Current Issue

  • When Shorter is Better

     What does it say about golf that one of the most competitive athletes in sports history wants his own course to be, above all else, “fun and interesting.”Read More

  • Scottsdale Operators Face Plane Crash Emergency

     Shortly after 9 p.m. on Monday, April 9, a small plane that had just taken off from Scottsdale Airport in Arizona crashed onto TPC Scottsdale’s Champions golf course, bursting into flames and killing all six people on board.Read More

  • It’s Definitely Not About the Clothes

     In the last several years, there has been a push to include women in the golfing community. As a woman, I appreciate the effort. There’s Women’s Golf Day, Bring Your Daughter to the Course Week, and the EWGA has made some great improvements as well as the LPGA, who was finally awarded the Merit Award by the NGCOA in 2017 for their contributions to the game.Read More

MORE CONTENT

Online Exclusives

  • Tee Time Coalition
  • Tee Time Coalition

    The primary purpose of the coalition is to support a more competitive and balanced marketplace in public golf that is both supportive of the golf course owner, operator, PGA professional and the golf consumer. This will be accomplished by promoting adoption of online tee time guidelines and best practices among technology companies, online agents, marketers, golf course operators, general consumers, and the media.Read More

April 2018

Cybersecurity Awareness is Critical

cyber‭By Bryce Austin
 
If you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your entire cybersecurity profile. Your employees have business-need access to a lot of important data, and their ability to protect that data — or to inadvertently let it walk out the door of your organization — is strong.

Lack of education was at the heart of a number of major security breaches. You may have heard about the new human resources employee that got an email from the president of the organization asking for all the W2 information on every employee, so that person sent them exactly as instructed. The employee did not recognize the fact that the email came from a hacker impersonating the CEO, and a major security breach took place.

Entire business models are based on this kind of fraud. Let’s pretend that I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first 10 for free (and those 10 are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.

No big deal, right? Wrong. In this scenario, I own this website and I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password. I will then extract any valuable information I can from those sites, sell the information for a profit, possibly ransom your own data back to you to make even more money, and then move on to the next victim.

Need some numbers to illustrate why educating your employees about cybersecurity practices is important?

· Per IDG’s 2016 Global State of Information Survey, 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

· According to the Ponemon Institute, 60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default or stolen password.
So where can your company start? Start with a training program. Your employees need to be educated on cybersecurity best practices.

One of the issues that any cybersecurity awareness-training program should address: Implement real password policies.

There’s no easy way to say this, so I’m just going to say it: Passwords stink. They are no fun to create, no fun to remember and no fun to type in. That being said, passwords are still the most common authentication method today. It is imperative to implement a password policy requiring complex passwords that can’t easily be guessed, and end-user training to go along with it. Microsoft’s Active Directory “require complex passwords” setting is a start, but end-user training is also mandatory.

Many people use the same passwords for every online system where they need a password. This is a problem. If one site gets hacked, cyber criminals will try your credentials at all common websites, and possibly at your business’s VPN. It is imperative that your cybersecurity awareness-training program encourages your team members to use different passwords for different sites, and especially for any system that your company uses.

Most companies have some sort of safety guidelines that their employees must follow or be aware of and cybersecurity should be no different. There are a number of companies that specialize in this type of training, and they may or may not be a good fit for your company culture. Picking the right type of training is critical; having a good cultural fit is more important than the actual content. Be sure to do proper due diligence to ensure that the training content offered by the company or companies you are considering is a good fit for the culture of your company.

The important message here is that you already know you must train your employees on certain things in order to have them perform their job functions. Cybersecurity is one of those things. If you are uncertain as to how to structure a cybersecurity training program, find an advisor that can help you.

Questions to explore this topic further with your company’s leaders:

• When was the last time you were trained on cybersecurity? What did you take away from it?
• Do your team members who have access to sensitive data get additional training above and beyond those who do not?
 
Bryce Austin is the CEO of TCE Strategy, an internationally recognized speaker on emerging technology and cybersecurity issues.

Share/Bookmark

Leave a Comment

Yamaha Umax

Toro

Featured Resource

Bright Ideas Archive

Brought to you by ValleyCrest Golf MaintenanceBright Ideas Icon 
Access some of the most creative ideas golf course owners and operators have to offer within the Bright Ideas area of the GB Archive.Read More

June 2018 Issue
  • CONTENTS
  • DIGITAL FLIPBOOK


Connect With Us


facebooktwitterNGCOABuyers GuideYouTube