Take our free Simplifying Cyber Risk course now at SIMPLIFYCYBERRISK.COM!

Cybersecurity Begins at the Individual

Cybersecurity Begins at the Individual

As I break into each of the core beliefs behind RLS Consulting and their meaning to me, I wanted to start here: at the individual level.

To be clear, there are many aspects of cybersecurity that have nothing to do with the end user or the individuals that have access to your environment.

That being said, there are many reasons why all of your other security controls can get thrown out the window if you don’t start in the right spot.

Individuals that make up our ecosystem are responsible for:

Let’s dive in!

Employees usually are the weakest link

I’ve talked to all kinds of organizations over the years, and this is one thing that pretty much everyone will agree to, but I’ll counter my own statement real fast with an important disclaimer:

While it’s probably a safe assumption that employees account for your largest area of risk, you should still make an effort to truly understand your cybersecurity risks and what elements attribute to the Likelihood and Impact of each respective information system.

Assumptions can get people into a lot of trouble, so prove your hypothesis.

It’s great to have your environment locked tight, but it can all come crumbling down if an individual at the company becomes compromised and an attacker can gain access without being detected. If they logged in as an authenticated and valid user, why should the security tools you have monitoring systems think anything different?

This is why Social Engineering, Phishing, use of Stolen Credentials, and other attacks directed at unsuspecting users are so common. (Not to mention that they’re able to be more successful today thanks to AI advancements). It’s low hanging fruit: easy to launch attacks where even a novice hacker can be successful.

If you still need more examples, take a look at the suspected cause of the 2023 MGM attack. The rumor is that hackers essentially called IT support and pretended to be a user that needed a password reset.

For this reason, if you are an office that is not yet taking MFA or Cybersecurity Awareness Training seriously, you really need to get on top of it immediately!

Also, do everything you can to remove the individual from the risk equation by having layers of security. For example, there are tools that can help filter out phishing emails so it’s not just left up to the employee’s judgement.

Internal Friction

When employees don’t understand the bigger picture with cybersecurity and compliance efforts, they tend to push back. We often give up efficiency to become more secure – and your employees are going to feel that sacrifice the most.

I can’t tell you how many stories I’ve heard about pushback on implementing MFA (which, more often than not, seems to be senior leaders pushing back that should actually be leading the charge).

If you don’t take the time to educate your team, it’s much more difficult to be successful implementing changes.

I don’t mean your run of the mill security awareness training; you need them to understand the “why” behind all of this. Help them understand how these threats impact them and their job security. Talk to them about how easy it is for everything to come crashing down and give examples of how an attack may play out at your company.

TIP: One thing I’ve started suggesting is to teach people how to be safe at home and how to avoid ID Theft and Fraud.

When you teach people how to be safe at home, they have buy-in and take these practices to heart. This creates habits for the employees that they’ll bring back to the office.

Cybersecurity Culture

Most offices need to start here, or they’ll be spinning their wheels. And culture really needs to be built from the top down. Leadership needs to set an example, it’s also up to them to keep the buzz around cybersecurity alive year-round.

Part of this includes thinking about the type of cybersecurity culture you want to foster and how that will fit in with your existing culture. Do you lead with a carrot? a stick? a little of both?

This needs to extend beyond IT leadership. Cybersecurity goes so far beyond IT. Include all senior and mid-level leaders, HR, the C-suite – really, no one should be excluded here.

Everyone has a part to play, and I cannot think of a single role that cybersecurity is not going to touch.

How will RLS Consulting help?

I’m very excited to share that there are actually quite a few things that we’ll be doing to help you with this:
  • Use my training resources
    • I’m in the process of creating a free training everyone can use (and make their own) but, for now, you can get my quick steps here
  • Check your strategy for cyber risks
  • Invest in your employees’ personal protection
    • Get reciprocal buy-in for security initiatives and show your employees you care by offering them Identity Theft Protection.
    • RLS Consulting now is able to offer Defend-ID to companies directly or for agencies that want to offer ID Theft Protection, Monitoring and Recovery Services.  Check it out here

We’ll have more ways to continue to help re-enforce this and the other core beliefs we hold here at RLS Consulting.

If there are any questions or if you’ve found something here that helps and want to share, please do so!  And, I’m always open to ideas if you think of something I’m missing here that you think we should add to the list.

Thank you for reading and helping to make it a more secure world!  

-Ryan

Share

Picture of Ryan Smith

Ryan Smith

Ryan's experience across cybersecurity, sales, insurance, technology, education, and mathematics have helped him become a business-oriented problem solver that can simplify complex topics.

His eclectic and diverse background is now able to be leveraged by businesses that are interested in outside perspectives to help them overcome challenges.

Newsletter

Looking for Identity Theft Protection?

RLS Consulting is a proud distributor of defend-id ©.

Learn how protecting your employees from the perils of Identity Theft and Fraud can help your business security and overhead costs.

Want to sell defend-id through your insurance agency? 
Learn More

Looking for Identity Theft Protection?

RLS Consulting is a proud distributor of defend-id ©.

Learn how protecting your employees from the perils of Identity Theft and Fraud can help your business security and overhead costs.

Want to sell defend-id through your insurance agency? 
Learn More

Subscribe to our newsletter