Why Cybersecurity Awareness Training is Important

So many people, when you mention to them about cybersecurity awareness training, they think it is a waste of time. Cybersecurity awareness training is a good idea and not just for you at work but also for you as an individual and for your family as well.

Cybersecurity awareness training is a means of teaching someone what all the different ways you can be compromised through different media/channels. It also trains you to be aware of all those other techniques that someone wanting to get access to your information or your company’s information can do it. Yes, it is amazing how many people fall for those messages that sound too good to be true. Cybersecurity awareness training also educates you on what to be aware of when you are visiting websites as well.

There are so many different techniques that a scammer/bad actor can do to make it look like the message you are getting looks valid. It doesn’t matter the size of the company because attacks can happen to any size of company or any individual. Being aware of what you should look at to ensure you aren’t clicking on something you shouldn’t or replying to something you shouldn’t help a lot.

If your company provides you with this type of training, it is a good idea to step into the training and take full advantage of it. It may require you to watch some short videos and answer questions, but they are normally not very long but are often required if the company has Cyber insurance. The other part of this training is you maybe getting random messages that will be testing your knowledge. It is a great way of making sure that you have been paying attention to the training, and it also reinforces it. If you happen to be clicking on everything in these messages, you will get more training to take to make sure you are learning the material. The training is a continual process to ensure that you are staying current to the new threats.

One thing that is important to know is that it doesn’t matter how large or small your organization is, everyone is a target. Also, anyone at home or at work can click on something that they shouldn’t or answer that question that they shouldn’t answer when it comes in a message. Remember, if you have a credit or debit card or have internet access, you can get taken advantage of personally. The material that you learn at work through this type of training will also help you and your family at home. If you have learned something, remember to pass this on to those that you love because it will help them as well.

Cybersecurity awareness training may seem like a waste of time, but you don’t want to be the person that clicks on something that they shouldn’t and cost your company hundreds of thousands of dollars or worse, they are forced to close. In some cases, the information that was stolen meant they couldn’t get back to operating like they did before the attack, therefore your job is gone. This training can also mean that it could help you prevent clicking on something at home and giving someone access to your banking information. So, remember it’s important to take that training when it’s offered as it is important to you as both an individual and an employee.

 

Doc's or it didn't happen

On your job, how many times have you been asked for the documentation to back up your decision or your work? Well, here is why documentation is so important when it comes to work.

1. Provides guidance to someone else if you are unable to do the task, such as when you are on vacation or maybe just too busy to get everything done or no longer with the company.
2. Helps to provide why something is done in a specific way.
3. Provides the necessary steps in a process to ensure that a business can continue to operate.

What is funny about writing this is that so many individuals in IT don’t like writing documentation or even quick notes about why something is being done a specific way.  I normally get a very funny look when I say I love writing documentation. Yes, documentation can be a challenge to write, but in so many ways it is also enjoyable because you can help a department, or a business get the necessary notes down, so everyone is working the same way.

For various departments there are different needs for the documentation, but I do know that for IT departments it can the vital process that needs to be done if the servers are compromised or if there is damage to the equipment and how does the department get everything up and running again because downed servers mean people aren’t able to get work done and the business mission accomplished.

I have heard some say that “If I document what I do, it means that they can replace me easily, but if I don’t document stuff they need to keep me.” Well, that might sometimes work, but there are also the times that not documenting something can mean that you end up being a cost to the business, and you will be replaced. Knowing how to write the documents is also important because it can help others as well as yourself. If the document is good, you can even use it as a reference when you are doing a task that you don’t do frequently.

Docs or it didn’t happen is something that I have heard so often when talking to people, but these same people are the ones that don’t write the documentation. So, next time you are doing something think about the steps that you do and maybe make some notes even if it isn’t every step but at least it could remind you how to do something quickly or it could help someone else.

 Ultimately it is pic's, or it didn't happen, doc's or it isn't done

Why?

 

This is a question that I ask so often and the reason I do that is to get an answer that I think someone knows, but I am not certain, and/or make them think why .

As a documentor being able to ask someone why they are doing something in a specific way can help provide either an answer to that standard question or it might not. I have asked that question before and the answer I got back was “Because it’s how it’s always been done.” In some many jobs you are taught by someone how to do a specific task, and you will continue to do it that way because that is how you do it or at least that is how the other person did it. It is amazing when you can look at the specific task and take it apart step by step that you may find an easier way of doing something. For me, I will sit and listen to the person explain the task and make lots of notes and then see if there is an easier way to do that task and get

This is a question that I ask so often and the reason I do that is to get an answer that I think someone knows, but I am not certain.

As a documentor being able to ask someone why they are doing something in a specific way can help provide either an answer to that standard question or it might not. I have asked that question before and the answer I got back was “Because it’s how it’s always been done.” In some many jobs you are taught by someone how to do a specific task, and you will continue to do it that way because that is how you do it or at least that is how the other person did it. It is amazing when you can look at the specific task and take it apart step by step that you may find an easier way of doing something. For me, I will sit and listen to the person explain the task and make lots of notes, and then see if there is an easier way to do that task and get the same or even better results.

When you can ask that simple question of “Why do you …” it will make people think about why they are doing something and how they are doing it. It is a matter of sitting back and thinking about a process and how it might be done differently. Also asking the question, “Why?” can help with building the documentation, especially if there are specific steps that are required. In some jobs there are specific tasks/steps that must be performed and for a lot of people they just become routine, and they don’t think about them at all and sometimes can't remember the steps outside of doing the steps (autopilot isn't always the best).

Here are several different ways of asking questions that will give you different answers.

• Why do you do this specific step before another step?
• Why do you do have to take copies of the item so many times?
• Why does it work that way?
• Why can't you do it a different way?
  

It is always fun when you can sit back and think through a process and see ways to improve it, even if they are just small changes. Some of these small changes can make the process a lot easier to do and maybe even faster to accomplish.

Why, seems like such a simple word, but it can spark a conversation that will provide a lot of information. Yes, there are times when I may sound silly asking that question quite a few times, but the more detail I can get, the better documentation I can do. Sure, just watching a person do a job is one way to document it but understand the steps and why they are doing something is also a key part of understanding the job so that it can be documented.

So, next time you hear me ask “Why” understand that I am trying to make sure that you also know why you are doing a specific task a specific way.

Why blind copying recipients in emails is a good idea

Recently, I received an invitation to a Zoom meeting/interview, (for a volunteer board position).  It made me feel good, knowing that I had at least got a change for the interview.  Nice, I made the first cut, but then my security senses start seeing some issues that concerned me.

Here are the issues that concerned me with the invite:

1. The invite to the Zoom meeting was sent to everyone in one email, and all applications were in the main address to field.  The applicants were not blind copied, which now shows each person who else has put their hand up for this position.

1. It should have been blind copied to each of the applicants, so that they don’t know the email addresses of the other applicants. When you are sending an email to a non-team bunch of people, you should always blind copy to protect each individuals' privacy. This is also an HR level confidentiality issue of providing email addresses to others that may not have it, and they now know who their competition is. 

2. The interview was going to be a single Zoom call and each person had 15 minutes for their interview before the next person was to sign-in.

1. It would have been a better idea that each interview was done via a separate Zoom invite/meeting, so there was complete isolation from each individual.

2. 15 minutes is not a lot of time to answer questions about a position, given there was no job description ever provided. Sure, a Treasurer position you can figure out the basics of the position but is there a term, and of course a lot of the other things. What is really required of this Treasurer role?

3. What was stopping the rest of the individuals that are being interviewed to sign on early so they could watch the other person getting interviewed?

The basic courtesy when you are sending an email to a bunch of people that do not know the involvement of each other is to blind copy them instead of putting each of their email addresses in the to field. Also, if you are going to be interviewing different people, I would recommend that there be three different invites sent out to three different Zoom meetings. It might mean a bit more work for the individuals doing the interviewing, but at least then each person has their own meeting and not part of another person’s interview.

Blind copying people in emails is always a good idea when you don’t want each person to know who else has been included, and it is also a good security measure so that email addresses cannot be shared with others or possibly compromised if another person’s email account is compromised. So, next time you are wanting to talk to a group of people that probably don’t know each other or their involvement, I would blind copy everyone to ensure that privacy and security is part of the communication.

PS: the outcome of this was that one person immediately pulled because they thought they would be the only one, and then I pulled after drafting this and then letting the organization know my concerns about how things were handled.

Addressing training needs of a small business

There are so many times that we hear someone say that they don’t have time to work with their staff to get them up to speed on the various tasks that the individual needs to do. They are too busy doing their own job to show someone what the new hire or new promotion person needs to do. It is something that can be easily resolved that will save you time and energy in the long run.

One of the simple ways of making sure that the new person will feel comfortable with their job, is to ensure that there is enough information available to them. So that if/when they run into an issue, they can either know where to go to get the answers or be able to look up some of the common issues that arise. A simple method is to have some documentation available, so that the person can understand their job and what is expected of them. Sure, that might take a bit of time initially to get written up, but once it is done it is easier to keep it updated, and it's a reference for you as well. Trying to get this done when you are also trying to do your own job can be nearly impossible. Having someone that can assist you with that needs can solve a lot of problems of getting the initial documentation going.

Writing documentation, manuals and training notes is something that is available through Konecny Consulting. Let us work with you to figure out what your needs are and if we can assist you in making it easier to ensure everyone is trained and knows their job.

Ideas of things that we can assist with are:

• Quick tips
• Lesson plans for training
• Procedure manuals
• F.A.Q.’s
• Other documentation as requested.

These are just a few of the offerings that we have, so why not reach out to us and see if we can assist you in moving your training notes, etc. forward.