorn, or Service? https://thecybermaniacs.com/2020/08/04/cyber-security-awareness-role-unicorn-or-service/ Tue, 04 Aug 2020 17:14:41 +0000 https://thecybermaniacs.com/?p=4639 The post Cyber Security Awareness: Role, Unicorn, or Service? appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

Managing human risk is one of the top growing concerns with CISOs and business executives around the world.

The role of a Security Awareness & Communications Manager as well as cyber security awareness computer based training are two key areas to increase maturity and effectiveness for creating a more digitally secure workforce. 

Gartner stated recently that by 2022, 60% of large organizations will have a full-time equivalent (FTE) dedicated to security awareness and stated that hiring for the right skills in security awareness management roles will strengthen an organization’s overall program and security posture”. 

AND then 2020 and the current panicdemic/coronapocolypse has thrown many a business plans right out the window. Information security teams everywhere have had more than a few curve balls to deal with. We wanted to take a look at the many considerations for how current events are affecting the trajectory of growth in this role, and while we support and work with these types of roles at many organisations there is much to be said for HOW RUBBER MEETS ROAD in terms of role timing, maturity, budget. 

Balancing Cost and Optimization in Cyber Security Awareness Programs

 The current employment landscape Mid-COVID is the worst it’s ever been in my career, and I worked through both the dotcom era and the crisis of 2009. MOST managers we are speaking to now are being asked to do much more with less, roles are folding into each other and they forsee many more headcount/budget restrictions in the near future as the economic and pandemic recovery are taking longer than expected. Many more CISO’s will be asked to decide on cost savings in Q4 and into 2021, or at the very least will have to address organizational structures or even perhaps delegating security functions such as architecture, system engineering and development to relevant internal IT teams. 

If you need a plan to balance cost reduction with optimization efforts in the employee awareness and training space… here are a few things to consider. 

creative cyber awareness solutions

While SANS and Garter advocate for adding FTE roles in order to expand and mature your program, in these times, creative solutions are needed when adding headcount isn’t an option. Many times a bridge is needed before you are able to bring a new hire onboard.  

 The special situation here is threefold.

1. The critical need to expand and maure a security awareness program at most organisations to meet the need of securing the human element within all working environments.

2. The awareness and culture champion role itself is rapidly expanding, taking on new areas of responsibility with the shifting maturity to a culture and behavior, as well as continual improvement. 

3. The new and sudden contracting or re-optimised budgeting cycle of most organisations requiring new ways to get it done.  

Staffing your Cyber Security Awareness Function

The data in the 2019 SANS report shows a strong correlation between full-time employee (FTE) staffing, program maturity, and success. 

  • Programs have achieved success at changing behavior when there have been at least 2 FTEs dedicated to awareness. 
  • Organizations reporting successful change in culture and metrics programs indicate 4 FTEs dedicated to awareness. 
The role itself of the Security Awareness Manager or Security Awareness and Culture Champion has been expanding and maturing for years. It is great to welcome more talented people into a fast paced and important cyber security area! But each company is going to address it differently based on current needs, culture, the maturity and state of its training program. The function of Cyber Awareness is evolving with new outcomes desired around sustained culture change, behaviour adaptation on a regular basis, policy and technology adoption and adherence. The requisite list of skills, competencies, culture, attitudes, and knowledge that are listed on job descriptions to actually deliver these programs is expanding and stretches wide across many quite disparate domains of expertise. 

Gartner states this at the start of the article: Many employees view security awareness training as boring and hard to understand, so finding the right talent with the right skills to lead your training program is critical. (We say lead or deliver or whatever but we’ll get to that later…) 

Full disclosure: I’ve spent years working in enteprise change and technology adoption- of planning and assessing roles and IT functions, PMO and user development. So when looking at where this is going and how we are going to grow and evolve, innovate and help people realise a better digital future EVEN in the face of 2020 and murder hornets and aliens… as they say, this isn’t my first rodeo. 

The Role of the cyber security awareness lead and culture champion

According to research as well as our own dive into Indeed and Linkedin to see what was up in the market at the moment in terms of roles and hiring…Here were the regularly mentioned competency and skill areas needed for a Cyber Security Awareness Lead.  
  • Adult Education, Professional Development, L&D 
  • Learning Technology 
  • Communications 
  • Marketing 
  • Cyber Security 
  • Psychology and Behvaiour Change 
  • Organisational and Saftey Culture
  • Change Management
  • Data Science
  • Statistics
  • Reporting and Dashboarding
  • Project and Program Management
  • Social Sciences
  • Oh and they have to be creative 
  • Oh and they have to be innovative 
  • Oh and they need relationship skills 
  • And need to fit your culture, and be a self starter….
According to SANS 2019 Security Awareness Report… there’s a GAP between the technical side and creative side of this role in terms of sourcing talent.

This year’s data shows that a majority (80%) of awareness professionals come from some type of technical background. Less than 20% have a non-technical background such as communications, marketing, legal, or human resources. 

“A lack of soft skills, such as communications and marketing, continue to limit an organization’s ability to engage their workforce. Awareness professionals generally bring a dynamic set of technical skills, but can lack the skills to communicate their program needs.” 

FEW things to keep in mind

  1. There are no such things as unicorns. 
Let’s be honest. Looking at the list above, any company would be hard pressed to find ONE person with half those skills in place. Not that people can’t be guided and trained into this, but two thoughts. One, what kind of timeframe do you have to deliver creative, personal, dynamic cyber awareness content (yesterday) and what is the learning curve to develop wicked comms and creative skills or conversely navigate the very complex and technical world of cyber? Also, the wide range of competencies and expertise needed is hard to find- normal learning paths, from university to professional development aren’t set up to go wide, they are setup to go deep and specialise. This range of skills will not be readily available on market, the demand pool will be low. 
2. What are your “need to haves” vs “want to haves”?
Any good hiring manager from HR should be telling you that a good job description comes down to realistic expectations… can you afford for this role to fail? This mismatch of hopes, skills, needs and expectations happens all the time in business, companies mixing roles from let’s say marketing and sales and thinking it’s pretty much the same function, we’re sure one person can do it. The risk is the position won’t be filled, or filled with someone who will burn out. When you start to cut back the job description to 50% or 60% , honing in on only the need to have skills, then the risk is in the role being able to fufill the necessary business value.
3. Hiring a FTE isn’t just the cost of a salary. Other HR considerations need to be taken into account.
    • Time/Effort to hire in a new role or new functional areas (with tough to find skills)
    • There aren’t enough people who have years of skill in this emergent cybersecurity role so the search timeframe may be longer than other easier to fill roles. 
    • Current COVID unemployment crisis will only make the hiring process more difficult, people will put their hand up (naturally) because they need a paying job, there may be an increased risk if they aren’t a good fit or can’t perform the role?
    • Increased headcount at any company comes with management overhead, increased fringe spend, kit setup or real estate footprint, and other risks such as the complications of post-probationary periods etc depending on your businesses hiring locations.  
Kate Goldman

Angelo D’Agostino

HC Group Advisors

“When looking at these new roles and where companies are in 2020, adding 28%-30% to a salary is conservative when talking about the true cost of a hire. The hiring process and the cost of increasing headcount has implications across many business functions.”

 

The current salary ranges we surveyed on Indeed and LInkedin and with our HR contacts were anywhere between 70-150K in the US and between 50-80k in the UK. Add in your 30% overhead and the average cost of an organisation would be 90k USD or 70K GBP per year.

And the hard truth is that most likely the candidate will not have nearly all the skills listed in the functional matrix above because unicorns aren’t real.

You Cant Always Get What you Want But You Might Find You Get What You Need

When faced with the internal demand due to maturity, delivery, threats, or regulatory issues…  “we need to do more/better’ cyber awareness and  ‘we need people to get this done’, level-setting a talent pool internally isn’ the only way to get it done. If you have to scale back the ‘nice to have’ vs ‘need to have” which skill set could you lose? Communications? Nope. Cyber Savvy? Nope. L&D knowledge? Nope. Creative and graphic design? Nope. Data and metrics, or is this where culture slides off the table? 

 

And what about the ‘je ne sais pas quoi” or artistry behind many aspects of the creative side which is incredibly important? Simplifying complex topics into things normal people can understand? Understanding signs and semiotics, brand and culture, playing to demographics, the art of rhetoric? What about being able to find the right way to emotionally connect to you internal audience and capture attention? Being skilled in the visual and digital means to deliver a concise and critical message? Or about deeply understanding that the mission we are on is about more than corporate compliance, it’s a mindset shift and a personal journey of change that everyone needs to go on…. but I digress. 

Consider This:

What if you could get the wide range of expertise needed through access to a team who specialises in every aspect of delivery of cyber awareness learning, with a wide back catalog of content, and the agile and digital delivery mechanisms to make it work…. at a fraction of the cost of an FTE and the flexibility you need to navigate these uncharted waters?

Would it increase your ability to secure your company and re-allocate resources to other critical threat areas if you could remove the issues around needing/finding a unicorn, the cost of hiring, the risk of not finding the right person or set of skills? 

That’s really the reason why we put Digital Club Gold together. Our customers were asking for it (literally, Hey guys could you maybe give us all that cool content you provide on a regular basis and could you come in and help us work in better and more innovative ways and how do we measure that oh yeah and by the way can you customise it for our company and put out brand and colors on it and we said, um, yeah. ) 

We give you the full unicorn at a price in line with 2020 budgets and the flexibility to turn things on and off as needed. Google just extended working from home to 2021, (we don’t even want to think about the real estate footprint they have with what the Chelsea building at 1.8 billion and the London offices alone!) What is the value of having top-rated content, a team of experts, and the flexibility you need for the foreseeable future vs hiring a full time role? If getting to the next level of maturity is critical, or if you need to deliver something new to a remote workforce, if you want new metrics on the human aspects and soft risk indicators… Call us.
A well placed Security Awareness as a Service with a consultative wrapper for your business could:

  • Take away the problem of output, ramp up periods, downtime. 
  • Bring a team of culture, behaviour, learning, creative, cyber experts to your table. 
  • Increase your agility through our fresh approach content development with a trusted ongoing process for creative and behaviourally focused design. 
  • Leverage greater efficiency through our shedload of ready to go and ready-to-customise content- so you can execute on more with super high quality digital content, videos, and other learning items but still get that custom/brand touch that makes it look like it’s from your team. 
  • Make exponential change for incremental cost increase. For many job tasks around security awareness  it doesn’t matter if you have 500 people or 50,000 people, the  time requirements are similar. 
For examples of work, free samples of content, and a chat with our folks… please fill out the short form below.

Digital Content

Social Posts, Memes, newsletter text, infographics, interactives & more.

Video Content

Sketches, Songs, Newsdesks, Human & Fuzzy Fun

Print & Merch

Posters, coasters, toasters, signs, mailers, postcards & more.

Delivery Team

Weekly Support, Team of Experts, Customise Everything, Culture/People First

What is this Digital Club Gold you speak of?

6 + 12 =

The post Cyber Security Awareness: Role, Unicorn, or Service? appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
Differences Between Free Cyber Awareness Training vs Paid https://thecybermaniacs.com/2020/07/02/free-cyber-awareness-training-vs-paid/ Thu, 02 Jul 2020 19:00:03 +0000 https://thecybermaniacs.com/?p=4540 The post Differences Between Free Cyber Awareness Training vs Paid appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
One of the great quotable movie scenes of all time is the scene in the third Indiana Jones movie, Indiana Jones and the Last Crusade, where the ancient Knight guarding the Holy Grail gives a heads up to the Nazi treasure hunter and Indiana Jones to “choose wisely”.

As you may recall, the Nazi chose the ornate golden chalice, believing it was “fit for a King”, while Indy chose the wooden “carpenter’s cup”.  Indiana thought about the person, who Christ was and what he would have used. A savvy metaphor for many decisions in life, and can also apply to how you choose cybersecurity awareness. 

There are a range of cyber awareness training solutions on the market today, and some even offer some courses or functionality for free. Free is great, and it has its purpose and time, and can indeed be useful if you are just getting started or have no other options. 

There are basically 3 types of cyber awareness training we’ve seen on the market (well TBH it’s our competitor analysis too so our work is now your gain!)

Freemium Models

SOME of the content is free and then you pay when you need more (and you probably should always need more). So free upfront, but then will cost you to stay or cost you to move. So not free free. 

Off The Shelf

Off the Shelf “elearning modules” single buy “courses” or cyber awareness video packs. Great cause they are cheap and scale. Bad because they are often old ineffective for any real learning or change- when was the last time you were motivated to change all your bad passwords because of one 2 minute explainer video? So, yeah. 

Platform Vendors

Platform Vendors deliver courses or learning programs through an online platform. Usually charged per user per year there is a wide range of styles, approaches, prices, and functionality- so it’s good to have a vision of what you need and what you want to get out of a program before you start down this road (for a guide on how to do this and free resources, check out our blog good better best HERE)

We’re assuming that you know what cyber awareness training is all about. You know that your company and it’s people need to learn how to become more cyber secure, and you’re now looking at solutions and learning how they work. 

Here’s a few helpful questions and facts that can help you as you decide what’s best for your company, your employees and your budget.

What FREE or CHEAP covers: 

  • Generic knowledge and compliance-focused content
  • The ability to capture a snapshot of awareness following the completion of a content element
  • Content that targets the many, without addressing the tools or demographic makeup of a business
  • Cheapest and quickest content production methods, so tend to look clunky or dated 
  • Often need hosting so you can access data and reporting
  • Impersonal content which doesn’t always align to internal policies or standards, i.e. password length and complexity
  • Paid for add-ons to meet your needs

What they miss: 

  • Continual development of baseline and evolving security knowledge
  • Higher production values or an eye to creativity, this varying content quality in terms of graphics, sound, voiceovers, text readability and more can actually have negative effects on user adoption and knowledge retention
  • A comprehensive program for change, so outcomes tick the box for compliance but don’t do the heavy behavioural change lifting required in so much of cyber awareness (don’t even get us started on passwords. One video does not make for habit breaking on password reuse, for instance).
  • Appropriateness of content to your audience, staff, internal policies or standards
  • Generic feel with content that doesn’t relate to real-life scenarios that your staff may face
  • Reactive and departmental content
  • Can be dated or old fashioned

 

How to Choose a Cyber Awareness Vendor that’s Right for my Company?

Start Here: 

  1. Compliant with GDPR, PCI, local regulations
  2. Culturally appropriate
  3. Provides meaningful metrics
  4. Has supplementary content
  5. SSO compatible
  6. Cost-effective
  7. Content for role-specific training i.e devs, c-level
  8. Ability to report on completion by Manager and Department
  9. Ability to delete or archive once the user has left
  10. Ability to assign content based on departments
  11. Bite-size courses with videos
  12. Refresher capability
  13. Easy way to flag users that ignore tests/refreshers
  14. Ability to send manual/auto-reminders to users/their manager that have ignored/not yet completed courses/refreshers
  15. Mobile/Tablet friendly
  16. Cost per user
Idea: Why not set up a focus group to understand how other departments and seniority levels find each tool to see which meets the needs of a program and engages the masses.

Your wishlist doesn’t have to include all of the above, some listed may be more important than others, but make sure to understand what matters to your business and review each option against the list. We’re not saying don’t do it, we’re saying if you are going to do it, do it well. 

Common Challenges in rolling out Cyber Awareness Training Programs

Many larger organisations have rushed out programs, or delivered dull content at scale and actually turned sentiment of the users against them. From e-learning modules that go on for 40 minutes, to repeating the same modules year after year for compliance- we have heard countless stories of people who felt bored, afraid, guilty, confused, and shamed because of cyber training experiences of yore. There is a better way. 

 

If you didn’t start with the basics, if you haven’t trained on a holistic set of cyber and digital safety topics- now is the time to start. The cybercrime explosion, the complexities of remote working, and the still uncertain future mean that a clear, safe, easy path is not the future for all of our businesses. The journey to creating cyber secure humans isn’t complete with one slide deck, a few e-learning modules, or a short burst of ‘training’. 

What do we mean by cyber secure humans?

Well, that we know about and we take our digital selves and security as seriously as we do our home and car security. We know the local rules of the road when we get our drivers license, we (should!) know enough about how a car works and what to do (or who to help when something goes wrong like a mechanic). We know to lock it when we go out, to install layers of security when needed, and to always keep an eye on our surroundings. That’s what we are really after here at The Cybermaniacs, to help as many people as we can to take charge, responsibility, and be engaged with digital safety. (We can wax rhapsodic on this for hours, sorry, moving on).

So at the end of the day, free can get you from a to b. Or give you a quick start. But where on the alphabet do you want to be? Is your industry at greater risk? Is your team already pretty cyber savvy or nah? Are your partners or customers concerned (and asking in contractual form which many many more are to date), about the state of your cyber security? 

Most of what is listed here in the FREEBIES are tasters; a comprehensive program ticking all your boxes will come at a price but will save you oodles of cash by developing a secure workforce, who are savvy and know their roles, responsibilities and how to report their suspicions. 

 

Trying something new or innovative can require a leap of faith. But the rewards are worth it once you cross to the other side!

Thinking longer-term, and not just about what will get you through the next audit means:

  • You will need to continue to educate, adapt, and motivate your team to keep skills sharp and stay up to date with the latest changes in tech and risk. 
  • You will have to get past the basics and soon, 
  • Only covering one or two risk or tech-based topics, like phishing alone, can leave gaping holes that cybercriminals are happy to walk on through.

Securing humans provides an extra level and line of defence for your company against cybercriminals and digital errors of all kinds. Remember, MOST data breaches rely on human error, action or activity. Can you afford to not secure your humans though a shoestring awareness program?

Don’t let budget be a barrier to an awareness program, and free is better than nothing at all, undestanding the caveat that it won’t meet many important requirements.

The post Differences Between Free Cyber Awareness Training vs Paid appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
The Princess Bride: Security Culture Runs Deep https://thecybermaniacs.com/2020/06/19/the-princess-bride-security-culture-runs-deep/ Fri, 19 Jun 2020 16:40:43 +0000 https://thecybermaniacs.com/?p=4482 The post The Princess Bride: Security Culture Runs Deep appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

“Inconceivable!” In Rob Reiner’s masterpiece, The Princess Bride, Vizzini distinguishes himself by repeatedly denying that the events ultimately leading to his death are actually happening. Vizzini, (played by Shawn Wallace), is a genius with a long, distinguished reputation for being the smartest person in the room…hell, on the planet! He has been getting things right when others have been hopelessly wrong for decades.

His decidedly less intelligent, more humble companions, however, seem to immediately appreciate the unfolding events much more accurately than he. “Inconceivable!” Vizzini shouts again. Finally Inigo, (Mandy Patinkin), offers a gentle, polite challenge in a heavy Spanish accent, “You keep using that word. I do not think it means what you think it means.” Eventually the inconceivable events catch up to Vizzini and he his killed. At least he dies while laughing as he’s convinced he’s just cheated the moment of death instead of walking straight into it.

Vizzini’s use of “Inconceivable” always reminds me of the use of the word “culture” in corporate settings today. Particularly when it’s used to talk about creating a cyber security culture or information security culture.

Ever since Peter Drucker started talking about culture as a key element to corporate success in the late 1900’s, “getting culture right” has been on the leadership agenda. And yet, very few business leaders I’ve ever met seem to really understand what culture is, how it evolves and how to go about changing it. When it comes to culture change, leaders tend to all default to a single way of achieving it. The standard, not-all-that successful, completely over-relied-upon formula for culture change is:

Top down mandate from executive leadership + clear policy support + continual comms of catchy slogan = culture change….sometimes ???

You can forgive cyber security leadership for relying more heavily than most on this top-down formula. Much of the culture of the cyber security professional community is a hand-me-down from military and law enforcement culture that shaped the early careers of many in cyber security leadership positions. 

In those highly-esteemed, professional communities, top-down leadership and strict governance works. Subordinates are recruited, trained and promoted largely on the basis of their willingness to follow orders with precision. Top-down change initiation and execution works quite effectively when you have people who are predisposed to follow top-down directions.

But most corporations don’t hire for process-discipline orientation as a top priority.

In fact, corporations have recently been trying to seed and stimulate diversity and innovation wherever they can. There has been a fundamental recognition that people are creative. And if you hire people who are experienced and skilled in a certain area and diversely creative to boot, you can derive value from allowing them freedom to change things up. What you end up with when you hire that way for a while is a group of individuals who feel more entitled to discount and even challenge top-down mandates and to plot their own course.  Those individual courses are shaped much more by the culture people bring with them to the party as opposed to the culture of the company they are joining. (For more on how we use autonomy as a central part of our learning experience click here)

Accordingly, it’s far more difficult to influence a person’s behaviour to change by top-down organisational governance if elements of that governance, or the approach of a compliance initiative, conflict with the basic cultural norms instilled in an individual during childhood. Our parents and/or early care givers invest in us values, habits and we live through other experiences that shape our internal compass, long before we ever pledge our allegiance to our first employee handbook.

Although establishing strong corporate governance is a powerful tool to organise, it has proven to be less and less effective at shaping culture as the diversity and innovation agendas have grown in strength.  And that was before the lockdown ushered in a new era of working from home.

Effective cyber security hasn’t been only about behaviour in the office for a long time. We’ve been living in a growing state of always-on, everything-connected for well over two decades now.  What staff do online out of traditional business hours and when outside traditional office spaces, has had an increasing impact on the susceptibility of their organisation as laptops, mobile phones, software as a service and social media have all become more pervasive. It’s not hard to imagine the different work environments that each individual in a company now have as we have been pushed to work from home. The unique physical environment is also matched with an equally unique set of cultural influences. 

How do you create a culture of information security amongst your staff that not only influences behaviour in the office, but everywhere else too? It’s not a new question for cyber security, but it’s critical to answer it better than organizations have to date. The intersections between family activities and work devices or work e-mails and personal devices are too many to ignore. I think most people would agree that extending the scope and detail of organisational governance to dictate behaviour 24x7x365 for all their employees everywhere is not reasonable, nor would it be received favourably if it were even legal.

In other words, the standard, not-all-that successful, completely over-relied-upon formula for culture change is going to be even less effective now than it was before. 

 

Lessons from Marketing Science 

Marketing and advertising science can offer clues as to where we go next in terms of compelling people to change their behaviours to be more cyber safe. When they want to change someone’s behaviour, usually to compel them to buy more, switch a brand or sign up for a service, they tailor their message to their target demographic. They learn all about the needs, interests, desires, fears and trigger phrases that compel different demographic to act. Then they shape their messaging to hit all those hot buttons per demographic.

This may sound like a lot of work. But there is good news. 

  • First, retailers, marketing firms, brand scientists and social scientists have been doing this kind of sub-culture typing for decades and there is a lot of data out there about how to shape your messaging to influence people with certain cultural preferences. 
  • Second, like tends to hire like. So the variations of different cultural sub-groups within your organisation will be limited, even if people are working from home and spending less time contributing to the strengthening of an overall corporate culture.

Different strokes for Different Folks 

For those people in your organisation that respond well to warnings about future problems and react to a top-down call to arms to defend the perimeter against the invading hacking hordes have been reached. They’re all good. There is an enormous conformity amongst cyber security messaging to date, all relying on warning of negative consequences at both an individual level and corporate level if certain behaviours are not observed. Not surprisingly, the cyber security community tends to produce compliance and awareness programmes that would work for them.

If you’ve ever attended a ‘traditional’ cyber security awareness training session, you can immediately feel the oppressive weight of that top-down emphasis. 

Marketing science has shown time and again that actually, lots of people respond to positively toned messaging more than negatively toned messaging. Particularly if the message is repeated. What’s more, different sub-cultures within your organisation will respond to different messaging styles better or worse, tuning them in or turning them off to the message content to differing degrees. 

In order to get a compliance programme tailored to have the maximum impact across your company’s various sub-cultures, the following steps are required as a minimum:

  1. Define the various sub cultures within your organisation
  2. Characterise the learning & leadership style preferences of each
  3. Tailor your comms, learning materials and behaviour change incentives to the learning & leadership style preferences per sub culture

The process of defining sub cultures within a company is actually fairly painless. It used to be that culture surveys involved hundreds of questions that would take the better part of a morning for employees to work through. But that was decades ago. In the 50 years that social science has been examining culture in the workplace, the data collection method has been refined. 

A 30 minute commitment from staff is all that is required to get the data required to achieve dramatic insight into how various subcultures have evolved and taken root in a company how to best approach groups of people to effect change. (for more information on how our human baseline and cyberpulse surveys can help you come to grips with your digital tribes and compliance sub cultures, click here)

So as we embark on our “new normal”, partly in office, partly at home, maybe back on the road someday… we will need a new approach to establishing the behaviours required to keep us cyber safe. 

If we are smart, we’ll start to take chances on employing new ways to reach and connect with our now more-dispersed audiences.  

Which path will you choose? Will you double down on the old, standard, top-down methods, like the rather inebriated Inigo as he barricades himself in the Thieves’ Forest waiting in vain for Vizzini to return and provide him with orders? Or will you let that creativity fly, and embrace the possibilities of doing something different?

You can dare to dream, survive the evils of the fire swamp, ROUS, and the other perils of cyber security if you put some heart into your culture and help to make it thrive. 

 

How do you find true love?

We’re here to be the miracle max to your entire awareness program, and yes, the chocolate coating does make it go down easier. 

Just because you have an audit, you don’t have to put your staff through the sucking machine from the princess bride. We promise, there is a better way. 

 

The post The Princess Bride: Security Culture Runs Deep appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
Want to Survive 2020? Get your BCP, Culture & Cyber Security Both Agile & Resilient https://thecybermaniacs.com/2020/06/18/want-to-survive-2020-get-your-bcp-culture-cyber-security-both-agile-resilient/ Thu, 18 Jun 2020 16:02:26 +0000 https://thecybermaniacs.com/?p=4279 The post Want to Survive 2020? Get your BCP, Culture & Cyber Security Both Agile & Resilient appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
In times of crisis or chaos it’s hard to see beyond “the now”.  15 days to flatten the curve that has turned into… months.  But don’t let it get you down as there are important things to build and progress to be made! I’ve always believed in actively creating the positive change you want to see in the world- and as we’ve seen in the past few months, fortune favors the prepared. 

But I am wondering as we return to work, we look ahead to the rest of 2020 and 2021…What if we get a second wave?  What if it’s another blow to your business, your customer’s recovery, or your supply chain?

A recent Gartner survey found that 71% of CXOs say business continuity and productivity are the biggest risks from COVID-19 followed by employee health and safety (69%), financial risk (45%), information security risk (40%), fraud risk (27% and IT risk (27%).
I asked these questions to our partners and customers. For our friends and partners in IT Services, Security as a Service, and consulting… when your customers are able to reassess the future, what questions will they be asking you? What problems will you need to help them solve?

But the lessons still apply for all intrepid IT and IS leaders- how can you create trust and agility for 2021, will your culture and company hold together without it?

For companies both big and small there more major, difficult conversations directly ahead. (Yes, still. Sorry) Are we ready for an acceleration in multiple strategic directions all at once? That usually feels like the fabric ripping at the seams. 

What needs to be done to find the right path forward within the framework of big complex business and tech and people changes like digital transformation, leadership upshift, agility, cyber security, and more?

BCP, CULTURE & SECURITY CONVERSATIONS TO COME 

Companies are faced with more fast decision making on how to come back to work, but as all good scrum masters know, the learning is in the retrospectives. Have you had a virtual coffee with your customers or teams to ask some basic but critical questions?   

    1. Did we do the right things to stabilize the business for the crisis while we were in the thick of it?  
    2. What things were we not ready for?  Were we really set up for remote working? Did everyone have access to the things they needed to continue their work?  Was everyone able to work safely and productively? Did everyone know what to do? Did they do it? 
    3. What is the best plan of action to prepare for a still uncertain future? 
The digital part is a necessary thread, and indeed these digital, remote, virtual, cloud, data centric changes are transformational. But when whacking in that new VPN or videoconferencing tool, thinking about the data and the systems first (or only!) is a recipe for failure. We’ve rushed through a bunch of change since February and March. How have your people dealt with it? Did the culture shine through and people hung together and rallied around your customer value and teams? Or was it like wet spaghetti slipping through your fingers? Were you ‘agile’ as a team, were your relationships trusting enough to be resilient in a time of change?
Kate Goldman
Kate Goldman

CEO & Founder Cybermaniacs

For forward thinking people with an intrepid mindset.. these few months of recovery are an amazing opportunity to help our customers and businesses in profound ways. We can help companies level up, modernise, and re-optimise across multiple dimensions driven by a survival-instinct level business necessity we have not seen before.

 

Digital Transformation Acceleration Imperative

Will all businesses start to see how digital transformation as imperative for business growth and risk mitigation? Having worked in a variety of IT roles for 25+ years, Steve Hood is currently Channel Partner Manager for NTE Limited, a Managed Internet & Services Provider.  His mission is to unravel the often complex world of technology through simple services.  Why? So Channel Partners and their customers are better equipped to tackle technology challenges securely, cost-effectively, and with confidence. Here’s what he had to say about the challenge his customers face: 
Steve Hood Cybersecurity
Steve Hood

Channel Parnter, NTE Limited

“Businesses big and small need to realise that technology alone doesn’t equate to Digital Transformation.  They need to consider People & Process, along with technology, in order to tackle transformation head-on.  I would argue that the People element is the most important.  If your employees understand what you are trying to achieve and why you’re doing it, and they are bought into it, then your chances of success improve greatly!”

Agility matters

The companies who embraced agility earlier and more wholly fared better during the first half of the Coronapocalypse. While the world is rife with uncertainties, disruptions, turmoils, dynamism, and ambiguity about the future, a business is more than a system to achieve numbers and goals. It is also its people, their experiences, sense of belonging, connectedness, a shared vision, and the tools and techniques to achieve it all.
john williams ceo agile
John Mark Williams

CEO Agile Business Consortium

Agility is more than the skill to sense and respond. It gives our teams the power to predict and prepare. Organisations that seek to mitigate risk, invest in agility. This pandemic has proven it.

BCP Can No Longer Be A Static Document

Much BCP planning pre-2020 focused on creation of a formal plan (and then sticking it in a drawer). But agility and resiliency mean that competency and culture are more important than the plan, which will never ask enough questions and will start to age the day you write it down. The gargantuan effort to create and maintain giant plans is not realistic. Or as I like to say: 

Post covidtimes and in order to survive the pancession, the ability for your organization to come up with creative solutions to new problems at speed will be a primary source of business value. 

BCP, Culture & Cyber Security

Culture Matters Most as glue to hold your people together

The graph above is quite the rollercoaster ride. Dare I say, unprecedented. A significant part of the workforce were asked to work in a new way in less than 24 hours. Then the explosion of attacks and threats from the cybersphere as the whole nefarious and malicious cast of characters exploited the chaos.

To adapt willfully, successfully, securely and rapidly to the changing situation requires more than process discipline and cloud technology- culture starts with leadership, is built by the team.

We can only expect people to do the ‘right thing’ in a crisis or working from home, if it is embedded deep as part of your security culture.

Baseline Digital Competencies and Capabilities Were the Key Differentiator to Flip & Recovery

Flipping to ‘work from home’ in roughly 24 hours… a SMB would have had to have the right tech in place (obvs) AND users skilled enough in a whole host of digital competencies to do that quickly and securely (maybe not so obvs, AND enough culture and caring to hold the team together.

How many of your customers had great cultural underpinnings of agility to ride the wave? If they had the right tech in place at least, did the people who staff the company even know what to do? 

Having an entire workforce be able to do the right thing, at the right time, in any scenario….means everyone needs to be upskilled ready to roll on all BASIC CYBER THREATS & DIGITAL COMPETENCIES in a continually updated model.

Hey IT Service Proviers & MSP’s: Many of your customers are without cyber training, or have immature, disconnected and underfunded programs. Only 25% of SME’s currently run cyber awareness training and only 53% of companies overall. DYK? Of the 260 Billion currently spent on cyber security hardware, software and services globally, only 1B is spent on cyber awareness training for employees.
This seems shockingly out of proportion against the research that shows 80% of breaches and incidents were caused through human errors, mistakes, and snafus. And it showed during this crisis. We heard countless stories of small, midsize, and even some large well known brand names that struggled with the shift to remote work, virtual teams, weren’t set up securely and suffered huge losses in productivity. We also heard stories of a few great small businesses who were able to pivot and thrive in real time because they had started to embrace digital transformation, agility, and culture years ago. 
Michael Brett
Michael Brett

President Vanguard Cleaning TX

Looking back, we felt we were able to switch to remote working quite easily, as we had spent the past few years optimising our business across multiple levels. Being prepared meant we were able to focus 100% of our effort on our 3 point model and meeting the shifting market, rather than worrying about the tech or new workflows of our teams. The three points we focused on were awareness of outside forces to meet the market, agility that allowed us to shift product strategy and react quickly, and action which ensured the team is meeting our customer needs for rapid communication and partnership during the crisis. 

The solutions you create now will either create or break trust in 2021 

BCP, Culture & Cyber Security
Many businesses caught off guard will desperately need to make the changes to survive and thrive. Some of the answers to questions above will require extraordinary business transformation and will require months of planning implementation and execution. But with any change portfolio, some can be those small wins, quick fixes, and slam dunk solutions. 

  • What can be done now, what is easy and inexpensive? 
  • Where do we not have expertise or the ability to scale? 
  • What are the plug and play solutions so we can focus on strategic imperatives and business specific essentials? 

Here’s one big question to ask and answer for your customers. Did your people know what to do to keep your company and customers safe? What if it was easy to start to fix that so you can move onto harder things?  

For many companies cyber security training for employees will be on the wish list of things to implement in the next 6 months. (or as we like to say, YESTERDAY).
Our entire raison d’être is to create cyber secure humans that act as continuously adapting cyber defense agents. This means they have absorbed and contributed to a culture of security and therefore have the mindset and values as well as the competency and skill to do the right thing at the right time for themselves and your business on any digital front. The explicit knowledge based short term training of the past will absolutely not get you here.  We feel that’s because creating a cyber secure human starts with “the human”, and that’s not threat based (ie just phishing) but centered around their whole life.  
To be totally honest the elearning modules about passwords safety have been going on for 10 years and haven’t gotten us anywhere. Why give them something old,  training that was built three years ago on technologies styles and approaches that quickly become stale and outdated?
Remote Working
Why in this time of psychological stress would you increase complexity guilt fear or shame that is commonly associated with cyber training? Frankly we don’t think negativity is a good move right now.
So when your customers talk to you about security, first ask about their people. Ask about their culture. Ask if they’d like to create happy, safe employees- regardless of where they work. (and if the answer is yes, you might want to check out our partnership program, just sayin’).

The post Want to Survive 2020? Get your BCP, Culture & Cyber Security Both Agile & Resilient appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
3 Quick & Innovative Ways to Keep Remote Teams Engaged With Cyber Safety https://thecybermaniacs.com/2020/06/09/innovative-ways-keep-remote-teams-engaged-cyber-safety/ Tue, 09 Jun 2020 23:59:30 +0000 https://thecybermaniacs.com/?p=4149 The post 3 Quick & Innovative Ways to Keep Remote Teams Engaged With Cyber Safety appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

Remote working was on the move even before March 2020, offering a new set of pros (flexibility, larger area to source talent from) and cons (lack of in person social engagement, security considerations, management challenges) to companies across the globe.  In the wake of many companies rushing to work-from-home scenarios, and many more enacting dusty BCP plans that had never considered the WOW case scenarios, the first concerns in March were to get everyone online, back to being somewhat productive, and many leaders we spoke to were (rightly) primarily concerned with their teams mental and physical well being.  

Risks and Challenges of Remote Working Teams

The flip side and risk based challenges at the time that we are only now coming to grips with: 

  • Protecting your organization against the massive spike in cybercrime during this global crisis 
  • Your employees ability to rapidly adapt to new ways of working
  • Upskilling on the fly to new technologies and systems to use (ie zoom, teams, etc) 
  •  Keeping your remote teams engaged and productive as the crisis continues and the future still seems uncertain 
  • Working as a leader in your organization towards increased agility, contributing to a positive work culture, and maintaining your own productivity!

In order to meet the challenges above, a strategic view should be applied as to how to encompass positive culture change, organisational and team agility, digital skills, remote work capabilities, and cyber security awareness all in one go (cough cough, we do this). Here are some quick wins you can score along the way to engage your teams, deliver cyber awareness learning, support agile mindsets and build a positive work culture– to prove that these out of the box approaches work, to lay the groundwork for a larger learning program, or just to keep everyone in the loop in something that goes beyond a tick box exercise. (Cause we all know how employees, especially those under stress and quarantine love those one size fits all, long, dry, and dated e-learning modules).

3 Innovative Ways To Keep Remote Teams Cyber Safe (& Engaged!)

Virtual Team Cyber Trivia Games

Trivia challenge and quick player games can be built online and delivered to an audience via a link in their web browser. We’re particularly fond of the ones where the questions are on the screen and the users can use their own mobile devices as an answer pad- all delivered via browser, no downloads necessary.  Here’s a free trivia game we created for remote working teams during this global shutdown. Try it out with your teams today to see if this gamified approach works for you. (For customisation to brand or your policy, or to find out what other games we have up our sleeve, contact us here)  
cyber awareness training

Cyber Attack or Heavy Metal Band?

Short Infotainment Videos

remote teams cyber safe
Video content is king for our digital consumption lives both at work and in our personal lives as we browse the web and consume content. Using short videos at the beginning of a virtual meeting or sending to the team in your chat rooms can act both as a ‘learning moment’ and a ‘pick me up’ if you’ve got the right content.  Here’s a free video from our catalog that reminds your team of the importance of password safety, especially during this crisis. Credential theft is a huge threat and the number of phoney websites and phishing emails designed to fool your teams into clicking has exploded in the past few months, and it was no joke beforehand. Encouraging your employees to create strong passwords, discourage re-use, and not share with co-workers or friends should be a foundational part of your cyber security awareness (and policy!).  

Password Rap FREE Video

Make it Visual 

Keeping your employees productive and as we like to think, helping them stay in the ‘flow’ of work by NOT creating horrible content or too much text when delivering messages of change and important information. It’s about reducing cognitive friction while increasing positive associations and productivity. Infographics and Social Media Style posts are a fantastic way to do this (which is why the marketing teams use them so often- they are some of the most popular content aside from videos on the web today).  Here is a free Infographic that you can use for your teams on the importance of working safely at home.    Want more? Sign up here.  

Download our FREE Infographic

The Trick: Continual Cyber Awareness For Real Effectiveness

Sometimes it’s hard to know what end of the elephant to get started with when thinking about and building a cyber safe culture as a holistic program of change. From internal obstacles to change to budget restrictions. With the current challenges with remote working, the explosion of cybercrime in the wake of COVID19, and the even greater risk of business disruption or data breach for companies of all sizes- there is no better time to get your employees upskilled in digital safety and cyber awareness. 

Remote workers,
Interested in talking to our team about how we can help you deliver impactful cyber awareness as a continual learning program (basically you can sit back and our platform and super content does the work)? We have special discounts for small to midsize businesses affected by COVID 19, and with our standard platform can get you up and running in less than 48 hours for about the same price you would pay to buy your employees one donut every month. Here’s info on our platform:
And here’s how you can get in touch. PS We have a team of recovered salespeople who hate the hard sell, so if you’re used to avoiding calling a company because you’re afraid you’ll be harassed, we get it. We’ve been there.

The post 3 Quick & Innovative Ways to Keep Remote Teams Engaged With Cyber Safety appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
4 Things IT Needs Now in Order to Skate to Where The Puck Is Going https://thecybermaniacs.com/2020/05/31/4-things-it-needs-to-move-the-puck-towards/ Sun, 31 May 2020 12:53:16 +0000 https://thecybermaniacs.com/?p=4174 The post 4 Things IT Needs Now in Order to Skate to Where The Puck Is Going appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

Compulsive hand sanitizing. Check. Home workout routine. Check. Volunteer to help community. Check. Regular chats with friends and family. Check. Remote Worker.  CHECK CHECK!

Remote Workers

Like every other right-thinking human out there, I am working hard to stay focused on the ‘here and now’ to help get me and those around me through the immediate crisis. But as I get comfortable with this new routine, my mind has been drifting to ice hockey great, Wayne Gretzky. Wayne famously advised “Skate to where the puck is going, not where it has been.” This phrase became so overused in motivational speeches and strategy powerpoints, that impassioned pleas to just stop using it altogether were published in the Canadian press.  But even the most jaded of Canadians will admit, at no time was this advice more relevant to the business world than now. 

Simply put, the puck, at least in terms of the intersection of IT and business operations, is going to be in a much different position as we all start to return to work. The response to COVID19 had changed the world forever and if you thought digital transformation was happening quickly before, hold onto your hats.

Wherever there used to be hesitation around the value of IT investment aimed at business continuity

 Remote working options, moving critical services to public-cloud infrastructure and automation of repetitive, but critical processes…there will now be considerably less resistance to investment. For those that had a plan(ish), infrastructure and behaviors (enough) in place to move their activities and transactions online, many have been able to mitigate the damage to cash flow that isolation mandates have caused. Boards and executive teams across all sectors will not fail to take note of companies that struggle to recover or that failed to survive at all because they did not, or could not, digitize their operations.

So, as the attention of exec teams and boards begin to shift toward further digital transformation of their operating models, I predict the puck for IT will move in the following 4 ways:

Remote Working

4 Ways IT NEEDS TO MOVE THE PUCK TO 

​1. Remote Working

Firstly, remote working will now blossom like a rose in bloom. The next 3 months will prove to many leaders, previously sceptical, that remote working is really just fine in terms of productivity. Tools such as Slack, Zoom, Teams, GSuite, O365, etc are perfectly adequate to keep on top of things. Yes, places of business, office culture and in-person meetings will all continue to be very important pieces in the patchwork of a company’s identity.

However, the balance will now shift decidedly toward remote working as a bigger proportion of the quilt. The tech is mature enough to support it, it’s been around long enough now that IT teams understand it and the risk of not developing the ability to work from home is all too stark. (I hate to say it, people…this isn’t our last pandemic outbreak.) 

Remote Working

2. Remote Working Accelerates IT Projects

Secondly, this acceleration toward remote working will lead to a raft of IT projects including cloud service implementations, network and connectivity upgrades, laptop and mobile device upgrades, etc., will also continue the trend of making cybersecurity much more of a team sport. We already started hearing cries from infosec professionals a decade ago to “abandon the perimeter” as a defensive posture. There has been a lot written and said about the need to ensure that cyber security is involved as early and as much as possible in IT planning and execution.

3.  Automation of Key Processes

Thirdly, process streamlining and automation of key processes will also accelerate. How can we keep things humming in the background while our people handle the next bump in the road? True agility will be defined by organisations that have highly autonomous digital operations, staffed with process and technology experts who understand how to tweak the configuration of those digital operations in response to changing business conditions and the occasional global crisis.

You want your machines doing the repetitive work, you want your people thinking about how things might need to change to survive and thrive.

4.   Soft Skills and Business Acumen

Lastly, success for IT professionals and infosec specialists alike will rely far more on soft skills and business acumen than ever before

In spite of the push by business leaders to get closer to the issues highlighted above, their understanding of the guts of tech will still be short of the ability to make good judgement calls on investment.

 Because of this lack of intimacy with IT innards, they will still approach these decisions with apprehension. 

 IT leaders need to close that gap, not by meeting them halfway, but by meeting them on their turf. IT has been clamoring for a seat on the board for decades. The doors will start to open now, more quickly than ever before. But they will close just as quickly if we continue to insist that they speak our language and if we can’t negotiate deals and paths forward using their rules. 
IT, Information

Are you enjoying our articles and finding yourself interested to understand more about how The Cybermaniacs focus on behavior change in the work culture?  Then you will be interested in The Ethos Behind Our Cyber Security Awareness

The Cybermaniacs creates cyber secure humans through our learning experience platform and unique approach to change. Fuzzy on the outside, data driven on the inside, our cyber awareness training content is sure to delight all demographics at your organization.  Learn more about our platform and take a ride on a free demo.

The post 4 Things IT Needs Now in Order to Skate to Where The Puck Is Going appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
Opportunities & Risks in Securing Your “New Normal” Workforce for 2021 https://thecybermaniacs.com/2020/05/29/opportunities-risks-in-securing-your-new-normal-workforce-for-2021/ Fri, 29 May 2020 00:24:40 +0000 https://thecybermaniacs.com/?p=4213 The post Opportunities & Risks in Securing Your “New Normal” Workforce for 2021 appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

Seems crazy to think that the hotbed of cybercriminal activity and digital transformation in 2018 and 2019 were ‘simpler times’, thanks to the Pancession, Panicdemic and Murder Hornets, 2020 is shaping up to be a real kick in the nether regions. Remote Teams, Virtual Work, Gig Economy, Demographic Change and more face all businesses to leverage as strengths or mitigate as shortcomings.

Here is a hybrid perspective between HR & Cybersecurity to help small businesses plan for the future post COVID. Hopefully post COVID.

 

The New Normal cybersecurity

Before the pandemic and economic crisis, cyber security was a major threat to business growth, continuity, and even survival. 60% of small businesses who suffered from a major data breach were out of business in less than a year. The average breach took 2 weeks to recover to a semblance of normal business operations, many companies had to inform customers about breaches and destroyed years of trust in a flash.

You may have had this happen to your company, you may have heard it on the grapevine- small businesses being taken down by cybercriminals, wire fraud, and even state sponsored malicious actors- basically, it’s not an urban myth anymore.

Recovery and a path to stability for the rest of 2020 and into 2021 needs to encompass the traditional business fundamentals (bring in the revenue, stabilise the operations, focus on the core or pivot to a new market) and the new business fundamentals (agility, harnessing data, leadership/culture, and cybersecurity). To NOT consider your company’s security, and as 80% of breaches are caused by humans doing what humans do, to NOT consider your staff’s ability to defend your business from attack, breach, fraud, theft, hacktivists, and more…. Is like being the character from a horror movie that doesn’t have a name and thinks it’s ok cause the zombies won’t get him and they kill him off in the first scene.

30 Million + Unemployed = Buyers Market

As of the end of May 2020, the United States has over 30 Million people unemployed. The very tight labor market of the past few years tipped the balance in favor of the workers, with benefits and salaries, perks and bonuses starting to get almost dotcommey in inflated puffery.

The crisis forced many out of business, many more to furlough workers and search for financial bridges. When the recovery starts to move, companies will have two new things to consider: Available talent at better prices (for the company), and possibly sourcing that talent from a wider geographic area if they are able to continue with remote work.

 

“We are being thrust into an economic vortex the likes of which we have never seen before, nor have prepared for. I have been prepping my clients for what the talent market will look like for the balance of 2020 (which is a wash) and for 2021. The fact is, the currency of candidates will be ample, with stacks of resumes to choose from and the smart ones are going to entertain opportunities at 20-30% below market rate. My advice is take the opportunity, help rebuild the struggling economy and be part of the market reset, which will recalibrate itself over the next several years. It’s not ideal, however, “you gotta’ be in it to win it” says Angelo D’Agostino of HCG Advisors a full suite HR Consultancy for SME. 

Human Cyber Consideration

Securing remote workers and especially those who work at home requires different approaches- both technical in terms of their access and information work, but also in terms of security. Our security postures change based on the environment and emotional state- if your organisation will be one of the many maintaining remote work as modus operandi for the future- that new context should be reflected in your learning paths and content.

Tap Into The Gig Economy

More companies will tap into the Gig Economy. In the past 10 years the growth of the gig economy and contract work has grown, offering freedom and flexibility for many untapped sources and allowing specialists to create highly tuned niches of talent. Forward looking small and midsize companies will harness this talent to accelerate their recovery and stability, with more virtual C levels, partial roles, service stacks and freelancers helping out as needed.

 

Securing this wide range of people, skills, information access, and supporting technology is a real challenge. Last stats from 2018 show that only a quarter of small and midsize businesses do any training on security awareness. Thinking that your contractors, partials, freelancers, and other gig workers aren’t ‘in’ your business if you give them ‘access’? Don’t be ridiculous.

Human Cyber Consideration 2

One size fits all training often skips over contractors, and many small to midsize businesses have yet to implement workflows and services to better manage access to information and systems. How will you ensure the levels of safety and security needed for everyone who accesses your information and data? Think about how you can bring contractors and temporary workers into a secure mindset the first day they start their work.

Mass Retirement = Demographic Workforce Shift 

 

Early stats are showing that we may see mass retirement due to this crisis, shifting the demographic makeup of the workforce to the Gen X, Millennial, and Gen Z.  We’ve written about how to secure your Millenials HERE.

Angelo says : “Given the fact we are facing the highest unemployment rates in modern times, the stats show what is truly a natural progression for the active workforce. In many ways, this pandemic has positioned us uniquely to attract, grow and retain the incoming workforce. I like to refer to it as “the shift” (whether allowing work from home scenarios, which is not optional at this point, or offering benefits/perks that are non-traditional but have come to be expected from this new crop of workers, it really has become battle of the fittest (a modern day hunger games for talent) all taking place in a post-apocalypic future, or as we know it, 2020…and who doesn’t want to be a winning ‘tribute’?!” 

Securing Millennials

In light of the differences in technology consumption patterns, views on privacy and personal data, lack of institutional trust, valuing authenticity over tradition- there are significant considerations to discuss as a company about your risk profile when you put your company’s technology and data in the hands of new generations.

Human Cyber Consideration 3

Writing governance and policy from a demographic and values standpoint and ensuring messaging engages the audiences you are speaking to. Many times we write the same message in three or four different ways, to deliver maximum impact and minimum change resistance- The art of persuasion and influence starts with knowing your audience, and through 2020 and 2021 consider how your internal workforce demographics will shift.

The Final Word

The hardest part of change, which goes against the way human brains work, is not using the thinking skills and hard earned truths that got you to the successful place you are today. What your business ‘did’ to be successful across all functions may need to change. Revenue is still king, but how you go after that revenue and where it comes from could change. Risk is still there, but what you prioritise to hedge against and how you strategically consider your defensive positions should change, and fast.

Here are 3 practical things to consider enacting today to prepare your company for survival and even growth during the economic recovery. Keep your employees cyber safe, productive, and happy- you have a better chance of staying in business.

3 Things to Do Now

Consider a more holistic approach to developing digital skills and cyber security awareness at your company than just phishing training. For more information on our SME Platform click here.

In a buyers market of talent, will you be able to source new team members virtually, rather than require the in-office presence? If your company has the digital capability to do so, using contract and remote work can keep operations running for less operational capital, as long as security and access are properly considered as a first step.

Review policies and your 3rd party supplier agreements to make sure your business is future-proofed for accelerated digital transformation and security needs. They don’t need to be complex, but putting the rules of the road clearly for employees and having alignment with your service providers is a key step of maturity towards digital, remote, virtual success.

The post Opportunities & Risks in Securing Your “New Normal” Workforce for 2021 appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
5 Cyber Security Tips for Job Seekers During COVID 19 https://thecybermaniacs.com/2020/05/23/5-cyber-security-tips-job-seekers-covid-19/ Sat, 23 May 2020 01:19:28 +0000 https://thecybermaniacs.com/?p=4010 The post 5 Cyber Security Tips for Job Seekers During COVID 19 appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

Losing a job is often the worst, a real cut to the heart and pocketbook alike. Cybercriminals however, don’t really care about what you are going through, and are after you anyway (heartless bastards, aye). Here are some important things to keep in mind, so you keep the lemon juice of fraud and cons out of that fresh wound. Staying cyber safe when looking for a new job is critical right now, as cybercrime has spiked during the COVID19 crisis, and 36+ Million people in the US alone are out of work. 

1. Not all Job Posts Are Real

When scrolling the job boards, keep in mind that the cybercriminals and fraudsters can post there too. Sometimes they want you to ‘apply’ for a job, they are actually trying to steal your personal information, credit card details, accounts and passwords, or more. 

Some job scams want you to pay upfront for training, which they will of course reimburse you for on your first paycheck. Which you never get.  

Others will ask you to purchase equipment or software for you to do your work, which is also a scam.

 

And a word to the wise, anything anything anything dealing with gift cards? Scam. Cybercriminals love gift cards cause that’s digital cash that’s pretty much untraceable and most retailers offering gift cards offer no recompense once you hand them over to someone else.

2. Protect your PII

Now is a great time to not spread your s*** all over the internet my friends. PII means personally identifiable information- your full name, your email, your phone, your social security number, your address, and more. 

Before you start whacking around youre resume or CV to every job site and uploading it to god knows where, do yourself a favor and strip as much as that info out as you can. Nowadays, you can have your name and a link to your linkedin profile at the top of the resume. If you move forward in the interview process, you can enter only the super needed PII at the time- but in this day and age, better to keep it on the DL till you get a serious offer.

3. Credit Matters

One of our cyber security tips to stay one step ahead of pesky malicious hackers is to freeze the credit of everyone in your household. It’s easy, all the credit reporting agencies will do it for you for free if you ask. How does this help? Well, it can stop identity theft and criminals harvesting your PII to then open up lines of credit in your name. If you think recovering from a job loss is tough, try doing that while fighting to get your identity back. The average time for US citizens to recover a stolen identity? 3 years. That would be 2023 before you’d be in the clear.

4. Accounts and Passwords

Consider setting up a new email account for your job seeking endeavours. It’s easy to do so, and you can consider using an encrypted account in order to further protect your information and communications with potential employers. 

Separating accounts and ensuring the passwords on them are UNIQUE and STRONG is an easy free great way to reduce your pain threshold should one of our accounts get breached. It happens more often than you think. 

 

For email accounts that are super important- take it to the next level by turning on two factor authentication (the code thingy they send to your phone for example).

5. Remote Working Security

Companies should NOT be asking for access to your devices in order to ‘make sure they are OK for remote work’. Scary enough, we’ve heard of some name brand companies actually doing this, which is alllll kinds of wrong. Even if you protest, “I don’t think you should be doing that” they will probably come back with ‘oh we won’t put anything ON your computer’ or something to that effect. But the bottom line is that you should not be giving ‘IT Support’ at any company access to your personal computer unless you are already employed and the company is legitimate.

For more information about remote working safely during COVID19, check out our free learning content resources here.

We hope these cyber security tips for job seekers helped you understand what’s going on right now and what to be aware of.

One last thing to keep in mind is that in many situations, the bad hackers are using your emotions against you, sort of like the dark side harnessing the force. These scams would probably not work on a normal day where everything was great and you were caffeinated and on your game. But during a global crisis, where people are in pain, at a loss, stressed out, under-slept, worrying about loved ones, worries about making the next payments for rent, or food, car payments or gas… our security postures or basically our risk radars are way off. We want that job offer to be real. We desperately need that interview to go well. 50 bucks to do training up front for a job that will pay out 500 seems like not such a big risk. These cybercriminals operate globally, virtually, and they are really good at what they do. So take care when hunting for your new job and keep your cyber spidey senses up at all times.

Stay safe & stay smart & stay strong.

For More Cyber Security Tips for Job Seekers: 

Cyber Security Tips for Job Seekers

Follow Us @TheCybermaniacs

We’re putting out tons of tips and advice for those out of work to hone digital skills and take care of their PII during this crisis. Follow us for the latest information on cyber safety, with a twist. 

cybercrime is affecting small businesses government relief including PPP

FBI Warns of Cybercrime Spike During COVID19

With the release of govnment funds to support small businesses and individuals, the FBI warns of a major spike in online crime. Read more here. 

The post 5 Cyber Security Tips for Job Seekers During COVID 19 appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
5 Ways to Future Proof Your Business Cyber Risk Post Pandemic https://thecybermaniacs.com/2020/05/20/5-ways-to-future-proof-your-business-cyber-risk-post-pandemic/ Wed, 20 May 2020 16:15:45 +0000 https://thecybermaniacs.com/?p=3675 The post 5 Ways to Future Proof Your Business Cyber Risk Post Pandemic appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

Cyber Risk Post Pandemic….Just when you thought it couldn’t get worse. Just when you thought you could relax (a teeny bit) and hope that we will get back to normal. 

…but life isn’t like that sometimes. As business owners, as managers, as leaders in your companies- we double down, we pivot, and we plan for a still uncertain but certainly rocky future. We are masters of resilience and grit, determination and vision. Right now, companies of all industries and sizes who have been able to weather the storm so far are staring at the horizon, hoping to find a path through to stability. But it’s not smooth sailing just yet. 

Getting hacked after surviving this economic and global pandemic is like surviving COVID but then getting stung by a giant murder hornet.

The Easy Jet Breach, the PWC website hack, Travelex, GoDaddy, MGM and more in the first 5 months of 2020, and especially the last 8 weeks- clearly demonstrates that we’re not out of woods in terms of major cyber risks which could result in business disruption or dissolution. While people agreed that the lockdown was necessary to limit the spread of COVID-19, it has also introduced security risks that have caught organisations off guard. From Zoom accounts being sold on the dark web to Covid phishing scams, PPP Loan fraud and the SMS Smishing explosion it’s been almost too much to wrap your head around on a weekly basis as the digital landscape changes and evolves. 

Almost half of organisations have suffered a cyber security incident as a result of the sudden shift to remote working, a new study has found.

FBI reported a 4x increase in cybercrime reports during the pandemic

Hindsight is 20-20. But the future is murky. In your agenda for the rest of the year, have you gotten serious about shoring up your security? 

Are you reviewing the security practices of third-party services, for example? Do you have a patch management plan to make sure everyone has the latest software updates? Are your staff aware of their security responsibilities while working from home?

Many are still reacting to the seismic shift in March: 

%

of employed Americans currently say they have worked from home during the crisis, a number that has doubled since mid-March.

%

According to one source, by 2028, 73% of all teams are expected to have remote workers.

%

of cyber incidents are caused by employees (error, phishing, or malicious insiders)

Cybercrime isn’t a passing phase or something that only happens to other people and right now it’s on fire.  

cybercrime awareness training

 5 Ways Future Proof Your Business Cyber Risk Post Pandemic

Here are 5 things you can do today to build a modern foundation of cyber secure humans on your team that will help you adapt to the ‘new normal’ (whatever that may be at this point!). For years, it has become more clear that securing your business from cybercriminals is a fundamental business competency. It is increasingly moving up the board level agenda at major global corporations, for small and midsize companies to survive this economic, pandemic, and cybercrime crisis- a quick fix or low hanging fruit will only kick the can down the road. The risk will still be there, and companies far and wide need to level up. 

1. Train for the New Normal, Not the Old Normal

Consider everyone in your company and how their work has changed. Building a foundation for the future means not just educating your teams on what technology to use and how to use it but also delivering learning in a way that fits into remote working schedules and the new virtual paradigm. 

2. Think Beyond Phishing 

Where before a tick box exercise to say ‘yup, we train on phishing’ was enough, threats are now more prevalent across the entire landscape. Here’s our blog that explains what you may be missing. Up-skilling a workforce to act as adaptive defence agents against a wide range of threats from an ever improving adversary means more than one e-learning module off the shelf. 

3. Win Hearts and Minds 

There are many ways to make it interesting- cyber awareness training doesn’t have to be dull or dry. The heavy lifting in this area isn’t about governance or audit requirements, but in the hard work of mindset shifting and habit breaking. As we always say, just because your team can define malware doesn’t mean they know how to keep your company safe or care enough to do so. 

4. Do the Basics Before the Complicated 

You don’t need to be the fastest gazelle, you just can’t be the slowest. Getting the whole team to do the basics can create an incredibly strong barrier for many of the spray and pray attacks out there today. Password hygiene and online safety basics when adopted (not just ‘trained on’) are mission critical. We see small and midsize companies (ok big ones too) continually chasing a silver bullet technology solution that will ‘secure’ everything. Don’t drink the kool aid, that solution doesn’t exist. 

5. Make it a continual journey

Once a year training will tick the box, but it does not create any true risk reduction outcomes for your organization. One example of this: the forgetting curve shows us that over 80% of knowledge acquisition is lost within 2 weeks in adults. When you add on the pace of technology change and the rapid evolution of the cybercrime landscape (see the COVID examples above- this disruption is what criminals live for)… your learning system and content needs to keep up. 

As only 53% of companies did any cyber awareness training before the coronoavirus outbreak, and of that, much was rooted in delivery styles and focusing on threats of the past. If your company is one of the 47% who hasn’t yet implemented a program or one who hasn’t started with the basics- now is the time to start. In a way, you will have a slight edge by starting on a path of holistic modern digital skills and mindset shifting- as you can leapfrog your staff into the future, the ‘new normal’ of remote working, virtual teams, and what will inevitably be a slow and challenging recovery. The cybercrime explosion, the complexities of remote working, and the still uncertain future mean that a clear, safe, easy path is not the future for all of our businesses. Don’t let the murder hornets get you now. 

Take a look at these articles to discover more about what has been happening during this COVID-19 pandemic. Hackers Are Exploiting Businesses During the Coronavirus Outbreak.  Also, Don’t Let Cybersecurity Be Your Proverbial Murder Hornet Post COVID-19.

genius cyber awareness

The Cybermaniacs helps organizations big and small prepare their workforces for an uncertain digital future. Our platform and approach helps workers, remote and onsite, establish good cyber habits, embrace a more secure work culture on a personal journey of change. 

FANCY A CHAT?

Want to get your team set up for AMAZIWARENESS? You can have your team set up on our learning platform,  enjoying engaging and impactful digital skills learning in under 48 hours.

With special pricing in place for small businesses impacted by COVID 19.

The post 5 Ways to Future Proof Your Business Cyber Risk Post Pandemic appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>
Is Your Cyber Security Relationship Like Talledega Nights? https://thecybermaniacs.com/2020/05/11/cyber-security-relationship/ Mon, 11 May 2020 14:50:26 +0000 https://thecybermaniacs.com/?p=3641 Just as Cal’s push to outshine Ricky seemed inevitable, cyber security has tried to push its way onto the board agenda, sometimes rather awkwardly around the back of or away from the overall IT agenda. This competition for board attention has led to a few wins for CISCOs, but ultimately has created an extra obstacle for the digital transformation agenda overall.

The post Is Your Cyber Security Relationship Like Talledega Nights? appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>

Shake and Bake

In Adam McKay’s masterpiece, Talladega Nights (starring Will Ferrell), the hero is supported throughout his initial rise to fame by his best friend, Carl Naughton Jr. (John C. Reilly). Their formula is supportive, balanced and ultimately each knows their place in the hierarchy. “Shake and Bake!” is their signature shout-out for a move that invariably establishes their dominance against all challengers. But woven into this triumphant relationship is a tragic flaw. Although they win, time and time again, it is Will Ferrell’s character, Ricky Bobby, that insists he must always come first. 
Eventually this institution of excellence is upended in part by Carl’s ambition to begin to put himself first, ahead of Ricky. Balance is only restored when Ricky and Carl come to understand better the power and intertwined nature of their relationship and begin to work together, with renewed mutual respect and intimacy, to restore their dominance. Shake and bake, 2.0.

Cyber Security Relationship

Talledega Nights and Cyber Security Relationship

Like many of my fellow movie goers, I left the theater that night with a gift. Adam McKay had revealed for me timeless insights applicable to many aspects of my life, including my own chosen line of work, IT. For me, the arc of Cal and Ricky’s relationship mapped to the story cyber security’s relationship to IT, particularly over the last decade. For much of the last 30 years, cyber security, represented by Carl, has been an afterthought, a bolt-on to the digital agenda. But the reality is that any wins for automation, digitalization and IT in general, represented by Ricky, were all underpinned by the basic disciplines of cyber security including protection, segmentation, disaster recovery, identity authentication, etc. 

But over the last 10 years, cyber security has become increasingly uncomfortable as the threat landscape evolved quickly and new attack vectors seemed to emerge almost daily. 

 

It has seemed to CISCOs the world over that cyber security should, at least occasionally, be pulled forward from the back of the back office to get a little luvin’ from the board. Unfortunately, CIO’s have been trying to get that same board luvin’ for decades and haven’t been really gracious about acting as a slingshot for their cyber security colleague’s careers.  

Just as Cal’s push to outshine Ricky seemed inevitable, cyber security has tried to push its way onto the board agenda, sometimes rather awkwardly around the back of or away from the overall IT agenda. This competition for board attention has led to a few wins for CISCOs, but ultimately has created an extra obstacle for the digital transformation agenda overall. 

Taledega Nights and Cyber Security Relationship Cyber Se

Digital Transformation Offers Opportunities for CICOs

But where understanding, patience, love and hard work are available, hope can flourish. The digital transformation agenda offers exactly such an opportunity for CIOs and CISCOs to more fully examine the their own agendas in light of the other’s. The potential benefits of digital transformation are enormous. But the entire exercise of developing a digital strategy, a transformation roadmap and detailed project plans cannot, must not, happen with security treated as a bolt on.
The opportunities lost in this separation of the shake and the bake are clear. Think about network traffic analysis software. Sure, it is bought and sold as a defensive tool; to monitor for bad actors and traffic on the network which is not normal. But what can that same network traffic tell you about team performance? About collaboration patterns? How can you use that same data to think about how to supercharge your organisation, not just protect it? This is a clear instance (one of many) where cyber security can be given a much broader remit in helping reflect back to the organisation who and what it actually is on a minute by minute basis. 

 

Digital Data As Part of Your Cyber Security Agenda

Of course, on the other side of the equation, the digital agenda is all about data. In discussing and considering how data can and should be utilized, considerations of confidentiality, criticality and accessibility must be considered. This is a clear instance (one of many) where the cyber security agenda must be wholly understood and appreciated by both IT business partners and any of the business process analysts employed to push the digital transformation agenda.

 

“You ARE putting process at the centre of your digital transformation agenda, right?!!!”

Technologies are becoming more intertwined as digitalization accelerates complification (I looked it up, yeah, it’s a real word) across multiple layers of the overall business landscape.  Risk and opportunity are so closely tied together now that strategies for protecting value and creating value should be virtually indistinguishable. At the very least each must be developed in full view and consideration of the insights from the other.  If you figure out how to ensure that any attention, budget and invitation to participate in strategic conversations at board level can be balanced across IT and cyber security, just as Ricky and Carl did, you’ll achieve a powerful alchemy for the sake of your company’s performance.

Shake and Bake, baby, Shake and Bake!

Talledega Nights and Cyber Security Relationship

The Cybermaniacs creates cyber secure humans through our learning experience platform and unique approach to change. Fuzzy on the outside, data driven on the inside, our cyber awareness training content is sure to delight all demographics at your organization.  Learn more about our platform and take a ride on a free demo.

Fancy a Chat?

Want to get your team set up for AMAZIWARENESS? You can have your team set up on our learning platform,  enjoying engaging and impactful digital skills learning in under 48 hours. 

With special pricing in place for small businesses impacted by COVID 19. 

The post Is Your Cyber Security Relationship Like Talledega Nights? appeared first on CYBERMANIACS CYBER SECURITY AWARENESS.

]]>