loader from loading.io

Security Awareness Training

Security Strong Podcast

Release Date: 05/19/2021

Security Awareness Training show art Security Awareness Training

Security Strong Podcast

In this in-depth Security Awareness Training, host Jeremy Cherny explores how a security incident can occur, as well as how people can best protect their data to remain secure.

info_outline Get To Know Microsoft Teams show art Get To Know Microsoft Teams

Security Strong Podcast

Host Jeremy Cherny discusses how to use Microsoft Teams as well as best practices.   What is Microsoft Teams?   If you haven't used it before, Microsoft Teams is a bit like texting or messenger on your phone in that it allows you to send messages to individuals, create group chats, and share files such as PDFs or photos. It’s much more than just that though. You can also create video chats for things such as one on ones, group chats, meetings, or video conferencing and because Teams can access apps such as SharePoint, Planner, and OneNote just to name a few, your team can work...

info_outline Get to know Microsoft Planner show art Get to know Microsoft Planner

Security Strong Podcast

Host Jeremy Cherny discusses best practices and how to use Microsoft Planner. What is Microsoft Planner? Microsoft Planner does not have a desktop component, it is strictly from the web. It's also from your apps on your phone and tablets. So right now, there is no desktop component. So you go to Office and sign in with your credentials. It's kind of like task management for teams. Some might call it light project management. There are a lot of different ways to look at it depending on how you're going to use it. We've started to use it here at Tobin Solutions for a few small projects. So we...

info_outline What to expect from the future of Internet security with Steve Moscarelli show art What to expect from the future of Internet security with Steve Moscarelli

Security Strong Podcast

Host Jeremy Cherny interviews Steve Moscarelli, Regional Sales Manager at Thales Cloud Security “I knew that the internet was going to be the future when I was in college. I had roommates working at the New Media Lab at MIT and they were involved in building a precursor to the internet for DARPA. I also saw very clearly that the internet was built with no security at all - which really propelled me into my career.” What are some of the things you read to stay on top of what's happening in the world of security? So I'd recommend that everybody pay close attention to Dark Reading. In many...

info_outline Using common sense to stay secure with Joe Dietrich show art Using common sense to stay secure with Joe Dietrich

Security Strong Podcast

Host Jeremy Cherny interviews Joe Dietrich, Manager of Hosting and Storage for Dover Corporation  “Dover Corporation is a diversified global manufacturer. We've got about 325 global locations with about 23,000 employees worldwide. What I do for Dover is lead teams that provide server and storage support, as well as Active Directory support and what we call data protection, which for us means backup and disaster recovery.” Why is security important? The systems and applications that run on the servers and storage that my team supports are things like Oracle, our payroll, our accounting...

info_outline Best practices for keeping your business’ information secure show art Best practices for keeping your business’ information secure

Security Strong Podcast

This week, we're doing something a little different on the Security Strong Podcast. It's just me, we're doing kind of a fireside chat mode here. I'm sitting in a rocking chair near the fire and I am thinking about the various awesome guests we've had since we started the podcast, I'm thinking about what we do as a security company, and I thought why don't we share some of the best practices and go through a top list of things that you can do to stay secure.  Security as a Process, Not a Product A lot of times when people think about security, they're thinking about buying the basics,...

info_outline Security in the world of HR with Amy Fallucca show art Security in the world of HR with Amy Fallucca

Security Strong Podcast

Host: Jeremy Cherny interviews Amy Fallucca, CEO of Bravent  “Bravent has been around for about four years. We are an HR consulting and recruiting company. On the HR side, we help with anything from handbooks, to advising on terminations, or employee performance. Then on the recruiting side, we work on a range of positions; professional, technical, and executive. We leverage technology to be really efficient in our process, and by doing that, we're able to save our clients money. We're typically about half the cost of contingent placement firms.” Can you speak a little about security...

info_outline Improve security through Mobile Device Management with Max Palzewicz show art Improve security through Mobile Device Management with Max Palzewicz

Security Strong Podcast

Host Jeremy Cherny interviews Max Palzewicz, Director of Operations at Rocketman Tech “I started out my career in public accounting, primarily working and advising small business owners. I got my CPA and I was able to join my dad and uncle's business coaching firm, Action Coach of Southeastern Wisconsin, where I worked for a few years. I carved out a niche for myself focusing on the financials for business owners, teaching business owners, how to be financially literate, how to read and analyze their financial statements, also how to process good numbers so they could make sound decisions...

info_outline Know your data with Jason Claycomb show art Know your data with Jason Claycomb

Security Strong Podcast

Host: Jeremy Cherny interviews Jason Claycomb, Founder of INARMA “INARMA is a professional services firm. The short tagline is ‘We assess controls.’ So I really like how you think of security as a process and not a product - that’s exactly what we do. We help people with the process around security. Yes, there are products involved, but those are types of solutions and we help people pick the right solutions.” Why is security so important to you and your clients? We've all got sensitive data. There isn’t any business that does not have sensitive data in it or where the data isn't...

info_outline E-commerce website security with Lori McDonald show art E-commerce website security with Lori McDonald

Security Strong Podcast

Host: Jeremy Cherny interviews Lori McDonald, President and CEO of Brilliance Business Solutions “I started my career at NASA Johnson Space Center as a flight controller for the space shuttle program where I met my husband. He went on to work for Rockwell Automation and got a promotion that brought us to Milwaukee. I was trying to figure out what was as cool as space and decided the internet looked like a cool place to be. So I started Brilliance Business Solutions, a web development company with a niche in helping manufacturers and distributors implement digital commerce solutions, in 1998....

info_outline
 
More Episodes

In this in-depth Security Awareness Training, host Jeremy Cherny explores how a security incident can occur, as well as how people can best protect their data to remain secure.

 

What is a Security Incident?

 

A Security Incident is any breach in your CIA. CIA is an acronym for these 3 areas with the first being the Confidentiality of your internal and/or external data or systems meaning that a breach occurs when someone has access to your data that shouldn’t. The “I” stands for the Integrity of your data and systems so it’s safe from corruption and unauthorized changes. Lastly, the “A” refers to the Availability of your systems and data so they are working and ready when you need them. So when you think of security breaches, think of the Confidentiality, Integrity, and Availability of your data and systems. Remember that security is only as good as your weakest links so make sure that you have all your blind spots covered! 

 

Common Vulnerabilities and Exposures (CVE)

 

A CVE is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures. Every time there is a new security hole discovered in a device or software, it is given a CVE number. Over time, these vulnerabilities and security holes have been being discovered at a much higher rate which is one of the reasons why cybersecurity is so crucial in today’s day and age. Back in 1999, there were only 1,000 or so CVE’s that had been discovered versus in 2018 alone where there were over 16,000 CVS’s discovered. Another point to be made about CVE’s is that these are only the ones we know about and there could be thousands of other vulnerabilities that are out there which just have yet to be discovered. 

 

Face The Facts

 

It’s almost certain that you will face multiple security incidents over time and although it may not be a big issue, it is still important to take the necessary steps to reduce the number and severity of security incidents. It is also important to note that even though steps can be made to reduce the number of incidents, you can’t eliminate them all because over time nothing is 100% effective. Although security incidents are becoming more complex every day, education, planning, and preparation are the only actions you can take to significantly reduce the number and scope of these incidents as well as to recover from any security incident you may face. Lastly, we advocate for you to trust no one and to always verify your security with a third party to ensure that you are staying safe. 

 

Top Reasons You Will Have A Security Incident

 

  1. Using Vulnerable Technology - If you use old technology that hasn’t been updated with security patches, or new technology which hasn’t had security patches applied can lead to vulnerability. 
  2. Failure To Follow Best-Practices For Installation & Configuration - For example, many in-home routers will have a default password set up and a lot of people never change that password where the best practice would be to go in and change it to protect yourself.
  3. Lack of Written Policies - Written policies help you have a plan in place to protect yourself from security incidents.
  4. Lack of Education For Everyone In Your Organization - When people don’t know what they should be looking out for, they’re far more likely to stumble into something dangerous.
  5. Failure To Plan & Prepare - Planning and preparing is crucial to avoiding security incidents, as well as recovering when one does occur.
  6. Failure To Monitor, Audit, and Maintain Policies and Systems - Consistently ensuring that all your systems are functioning properly will decrease vulnerabilities. 
  7. Security is Inconvenient - Many people will avoid security because it’s an extra password, or it takes more time so they bypass it leading to a higher chance of a security incident. 
  8. People Are Human - This is the biggest reason for all security breaches as everyone at some point will click something they shouldn’t by accident. 

 

What is Security Awareness Training?

 

Security Awareness Training is training and awareness for your computer users, training as part of onboarding new employees, newsletters and alerts about new security threats and scams, testing and reporting, targeted education for critical roles and repeat offenders, and lastly, ongoing education that never stops.