How to be Cyber Safe in your Holiday Space According to Jennie Vickers of Zeopard Consulting and Consultant to Fortinet, the first action you need take to protect your business over the holiday break is security awareness training for everyone, including your employees and your contractors.
Global influencer: Jennie Vickers.
Despite being over 2021 we are not quite at year end yet Most people have had enough of 2021 (I think we said the same for 2020 but anyway, here we are again) and the countdown to the annual shutdown is beginning, encouraged by all the TV advertising reminding us of the lazy hazy days of the summer break. One of the differences this year from previous years, is the substantial number of devices which will be going off on holiday with your team members, which are connected back to HQ, to your email, your database, with access to your operational technology (OT), all your IP…., get the picture? According to data released earlier this year extracted from Stats NZ data: • around 97 percent of the population in New Zealand were active mobile social media users; • the population of NZ had 1.3 smartphones each; • there were more mobile subscriptions than people in the country; and • about 46 percent of web traffic was created by mobile phones. All of this adds up to a lot of digital activity. No one wants to be a killjoy, but the combination of the increase in threat activities plus the number of devices heading off to the beach (and those staying home), adds up to even greater risks to your business and individual economic prosperity, than at the same time in previous years.
36
NZSM
Are your exhausted people going to be using the devices that connect to your network and your data, to surf for shopping, quizzes, and puzzles, on their well-deserved days of rest? Earlier this year, the 2021 Fortinet Networking and Cybersecurity Adoption Index Research Report, collated the opinions of 300 IT decisionmakers in Australian businesses and 105 IT decisionmakers in New Zealand businesses. When the research was conducted the results were clear about the need and demand for awareness training: “When it comes to IT security programs, awareness was at the top of the list for Australian organisations at 67% [and training (62%)] while training was at the top of the list for New Zealand organisations at 70% followed by awareness (68%)”. Are you one of the organisations surveyed and have you actually got around to putting a programme in place? Security Awareness and Skills Training – there is no option In reporting to their boards, most NZ businesses will have covered cyber risks. The frameworks and structures businesses chose to comply with and report to are many and varied but chances are you have picked one. ISO27001, NIST 800-50 Framework, CERTNZ’s Critical Controls, the ACSC Essential 8, CIS Controls, APRA CPS-234 or MITRE AT&CK are the best known and most include an obligation around the delivery of security awareness training.
December 2021 / January 2022
