GABIRAY

News and thoughts

Five more great advice everyone should follow before being hacked.

So here is the follow up from yesterday’s post and the last five advice to you.

It is not a question of if your IT will be compromised. It is a question of when. Postponing it and minimising the damage when it happens, is of the essence.

A Danish Market Analytics Company had a bad experience with a recent cyberattack. Not only did it cost them a lot of money, essentially turning a possible profit into a loss, it also laid bare areas of improvement. A lot of companies choose not to talk publicly about being under attack and while that may have its good reasons, we at Gabiray recommend being as open as possible, about the situation. For the benefit of everyone, the Danish company complied a list of advice that they are now sharing with everyone. We have taken the list, adapted it and elaborated it, with our perspectives on how to better manage your IT Security. (Read the first five here)

#6 Have a procedure for data processing agreements.

In fact, have processes for everything, and remember that on the back side of every business process, there is an IT process. When it comes to data processing agreements, it is all about how your vendors store and process your data securely. As mentioned yesterday, in relations to using apps and plug-ins, you need to understand how your data is handled when it is out of your hands. Your vendors are an open back door into your systems, if they do not take care of your data and their connections to your systems correctly.


#7 Educate everyone in the value and importance of IT Security.

This really should be atop the list. Almost all cyberattacks exploit humans. From phishing, where fraudulent emails try to make you click things and submit info, to social engineering where an infected USB drive is left in a parking bay of an office, only for an employee to pick it up and put it in their PC. (Yes, that happened).

Conduct regular IT Security trainings. Create Security Awareness Campaigns. Conduct tests of peoples responses. Gamify Security to engage your employees. The opportunities are endless.


#8 Remember to high-five each other for being diligent with IT Security.

It is not a waste of anybody’s time, if someone reports a suspicious Security Incident. No matter how bleeding obvious it might be to you, that this is perfectly legit, it might not be to others. And if people are shunned for raising the flag, you can be sure they won’t do it again. Throughout your organisation, your employees have to be right all the time in stopping cyberattacks, the hackers only have to right one time. So create a culture of cool around raising Security Incidents. Condone any behaviour and initiative, that helps everyone stay vigilant. 


#9 Tell the truth, also in emergencies. It pays off to keep an honest conversation.

Do not be ashamed your company has come under cyberattack. As said in the beginning of this post, it is not a matter of if, but when. Tell your stakeholders right away and the press if they ask. If you do not know exactly what happened, say that. Cybercriminals will notice your behaviour and they certainly think it is easier to do shady deals with companies when it happens outside the limelight. Shine a light on what you are doing to remediate the situation. What are you doing to keep your customers out of harms way? What are you doing to ensure the situation does not get any worse? What do you do to ensure your employees also have a job tomorrow?


#10 Hug your Compliance Officer. They are the most important bureaucrat you will ever know.

Anyone who has been grilled by the Compliance Office or an external auditor in say ISO standards, will know how easy it is to be filled to the brim with resentment towards these nitpickers and their insane level to detail. But rest assured. They are doing it for your sake and for your companies sake. When they keep drilling into areas, it is because they want the best for you. They want you to be resilient, not towards them, but towards the threats their processes aim to thwart. 

Also read...

Laptop Squatting is anti-social. End of discussion.

Southern Europe, Spain in particular, is in uproar over Digital Nomads in cafes, EuroNews reports.In Riga, where we are based, it is also rapidly becoming a thing. Digital Nomads or Exchange Students occupying an entire four person table, with their lapto...
Read More

Here’s to meetings

by Søren Holmberg - OwnerEveryone are dreading meetings, but why?A supposedly leaked email by every techies favourite guru [sic] Elon Musk is now making its way through LinkedIn. I don’t for a second believe it originates from the controversial Tesla and ...
Read More

EU dooms doomscrolling doomed - here is why that is not controversial

There is an ancient (in IT that is more than 10 years) proverb: "America innovates, China copies, India supports and Europe regulates.” With the Digital Service Act and Digital Markets Act, aimed at so called Tech Gigants and imitations hereof, EU is tryi...
Read More

Five more great advice everyone should follow before being hacked.

So here is the follow up from yesterday’s post and the last five advice to you.It is not a question of if your IT will be compromised. It is a question of when. Postponing it and minimising the damage when it happens, is of the essence.A Danish Market Ana...
Read More

Five great advice everyone should follow before being hacked.

It is not a question of if your IT will be compromised. It is a question of when. Postponing it and minimising the damage when it happens, is of the essence.A Danish Market Analytics Company had a bad experience with a recent cyberattack. Not only did it ...
Read More

How do you make people more Agile using Myers-Briggs

By Søren "Sean" Holmberg - OwnerHow do you make people agile?Starting the conversation with individuals in teams, to make them embrace being agile.Understanding individuals is only done by talking to them. But how to start that conversation? Having a conv...
Read More

GET GOING AND KEEP GOING

Our portfolio of Services to get your Project going and keep your Business running.

Project Management
read more
Process & Documentation
read more
SEO & Communications
read more
Daily IT Operations
read more

Images by drobotdean/wayhomestudio on Freepik