kindsey@kirkham.it, davin.chitwood@irontechsecurity.com, info@webpossible.net
What is a security first culture?

A security first culture starts with identifying and preventing employee vulnerabilities before they cause a breach. Employees are your front line of defense in the technology world. Do your employees use strong passwords? Do your employees know how to spot a phishing email? All it takes is one employee to click on a malicious link in an email for your whole organization to then be hit with ransomware.

90% of data breaches are caused by human error, this means attacks are more likely to occur as a result of employee actions rather than a direct attack to your organization. It is critical everyone in your organization is knowledgeable on current cyber threats and risks.

According to InfoSec, 90% of people in the world cannot identify a phishing email. With 50% of internet users receiving at least one phishing email a day, your employees need to be conscious and aware of cyber threats. You have to keep in mind that you are only as strong as your weakest link.

Employee Threats

Your employees are facing cyber threats every single day. See some of the more common attacks below.

Phishing Attacks: Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card credentials, by disguising oneself as a trustworthy source via electronic communication.

Business Email Compromise: A BEC attack is when a cybercriminal uses email fraud to impersonate the real owner to deceive the company, customers, and/or employees into sending money or sensitive data to a cybercriminal.

Password Attacks: Unless you have enforced a policy regarding passwords, there is a very good chance your employees are reusing passwords, leaving you vulnerable to cyber criminals, 65% of people reuse passwords across multiple if not all sites. We recommend everyone in your organization utilize a password manager enforcing strong, unique, and complex passwords. We use 1Password! All you have to do is remember one master passphrase to then have access to all of your other credentials. 1Password creates and stores strong, unique passwords for you.

Zero Trust Security

Zero trust security is based on the principle of maintaining strict access controls and not trusting anyone by default (even insiders) and requires all users to be authenticated, authorized, and validated. We have divided zero trust security into 3 main principles.

Verify Users: Prove that your employees are who they say they are. Multi-factor authentication or MFA is one of the most common ways to verify a users identity.

Validate Devices: ALL devices must be recognized and verified by the organization.

Limit Access: Anyone with administrative privileges is a hot target to malicious actors. Administrative privileges should be strictly managed and only grant access to resources needed for job duties.

Continuous Cybersecurity Training

Hackers are becoming more advanced every day, leaving one-and-done trainings outdated. As hackers become more advanced, new threats emerge. It is crucial that all of your employees are up to date on the threats they are facing today, this can be done by implementing continuous cybersecurity training.

By implementing a continuous cybersecurity training, you are holding everyone accountable for their actions and knowledge. Your employees are more likely to take cybersecurity seriously if you do too. You can identify your weakest links and educate them to be your strongest defenses.

Ensure your employees understand the consequences of failing to protect the organization from outsiders. Security awareness training reduces phishing susceptibility by 50%, drastically reducing your chances of a cyber-attack from an insider.

Where do I start?

Creating a security first culture will not happen overnight. Getting everyone in the organization on board and in the right mindset will drastically reduce your cybersecurity risks.

Hold everyone accountable, starting today

Check out our Deeper Dive on creating a security first culture here.