Key Tips to Develop a Security Culture in Your Company

Nowadays, take a look at any newspaper and you will realize how vulnerable your company is to security and data breaches. Moreover, we don’t have enough protection against the corporate thefts to keep pace with the threat landscape. This is evident by the fact that today, nobody in the whole world would make a statement like “My Company is absolutely protected” or “My security is foolproof”!

Also for any organization, if humans are the greatest asset, then they turn out to be the weakest link as well. Thus, what is required is an appropriate “security culture”. It will help your workers understand the right things to do when they suspect something questionable is going on (whether online or offline).

Therefore, we are penning down some key tips to help you inculcate a security culture in your organization. So, start marking the important points!

Make ‘all in’ in your agenda!

Your first line of defense against security threats should be developed within your own organization rather than for far away criminals and burglars. The drive for security is not the sole responsibility of IT department or the security department, but must be ingrained in each and every member of the organization.

Another pertinent thing is to understand that the security culture in no sense is a ‘once in a year’ event. It is a persistent process which should be embedded in all day-to-do procedures and activities. The company shall also organize quarterly reviews to check on the progress of such initiatives.

Shake their senses for it!

Some visual warnings and discussions can turn out to be boring and ‘boring’ generally would mean ‘unnoticed’. Get a little creative with your awareness efforts to firmly prove your point.

Different people have different interests and you can never be too sure about what will click the thought process of the other person. Thus, play with a variety of awareness channels! Use posters, newsletters, reminders, a team get-together or in-person meetings.

Talk brief and relevant when you are delivering a speech because nobody likes the old school long lectures. The more timely and striking your speech is, the better it is!

Get back to the basics!

Let your employees embrace the core concept of security and comprehend the reasons behind the rules they are asked to follow. When the concepts are understood rather than imposed, then your security culture could go a long way. For instance, tell them that why they are being asked not to follow random email links or share critical information to ambiguous online sites.

To help build such environment, lay the following keystones:

1. Passwords: This is the most basic step when it comes to security, but also probably the most ignored one. Foster a good password & code policy among your employees and take regular updates to ensure that all the members are on the same page.

2. Patches: Keep all your patches and software applications up-to-date. It is advisable to start a regular patch update program which comes in handy in case of emergencies.

3. Limited Access: The more the exposure, the more is the risk! There must be strict rules when it comes to accessing the files and resources of the company. Allow the members to access the data and files only that they need and nothing beyond that.

4. Inventory: Keep the count of your resources, machines and everything else. Tag them, claim them and secure them! The BYOD (bring your own device) culture indubitably scales up your company’s inventory, but, then you have to more careful that by any chance, someone does not take away your machine or your official data.

Watch like a falcon!

Some of your employees might turn to all fun and games behind your back and forget about the rules and regulations during the watch! To help induce the fact that they are being constantly seen, install some surveillance systems. Security cameras help you monitor your business even when you are not on-site and hence, facilitate to keep all the protocols in place.

Lead by example!

When the C-level execs and managers are following the rules, the key message comes clear to the masses! When you firmly teach your employees about your primary objectives through your code of conduct, then only you can hold them accountable for their actions. Just saying ‘This is not the right way’ is no more good enough!

Moving forward!

To lay a healthy security culture in your company, it is imperative to educate your employees about the need and importance of security. Experiment with different methods to inculcate this thing in their thought process. Understand that every employee has a stake in such a drive. From top-level management to the lobby attendants; everyone is important. Use distinct methods to gain their attention and if possible, personally ask your senior members to follow the protocol and set an example.

The most significant thing to discern is that this change will take time and not happen overnight. So, don’t push your ninjas to get security savvy while they are sleeping. Keep the right attitude and you will definitely get there!

Use These Tips to Improve Mobile Banking Security

Modern bank customers rarely think twice about logging into a mobile device to check accounts and schedule transactions. Mobile apps are convenient and user friendly. According to a Federal Reserve report, over half of smartphone users with bank accounts used mobile banking in 2015. Online banking via a mobile device also represents a security risk. Cybercriminals use a variety of techniques to gain entrance to individual user accounts and bank information.

Both Customers and Financial Institutions Play a Role in Online Banking Security

Financial institutions and banking customers are responsible for mobile banking security. Both parties must exercise caution and use security best practices to reduce the risk of mobile threats. Customers are responsible for using their devices in a security conscious way. Banks must develop, maintain, and optimize formal applications designed to protect end users.

Banking security breaches can lead to a loss of financial assets, identity theft, and other adverse outcomes. Every business-related security threat can cost organizations millions of dollars in remediation activities and harm institutional credibility. A proactive approach to online banking security effectively reduces the risk of cybersecurity incidents and improves customer confidence in mobile financial activities.

5 Tips Customers Can Use to Improve Mobile Banking Security

Mobile users often take device security for granted. Apple users trust in the company’s security practices. The Android platform carries a potentially higher degree of risk as an open digital ecosystem. When device users presume the safety of apps they download and the security of their devices, they may accidentally open a backdoor to malicious activities. Customers can use these five tips to protect the security of their mobile online banking activities:

  1. Only use official banking apps and secure websites. If you plan to use a mobile device for banking activities, download the official banking app. Look for information on the website to confirm the app’s legitimacy, and avoid using your mobile browser to access your bank account. Some users link their bank accounts to budget apps or other money management apps. Remember that every account you connect to your bank account represents a potential risk. Safeguard your information with official and secure apps.
  2. Double check the security of all third party apps. Cybercriminals may gain access to your device through a third party app not associated with an official banking app. For example, someone could sneak a malware program designed to record keystrokes in with a third party app. Using this type of technology, a criminal could potentially obtain information about your login credentials and online activities.
  3. Avoid using bank-related links. As an end user, you may assume the validity of a link in a text message or email. Unfortunately, some criminals use phishing and spoofing practices to obtain revealing information from seemingly innocent interfaces. Always back out of a message and go through official channels to access your account.
  4. Never check your bank account while using a public network. Public Wi-Fi and other public networks are notoriously insecure. Use cellular network connectivity or a VPN (virtual private network) to protect your activities while in public.
  5. Always lock and keep track of your mobile devices. If you leave your device unlocked on a park bench, a malicious individual could take advantage of the situation. Use the lock functions on smartphones, never save login information on your apps, and try to keep track of all your mobile devices.

The Serious Job of Protecting Client Information

6 Important Small Business Cyber Security Tips

Chances are, you think twice before entering your credit card information online to buy something, watch out for malicious links in emails and keep your PC updated against viruses, spyware and hackers.

However, how much thought do you put into your small business data security and protecting client information?

Hopefully a lot, because according to Microsoft:

• An attacker resides within a network for an average of 146 days before detection

• The average cost of a data breach to a business is $3.8 million

• The total cost of cybercrime to the global community in 2016 was $500 billion

• 63 percent of attacks are the result of compromised user passwords and usernames

As these threats continue to become more sophisticated, legislation must too. ]

In Canada, many government departments such as the Department of Justice, RCMP, Public Safety Canada and Global Affairs Canada work together with international, federal and provincial law enforcement agencies against cybercrime.

That’s great, but you want to stop any potential attacks before your clients’ data security is breached!

And, if you’re thinking that your site is too small to appeal to hackers, think again. Sometimes a cybercriminal’s intention isn’t to gather sensitive content, but to relay spam emails from your server.

Let’s use the example of a membership site for these small business cybersecurity tips.

A membership website has specific resources available for members who generally pay a one-time or recurring fee to get content such as videos, eBooks, articles or tutorials.

Because people are entering sensitive information such as email addresses, passwords and payment information to access my content, we need to be vigilant about how we keep them safe from online threats. (A secure site is also more likely to earn trust, which in turn can increase revenue.)

To help safeguard your clients’ data security, I suggest that you:

1. Choose a reputable web host. Don’t just go for the cheapest! I compiled a list of web hosting providers that I recommend; you can view it here.

2. Install an SSL certificate on your site. This means having HTTPS vs. HTTP in the URL. This is the prefix to your web address, and the SSL provides additional security and makes it harder for hackers to access.

You can often add this service to your web hosting package for free, or for a small cost. An added bonus: a secure site can actually rank higher in Google.

3. As soon as you see a new software update, install it. Many membership sites are built in WordPress, which lets you simply click the ‘Update Now’ button. This helps keep cybercriminals from taking advantage of security flaws in older versions.

Similarly, look for plugins to help manage online security.

4. Enforce complex passwords. Request or even demand that users create passwords with a combo of upper and lowercase letters, symbols and numbers. This will deter people from using ‘12345’ as a password.

You can also install a plugin on your WordPress site that only gives someone a number of tries to log in to before they’re locked out.

5. Approve comments manually. Spammers love unattended comments! They can post links there that a) may drive traffic back to their site and b) may trick Google (however briefly) into thinking that their site has valuable content.

6. Clean up information that’s no longer relevant. Previous members, people who have cancelled, those who have completed your course… get rid of user info and payment info as often as you can.

By following these small business cyber security tips, you can minimize the risk that your website is going to be targeted by scammers or cybercriminals.

Don’t cut corners when it comes to protecting client information, and you can create a safe space for loyal fans who feel comfortable handing over their personal and payment info.

Of course, there are many more components to maintaining a secure website.

10 Tips For Hiring Good Security Guards

If you decide to use contracted security guards to protect your business and people you should use the following tips to ensure that you get the quality you pay for. I will say that it may cost you more to get this quality but if you force the contracted security company to work for lower price they will deliver lower standard guards in some cases, but more importantly, if they accept your low price it means they are saving money elsewhere. These security companies will have lower quality controls and increased number of safety concerns due to poor occupational health and safety systems.

Verbal communication skills

All clients want security guards that can speak English well so their customers can understand directions and instructions clearly. Their verbal skills are also needed to resolve conflicts peacefully.

Observation skills

Security guards main duty is to detect security problems and safety hazards before they become an problem for your business. Most security training courses do not teach observation skills in any form. These training companies believe that people have eyes and have been using them for their entire life so they know how to observe already. Completely wrong. That is like saying that because we have been eating food all our lives we can be food critics and know how to judge a chefs product.

Deterrence of criminal behaviour

Every security company and contracted client states that the most important factor for employing security guards is their ability to deter crime and they don’t want guards to arrest of use reasonable force to control unwanted behaviour.

No security training teaches new guards how to deter criminal behaviour. So is it any reason why everyone automatically assumes that the new security guard can deter crime. I have found some clients still think that size is how guards deter people.

Competence in their performance of security skills

You as the client take it for granted that the security company has actually tested or confirmed the performance ability of all their security guards. Most never conduct performance checks in any form, and the others that do, don’t check actual security skills- they assess the guard based on how many shifts they do for the company and whether they complain about the security company.

Just because some guards have been in the industry for years doesn’t mean that they know how to provide security in your business.

Top 10 Tips

Give the security guard a test in their verbal conflict handling skills be pretending to be a complaining customer. Look for their responses.

Give the guard a written test that consists of security questions and knowledge that a level 2/3 guard must know to get their qualification.

Ask the guard exactly how much experience they have in handling security in a business exactly like yours or very similar. Ask for proof and request they demonstrate their experience in a work trial by explaining to you the most common security problems in your type of business.

Ask when the last time they had a performance assessment done on them and what type of questions did the security manager ask them. What was their performance rating.

Ask them to explain how they plan to deter criminal behaviour to leave your business. Have they thought about it or are they just relying on their size. Trust me on this- size has little impact on deterrence to most real criminals.

Give them a photograph of two people and ask them to look at it for 5 seconds. Then ask them to describe the person that you request. They need to get all the details correct. You do not want security guards that cannot even describe a photographed person. In a real event with darkness and adrenalin going they will make mistakes.

Hold interviews with all your security guards before the security company assign them to protect you. During the interview conduct the mentioned tests and questions but also ask the guard to tell you about a tell he had to deal with an assault and listen to how they dealt with it.

Pay attention to the level of verbal skills used during the interview. Especially the number of incorrect words used and lengthy pauses while they think of the words to use. This type of skills signals poor verbal ability and comprehension during normal conversation they will struggle during security incidents. If they have to repeat themselves to you so you understand what they are saying- don’t use them.

Avoid using any security guards that feel they need to have bald heads or crew cuts because they don’t want their hair grabbed during a fight. They shouldn’t need to fight if they know how to do their job properly. This goes the same for guards that refuse to wear ties in case someone grabs it during a fight. Get elastic or clip on ties. Problem solved. I prefer it if someone wants to grab my tie instead of punching me because they have just wasted the first move and not injured me. Game over.

Ask how long they have worked for this security company. Security companies have high turnover and throw inexperienced guards at clients every month or worse, they use sub-contracted guards that you have no quality control over and the security company doesn’t even know them.