The Five Main P's of Cybersecurity
Cybersecurity and shocking breaches keep surfacing in the news everyday and while CISOs and CIOs and other security professionals are aware of the dangers out there, some of us may need to have the world of cybersecurity explained to us in layman's terms.
Being a fellow non-expert myself, surrounded by cybersec pros, I have decided to do some good and convey what I am learning here at SHELT ... in simple English! I promise not to use technical words here and if I do, I will be sure to add a little explanation you can look up.
How do I know my business is cybersecure?
Easy. I have broken it down for you into the five main P's. If you can cover those 5 P's here, then you are on the right track.
People - Passwords - Patches - Partners - Personal
1- People
You've heard it a million times: You are only as strong as your weakest link. In cybersecurity, the weakest link is usually people and human error. From opening phishing emails to accepting cookies or downloading malware, uninformed employees are one of the biggest liabilities of a company's cybersecurity!
The easiest way to overcome this main challenge is to educate your people. Once they are aware of the risks, their awareness of their actions will minimize risk. You can educate your people through communicating risks, or even have them attend a cybersecurity training.
2- Passwords
You must have a clear password policy in your organization. Again, people play an important role here. After all, some personal accounts will be used on the company’s devices and network and so a password policy set in place can mitigate a lot of risk.
Put in place a policy for strong passwords, two-factor authentication, a clear instruction not to reuse a password from their personal accounts in their business accounts.
Here is a simplified video resource you can share with your staff.
Recommended by LinkedIn
3- Patches
Patch, patch, and patch again. Software that announce updates are usually doing so because they are patching a security breach they have recently discovered. Don’t ignore the update reminder! Here's a recent one.
While it is the responsibility of your IT manager to ensure that all software on the company infrastructure is up to date, small businesses may not have that luxury and so, telling your people about this is key.
4- Partners
Some businesses are enforcing cybersecurity practices well but may overlook an important factor: the cybersecurity protocols, or lack thereof, of their business partners and third party companies they deal with.
If you are already looking into normalizing cybersecurity practices at work, it would be a good idea to have your business partners do the same, especially if you have shared software packages to work with.
5- Personal
It’s the work-from-home era and so many businesses allow the use of personal devices at home or in the office. This is a major threat to company networks. If your company is allowing the use of personal devices to connect to networks, then you will have to make it clear that the connection should be through a VPN and that the personal device also abides by your company password policy.
Interestingly enough, all of the above P’s are linked to the number one issue: people.
In my humble opinion, I am sure the risk can be mitigated if people were better informed of the cybersecurity risks they encounter on a day to day basis.
If you enjoyed this informative read, follow me for more, and drop a comment below on what you'd like to see more if in the upcoming posts.