Jan 17, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
It’s said often that the matter of experiencing a cyberattack is “when,” not “if.” How can your company begin to prepare itself for something that can adversely affect it? According to CompTIA’s article, an Incident Response Plan (IRP), can help you think ahead and have a plan in place when an incident occurs. Read on to learn more about preparing and protecting your company from current and future threats. Incident Response Plans Defined An Incident Response Plan is what it sounds like, having a plan to respond to a cyber attack incident and mitigate the damage. An effective plan is a “combination of people, process and technology that is documented, tested and trained toward in the event of a security breach.” The purpose of it is to mitigate damage (data and money loss) and restore operations. The National Institute of Standards in Technology (NIST) sets forth a few models for your plan, whether it will be handled by a central Cyber Security Incident Response Team (CSIRT), distributed among multiple response teams for locations or departments, or one in which a central body relays response plans to affected teams. While plans contain four phases, the first one of preparation can help prevent a lot of damage. Steps in the Incident Response Plan Does everyone in your company know what to do first when a cyber attack hits? Do they know whether to power off their computers, and how soon they can resume work? What will managers do? Does your marketing team know who to communicate with, and when? These are just a few of the questions...
Jan 6, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
It is commonly said that employees are the “weak link” in your company’s cybersecurity plan. What if this was different, and they are actually a strong defense against cyberattacks? Read on to learn how to help your workers recognize and prevent a cyberattack, and to become security advocates for your company. Training Starts but Doesn’t End at Onboarding Training is common when onboarding new employees, but it should also be consistent and frequent. Employees should know how to recognize a phishing email, a common way that malware can enter your computer network. Bad actors send emails that appear to be legitimate, in order to obtain confidential information. Keys to a phishing email are an urgent and emotional call-to-action, unknown senders, and grammar and spelling errors. Not only do your workers need to recognize suspicious activity, but how to report and even escalate the matter. Workers also need to remember best practices for password management. All cybersecurity training needs to be frequent and consistent in order to reinforce the lessons and practices learned and make them automatic. Thus your employees can become “minimal risk,” possessing a sense of safe and unsafe behaviors and knowing what to do when something happens. With employees working remote, online cybersecurity options provide an economical and efficient way to train on this topic. Many online training platforms offer phishing simulation to ensure learning objectives are achieved. Best Practices in Password Management Let’s talk about passwords. Do your employees know what makes a good password? According to Google, a strong password can help safeguard your account, personal information and content like email...