Current Issue

  • Course Work

     The resurgence of caddie programs are great for the gameRead More

  • Viewpoints

     Golf courses in winter climates have to handle the fall differently than golf resorts in warmer areas of the nation. Red Ledges (Utah) Golf Course Superintendent Pat Christoffer and Director of Golf Jon Paupore reveal how they handle the fall season as they get the golf course ready for the off-season.Read More

  • You might want to rephrase that

     Famed restaurateur Danny Meyer says, “Service is the technical delivery of a product.  Hospitality is how the delivery of that product makes its recipient feel.”Read More

MORE CONTENT

Online Exclusives

  • Disaster Preparedness
  • Disaster Preparedness

    If you’re like most of us, the answer is no. It can be difficult to know where to begin and where to go from there. A disaster may be caused by carelessness, negligence, bad judgement or by natural forces such as a hurricanes, tornadoes or floods.Read More

April 2018

Cybersecurity Awareness is Critical

cyber‭By Bryce Austin
 
If you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your entire cybersecurity profile. Your employees have business-need access to a lot of important data, and their ability to protect that data — or to inadvertently let it walk out the door of your organization — is strong.

Lack of education was at the heart of a number of major security breaches. You may have heard about the new human resources employee that got an email from the president of the organization asking for all the W2 information on every employee, so that person sent them exactly as instructed. The employee did not recognize the fact that the email came from a hacker impersonating the CEO, and a major security breach took place.

Entire business models are based on this kind of fraud. Let’s pretend that I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first 10 for free (and those 10 are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.

No big deal, right? Wrong. In this scenario, I own this website and I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password. I will then extract any valuable information I can from those sites, sell the information for a profit, possibly ransom your own data back to you to make even more money, and then move on to the next victim.

Need some numbers to illustrate why educating your employees about cybersecurity practices is important?

· Per IDG’s 2016 Global State of Information Survey, 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

· According to the Ponemon Institute, 60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default or stolen password.
So where can your company start? Start with a training program. Your employees need to be educated on cybersecurity best practices.

One of the issues that any cybersecurity awareness-training program should address: Implement real password policies.

There’s no easy way to say this, so I’m just going to say it: Passwords stink. They are no fun to create, no fun to remember and no fun to type in. That being said, passwords are still the most common authentication method today. It is imperative to implement a password policy requiring complex passwords that can’t easily be guessed, and end-user training to go along with it. Microsoft’s Active Directory “require complex passwords” setting is a start, but end-user training is also mandatory.

Many people use the same passwords for every online system where they need a password. This is a problem. If one site gets hacked, cyber criminals will try your credentials at all common websites, and possibly at your business’s VPN. It is imperative that your cybersecurity awareness-training program encourages your team members to use different passwords for different sites, and especially for any system that your company uses.

Most companies have some sort of safety guidelines that their employees must follow or be aware of and cybersecurity should be no different. There are a number of companies that specialize in this type of training, and they may or may not be a good fit for your company culture. Picking the right type of training is critical; having a good cultural fit is more important than the actual content. Be sure to do proper due diligence to ensure that the training content offered by the company or companies you are considering is a good fit for the culture of your company.

The important message here is that you already know you must train your employees on certain things in order to have them perform their job functions. Cybersecurity is one of those things. If you are uncertain as to how to structure a cybersecurity training program, find an advisor that can help you.

Questions to explore this topic further with your company’s leaders:

• When was the last time you were trained on cybersecurity? What did you take away from it?
• Do your team members who have access to sensitive data get additional training above and beyond those who do not?
 
Bryce Austin is the CEO of TCE Strategy, an internationally recognized speaker on emerging technology and cybersecurity issues.

Share/Bookmark

Leave a Comment

Yamaha Umax

Toro

Featured Resource

Owner's Manual

Owners Manual IconBrought to you by Yamaha
Visit the Owner’s Manual library within the GB Archive for practical, small business insights and know-how for your golf operation.Read More

July 2018 Issue
  • CONTENTS
  • DIGITAL FLIPBOOK


Connect With Us


facebooktwitterNGCOABuyers GuideYouTube