Starting from Within (Empowering Your Team to Stay Secure) – A Q&A With Adam Clayton
October is here yet again and while many have their sights set on Halloween, there’s another major holiday that the technology sector is celebrating: Cybersecurity Awareness Month 2022. This year’s theme of “See Yourself in Cyber” sheds light on arguably the most important aspect of cybersecurity – people.
It’s no secret that here at Novva, we have a strong belief in the power that coupling AI and the human touch possesses. With this in mind, we wanted to kick off our two-part Cybersecurity Awareness Month blog series with a focus on how you can empower the most critical part of your operation – your team – to stay secure against cyber threats.
We talked to Novva Compliance Manager Adam Clayton to gain his insight into keeping your team up-to-speed on current cybersecurity threats and best practices.
What do you think are the biggest misconceptions when it comes to cybersecurity threats?
The biggest misconception may be that “With the right cyber security applications, my data is safe;” or “My employees/company will be safe if we spend enough money on cyber applications such as endpoint, antivirus, encryption, monitoring software, etc.” Applications and software are an important part of a robust cyber defense program. But they are not invulnerable, and human error is still, by far, the most commonly exploited security vector. So I would say continual training is the most crucial tool any company can use to keep employees focused and aware of the latest exploitation methods.
Are there any trends you’re noticing that deserve more attention than they are getting?
Social engineering by criminals is becoming more and more sophisticated and creative. Phishing remains the most significant exploit, further highlighting the need for continual training. But even as companies and employees become more savvy and suspicious about phishing emails, criminals are adapting by socially engineering their way into companies and creating trust with employees that is then exploited with phishing schemes. Once attackers establish a certain level of trust, or the victim feels a sense of urgency to act, the phishing part of the scheme becomes very easy.
What is going to be the biggest threat we’ll see emerge in the coming year?
Probably a continued effort to combine social engineering with phishing schemes. Until employees are sufficiently trained on the red flags and are in the habit of making that extra phone call or office visit to ensure a legitimate solicitation, criminals will continue doing what is most effective. Social engineering will likely become more sophisticated and nuanced over the next year, especially when we make personal information publicly available on social media accounts.
What is the most common mistake you see team members make when it comes to cybersecurity?
- Being in too much of a hurry or distracted and clicking or responding to potential threats when we are busy and stressed. We never know when a cyber threat may come to our inbox, text, phone, social media, or even doorstep. We must slow down before reacting too quickly to any solicitations from unknown sources.
- Reacting to emotional appeals in phishing/vishing/smishing scams. Any solicitation that creates a sense of heightened urgency (e.g., the CEO is waiting for you to respond . . .) makes us extremely vulnerable to cybercriminals. Cybercriminals count on our heightened emotions to make us react quickly without thinking or considering the full situation.
What is the number one piece of advice you’d give when it comes to making sure your team stays ahead of some of these threats?
Embrace the training your company provides. Some training modules may seem tedious, long, or even corny. But know that these training sessions contain valuable information and helpful reminders. We all need continual reminders. Cybercriminals are counting on life to distract us and take us away from our vigilance. Training reminds us that vigilance is an ongoing endeavor. We can never let our guard down.
Security is a top focus for the team here at Novva and we have built a wide range of secure solutions to provide peace of mind for our clients.
Are you looking for secure solutions to help meet your growing business needs? Contact our team today to discuss how a partnership with Novva can help you.