Cybersecurity Awareness: Insights from Karl Kispert

In the past decade, millions of businesses in key industries have been subject to malware infections. The numbers continue to rise as attacks get more sophisticated and organizations are moving towards virtual working environments. The pandemic caused a 600% increase in cybercrime as hackers rolled out phishing attacks on massive scales—an example of which is tricking targets into clicking infected links posed as legitimate sites of the Centers of Disease Control and Prevention (CDC) and the World Health Organization (WHO). 

So what exactly can organizations do to mitigate risks and curb these destructive attacks? In the Ascent Conference held in 2019, Karl Kispert, managing director at MGO Technology Group, LLC, revisited the basics and emphasized security awareness in dealing with threats.  

Security Training vs. Security Awareness: What’s the Difference?

According to Kispert, security training and security awareness are not the same things. “Training is teaching a body of knowledge to an individual,” he explains. “Awareness is changing the culture as you’re building it, or as you’re expanding your company.” Building security awareness and incorporating that knowledge into your framework helps you craft a comprehensive incident response plan to use if and when a breach happens.

Kispert brings up these fundamentals you can base on to be fully aware of your security posture and avoid falling prey to ransomware and phishing attacks:

1. Back up your data daily  Albeit basic, Kispert stressed the importance of having secure and reliable data backup at all times for easy recovery in case attackers get ahold of your data.

2. Update your operating systems – Doing this crucial step fixes any existing vulnerabilities your system may have and ensures that everything is working correctly. For added security, limit the number of people who can use or install the software.

3. Monitor your network closely – It is critical to understand how your network configuration—attackers easily penetrate unsecured and misconfigured wireless networks. You must monitor who is on it at any given time and who has access to which information, especially when you’re tied up with a third-party vendor. Invest in an enterprise license for reputable antivirus software to fortify your network against attacks.

4. Use two-factor authentication – Activating two-factor authentication helps you verify your users’ identities as they use your services and provides an additional layer of security within your network. Kispert strongly advises against sharing passwords with anyone as this is giving away all your sensitive information for free. Moreover, attackers can break a weak password within milliseconds—using a combination of alphanumeric characters and symbols makes a password less likely to be figured out. 

The Takeaway

Cybersecurity awareness is essential regardless of what stage your company is currently in. You have to be aware of what everyone is doing, what information you are sharing, and who should have access to your data and network. The strategies above will help you identify gaps your infrastructure may have and steer you in the right direction regarding security as your business grows.

Watch Karl Kispert’s full session below:

[su_youtube url=”https://www.youtube.com/embed/ELJK1G8cGEE” mute=”yes” title=”Data Protection and Consumers Right”]

 

Photo by Kaur Kristjan via Unsplash.

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

  • What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].