Achieving a cyber secure business is not an easy task. Perhaps that's why so many businesses are looking for guidance. Sure, the media provides updates on the latest attacks and data breaches. But there is rarely any news about organizations doing the right thing and succeeding because of it.
Like actor/comedian, Tracy Morgan says, “Bad news travels at the speed of light— good news travels like molasses.”
Well, fret no more. CyberPolicy has some good news.
Below, are examples of states with something to teach us about cybersecurity. You'll find plenty of ideas for how to prevent cyberattacks from rattling your business.
Arizona Governor Doug Ducey won the 2014 race, promising to run state government at the speed of business. This is something he knows a lot about, having been CEO of Cold Stone Creamery.
As part of that effort, Ducey promotes competition as a prerequisite for success. His strategy even extends to cybersecurity among state leaders and their agencies. The results are very promising.
According to GovTech, Ducey's processes got a real-world test earlier this year when WannaCry ransomware hit the state. “A RiskSense report revealed nearly 1,500 points of exposure in Arizona on a Sunday night. Agencies were notified on Monday and the exposure was eliminated by the next business day,"” writes GovTech.
The takeaway? Businesses can improve cybersecurity in the workplace by promoting healthy competition between teams. Can accounting implement encryption protocols before sales? Will human resources develop stronger passwords than IT?
The talent gap is one of the biggest concerns plaguing the cybersecurity industry. According to Georgia Chief Information Security Officer (CISO) Stanton Gatewood, there will be a shortage of 1.5 million people in the cyber workforce by 2020.
To combat this worrying trend, Georgia is promoting its Cybersecurity Workforce Academy. Launched in January 2017, the program offers an intense set of courses designed to bring new professionals into the fold. The “full-blown immersive training” covers key topics, including various layers of defense, preparedness, and situational awareness.
Companies should follow Georgia's example by training their own staff to handle common security issues. The talent gap may be widening, but a well-educated staff can make all the difference.
In that same vein, Illinois is promoting “low-cost, high-benefit” training sessions for state employees.
Earlier in 2017, Illinois passed HB 2371 as an amendment to the Data Security on State Computers Act. The bill mandates cybersecurity awareness training for state employees. Since its induction, over 47,000 staff members have participated in the training.
“Creating a culture of cyber-risk awareness is a big part of our strategy,” says Illinois CISO Kirk Lonbom.
Private companies can follow suit by having incoming employees complete a short cyber awareness test. This will assess the user's knowledge and prepare them for potential cyber threats.
One possible reason companies forego cybersecurity training in the office is because they cannot quantify the results. You can tell a co-worker to avoid suspicious emails, but they may fall for a phishing scam just the same.
“This is a business problem,” according to Pennsylvania CISO Erik Avakian and he says the best way to tackle it is to test it.
Pennsylvania has implemented social engineering exercises to evaluate an employee's ability to spot phony emails and scams. Staff members who click on a malicious link sent by the state are redirected to a feedback page. This provides tips for avoiding genuine phishing scams. Over 80,000 state employees have participated in this program.
The same opportunities are available to private businesses through white hat hackers. These cybersecurity experts test your staff without putting them in any real danger.
If an employee does succumb to a malicious scam, you'll have to foot the bill yourself. That is unless you have cyber insurance to protect your organization. Get cyber insurance today to protect your business tomorrow.