Business Guidelines
In businesses, small and large,
over 91% of cyber-attacks begin with...
A decision maker or team member, not STOPPING > THINKING > CLICKING safely. Even in today’s technology enhanced world, the greatest cyber-security threat remains to be the person behind the office computer. Understanding the balance between your security software and human habit is crucial for your business’ technological health. At STOPTHINKCLICK.ORG, our outcome for your business is to provide you the initial guidelines and resources for safe computing in the workplace.
What’s the first step towards safe computing in my workplace?
Get the right TOOLS and learn how to use them. As a business owner or manager, you should first select (with the assistance of your IT Provider) the appropriate security tools for your business.
These tools are grouped within your Safety Climate, the visible assets of your organization’s cyber-security. The three necessary layers of your visible assets should be; a Physical Firewall Appliance for internet connections, End Point Protection in the form of Anti-Virus & Anti-Malware software, and Anti-Ransomware for advanced breaches.
Most modern security tools conduct automated scans and defensive measures, but these luxuries do not prevent human error. For additional information regarding cyber-security TOOLS, please review our recommended specifications or contact your IT Provider.
We recommend the following TOOLS specifications:
Physical Firewall Appliance
-
Invest in the physical appliance and not just the software.
-
Purchase the subscription and install updates in a timely manner.
-
Ensure that the subscription includes Content Filtering and Intrusion Prevention.
End Point Protection
-
Install on all office; computers, mobile devices, and servers.
-
Purchase the subscription and install updates in a timely manner.
-
Select a version that has a Central Interface (in order to not distract team members) and a Central Alert System (which texts and emails a discovered threat).
Anti-Ransomware
-
Select a system that works with your backup software so it can automatically stop backups if a ransom is detected.
-
Confirm your Recovery Time Objectives with your IT Provider; most companies strive to recover lost files or functionality within 30 minutes.
-
Never pay the ransom, as this may lead to additional demands, contact your IT Provider immediately.
Team members see cyber security as something management is responsible for.
We recommend the following TRAINING resources:
​
5 Cybersecurity Tips to Improve Employee Habits --- Cimcor
​
The Importance of Personal Cyber Security Habits --- Global Learning Systems
​
Cybersecurity: Managing Risk in the Information Age --- Harvard
Specialists in Cybersecurity and Compliance --- Netizen Corporation
​
My security tools are now installed and scanning, what’s the next step?
Develop clear and consistent TRAINING for your team. As a leader in your work environment, it is your responsibility to create (with the assistance of your IT Provider) an ongoing cyber-security training program for all departments.
These training exercises are the foundation of your Safety Culture, your organization’s attitude towards cyber-security. Introductory training topics should include; email screening procedures to avoid phishing scams, safe browsing habits to prevent dangerous downloads, and strong password generation for network integrity.
Effective training programs will empower team members to adopt the lessons learned and apply them to “home” use. For additional information regarding cyber-security TRAINING, please review our recommended resources or contact your IT Provider.
Executive team attitude towards
cyber security sets a foundational example.
How can my tools and training be leveraged for continued safety?
Implement a TRACKING platform into your technology practices. A tracking platform, known as a Security Awareness System (SAS), is a type of software that measures your team members’ click habits and trains them, through controlled tests, to avoid harmful links.
With your IT Provider in sequential order; install an SAS which is applicable to your workplace, develop a Scoring System to determine a percentage baseline of your departments’ click habits, and create a Reporting System which can be reviewed by Yourself & Management on a monthly or quarterly basis.
Your SAS’ objectives and goals should be integrated into your culture, to promote a community of transparency and progress. For additional information regarding cyber-security TRACKING, please visit our recommended resources or contact your IT Provider.
We recommend the following TRACKING resources:
​
Activity Monitor Review --- Business.com​
​
ContentProtect Review --- Business.com
​
Veriato 360 Review --- Business.com​
​
Developing Security-Minded Employees for Defense... --- Global Learning Systems
​
What is Employee Monitoring Software? --- Teramind
Security Awareness Programs
provide measurable and actionable data.
Did you know that one of the largest vulnerabilities exploited by hackers is your IT Provider?
During your next meeting, ask these questions:
​
Do you get independently audited for vulnerabilities? If yes, may I see the most recent report?
Do you take 100% responsibility for all security protocols from your vendors (copier manufactures, software developers, etc…)?
Do you monitor all activity on my business’ network (servers, workstations, etc…)?
Have you provided my business with assistance to build a Safety Climate and Safety Culture?