Do it for the Culture… A Secure Culture

DO IT FOR THE CULTURE… A SECURE CULTURE

Developing an internal fortress using basic security protocols.

SPAM. SPOOFING. PHISHING. HACKING. We all have heard the terms but what do they really mean and why do we know and see them all too often? Let’s begin with some summarized explanations. SPAM basically means receipt of mail that wasn’t needed or expected, usually advertisements or cold sales messaging or junk mail. SPOOFING basically means an account has been cloned or accessed from a source other than the assigned user and that person’s email or other tools have been compromised in order to “act as” that original user. It is commonly seen in cases where email CONTACTS are accessed by a spoofed account and tons of email are sent out to those contacts asking for INVOICE verification or some variation of requesting input. PHISHING can be described as ATTEMPTS to gain information from a user by requesting action to a link or attachment. They are often paired with SPOOFED email accounts but can also be embedded in SPAM messaging. HACKING is the culmination of all forms of social engineering but directly associated with control of a source, account, device or network.

Now that we’ve cleared that up. Why do we see or hear these terms so often, especially in business environments that are supposed to be secure? The answer is CULTURE. Yes, a simple idea, culture. Not some complex technical ideology, simply culture. See, all the understanding of technology in the world cannot substitute for a solid security culture in the workplace. This means everyone from the night cleaning staff to the CEO understands the importance of keeping the business secured. Yes, everyone. Everyone in the business is a stakeholder in the success of the business. We all have the responsibility to ensure our personal and corporate security protocols are adhered to. If there is a gap in one area, the entire system is vulnerable.

SCENARIOS

#1 John is the new security guard at the corporate office. While standing his post at the front desk, a person walks in and says “I work on the 18th floor but left my badge at home. Not wanting to cause an issue with the well-dressed man with the briefcase, he badges him into the elevator up to the 18th floor. The man wasn’t an employee.

#2 The night cleaning staff may have hired a new staff member. That new temporary staff member walks by a desk and sees a password and account number on a “sticky note”. Out of curiosity, he/she records that info. The temp only worked one job and quit. Weeks later, someone has logged into OneDrive from an unknown device and has uncovered financial data including accounts and bank access codes.

#3 Susan is late for her son’s game and needs to wrap up the corporate financial report for 1st quarter before 5 pm. She leans over to Janet, a friend in the Sales department, and asks her to do her a favor. Susan gives Janet her login and Janet tried to complete the work. While working on the file, she accidentally erases an entry in an important spreadsheet but instead of undoing the erasure, she calls IT support got help.

#4 Jennifer takes her pc home during the COVID-19 outbreak. Her son, Jason is also working from home. Since Jason doesn’t have his own computer, she lets him use it to do his homework. However, Jason also uses it for some casual gaming and video downloads, some of which are downloaded from a peer-to-peer site.

All of these are really common scenarios. In scenario #1, the security guard is an important part of the first level of corporate security, PHYSICAL ACCESS. It’s his job to verify each and every person that should be in the building. That can be assisted through use of an access list or a badging system. A successful badging system will utilize an access list to detail where each person is authorized to enter and in cases where a person cannot access a specified level or area, they should request a SPONSOR to guide said access or ask a department manager or SPONSOR for change to their badge access. All of which would need business justification. In scenario #2, you’d be surprised who the real blame falls on. It’s actually the person that wrote important business data on a “sticky note”. We can’t always judge the character of an individual, although the cleaning company should do its part to vet each person they hire. However, the cleaning company may not be an internal part of the company infrastructure. Shockingly, the real blame lies on the person who sat at that desk. The best approach to how you keep your office or desk is the “rotating shift” methodology. In the “rotating shift” routine, a space is not just yours. Therefore, personalization and comfort of just leaving things around should be prohibited. Likewise, you should never write down codes or accounts and leave in an unsecured location. In scenario #3, Susan violated several rules of security. First, she asked someone outside of her department to handle a task that contained data that may have been only available to that department. Secondly, she shared her login information. Both are serious risks. Finally, in scenario #4, we get to an issue that we may encounter far too often during our current pandemic…sharing or inappropriate use of a corporate asset. It’s important to remember that a business issued device is intended primarily for business related use and you expose local and shared network data to the risk of hacking or data loss.

HOW TO FIX A CULTURE ISSUE

There are a few key factors needed in creating a truly secure culture in your corporate or personal home network environment. One, put the right tools in place. Every corporate or home network should have some form of FIREWALL security. This will guard what enters your network. Device security is the next layer. Make sure your computer has some form of antivirus/antimalware protection and/or local firewall software. The next layer is software security. Operating systems require normal updates to stay safeguarded against the outside world. Make a habit of checking in (although typically the task of your company IT administrator) for regular patching and updates. Consider these “inoculations” or “booster shots” to keep the bad bugs away. If you’re managing your own home network, simply run the Windows updates at least twice a month. Keep in mind, you can always set your PC or Mac to perform automatic updates. Here’s a good resource for Windows updates: https://support.microsoft.com/en-us/help/12373/windows-update-faq

Don’t worry Mac users, I didn’t forget about you. Yes, Macs require updates also. See the following link about Mac updates: https://support.apple.com/guide/mac-help/get-macos-updates-mchlpx1065/mac

Data classification is vital to how corporations keep information private and secure. This is the process of defining what the data is, where it belongs and who should have access. Likewise, user security is just as crucial as you can assign access rights to said data, resource locations and systems.

However, the most important factor in creating a secure culture in the workplace is…. drumroll, please… EDUCATION.

That’s right, education. Knowing is not good enough. Saying is not good enough. We must educate, educate and educate more on these practices repetitively. Socializing proper security culture is one of the key roles of any successful enterprise security team. Once all the tools, policies and restrictions are in place, each user needs to be reminded just how important it is that each person play their role in being an active part of keeping the business, and themselves safe.

Dwayne Thomas Coleman
CEO, Coleman Management & Consulting

 

 

 

 

 

MarTech Live: How to Truly Diversify Your Staff

MarTech next week: a personal choice

With so many sessions next week, here’s a plan to navigate through those three days.

Kim Davis on October 1, 2020 at 4:05 pm

It’s finally here. The big fall 2020 MarTech conference, virtual of course, with almost 80 sessions all supporting our theme: MarTech is marketing.

With so many sessions, attendees are going to have some tough choices to make. Here’s how I plan to navigate my way through those three days.

The keynotes. First, I always look at the keynotes. Chief Martec himself, Scott Brinker, kicks off day one by naming the five martech trends for the decade ahead. Just five, and for a decade? Scott’s a brave man. On day two, Brian Solis, Global Innovation Evangelist, Salesforce, describes “Generation Novel,” a critical customer segment created by the pandemic. What I’ve heard. from someone familiar with the content, is that this is a richly detailed piece of thought leadership. A must watch.

Check the full MarTech agenda here.

Finally, on day three, we’ll have some fun with the annual Stackie Awards. I’ve had a glimpse of the entries, and I can tell you that entrants are reaching new heights when it comes to design — the visual representation of their stacks. After Scott calls the winners, I’ll be chatting with him about themes and trends in the stack world.

Marketing stacks. Which brings me to one theme I see highlighted throughout the conference: where marketing stacks are headed and how to get the best out of them. “The Beauty Of The Beast: How To Optimize Your Monstrous Martech Stack,” presented by Helen Abramova of Verizon and Matthew Gomez of Walden University stands out, but there are a string of sessions on the present and future stack: see Tony Byrne of Real Story Group on “Future-Proofing Your Martech Stack.”

That’s not all. You can put together a route through the schedule focusing on any one of these topics: CDPs, content experience and analytics, data rights and privacy, digital transformation, email marketing, SEO and AI. It depends on what your immediate needs are, both for your organization and your own professional development.

MarTech Live. And I can’t wrap up here without a mention for MarTech Live, which will be broadcasting truly live each day at 4:45pm ET. I’ll be hosting the first session, a look at the virtual event stack with Vasil Azarov of the Growth Marketing Conference, and our own Marc Sirkin. I’ll also be closing the conference with a fireside chat featuring Christopher Penn of TrustInsights.ai on what we’ve learned from the week.

But I particularly want to draw your attention to the Wednesday session, hosted by MarTech Today editor Rodric Bradford. He’ll be convening a panel to discuss a topic of growing importance: “How to Truly Diversify Your Staff.” His guests: Dennis Schultz of the Blacks In Technology Foundation and Elizabeth Cotton, founder of Career Mingle. Feel free to invite your HR colleagues or anyone else from your organization to that one.

Plenty to think about, and I look forward to hanging out with you all. And I mean it: I’ll be in the virtual networking lounge each afternoon, a forum where you can network with your fellow attendees and MarTech Today staffers.

ABOUT THE AUTHOR

This image has an empty alt attribute; its file name is KimDavis-lg.jpg
 

Kim Davis

Kim Davis is the Editorial Director of MarTech Today. Born in London, but a New Yorker for over two decades, Kim started covering enterprise software ten years ago. His experience encompasses SaaS for the enterprise, digital- ad data-driven urban planning, and applications of SaaS, digital technology, and data in the marketing space. He first wrote about marketing technology as editor of Haymarket’s The Hub, a dedicated marketing tech website, which subsequently became a channel on the established direct marketing brand DMN. Kim joined DMN proper in 2016, as a senior editor, becoming Executive Editor, then Editor-in-Chief a position he held until January 2020. Prior to working in tech journalism, Kim was Associate Editor at a New York Times hyper-local news site, The Local: East Village, and has previously worked as an editor of an academic publication, and as a music journalist. He has written hundreds of New York restaurant reviews for a personal blog, and has been an occasional guest contributor to Eater.

 

Blacks In Technology to Help Provide Tech Mentors for Africa

9/29/20 

Ohio – Blacks In Technology announces collaboration with SDscope to provide support and expertise to aspiring technologists in Africa. Zimbabwe based SDscope has launched an initiative to source global mentors in various technical disciplines for Zimbabwe and the entire continent of Africa and Blacks In Technology is leading the way. 
 
“Blacks In Technology is a great organization to partner with as they offer us the potential to access resources we need to serve our market well,” says Shepherd Fungayi CEO of SDscope. “The size of the organization and the range of skills of their members, as well as their close relationships with key technology companies, will boost our ability to build capacity in digital technology and application in Africa.” Fungayi continued. 
 
“We believe it’s necessary to provide our members an opportunity to give back. It’s even more important that we can leverage our collective expertise to help uplift Africa and provide global best practices to the continent.” says Dennis Schultz, Executive Director of the Blacks In Technology Foundation. 
 
About SDscope
SDscope accelerates and supports the adoption of digital technology in Africa by building a platform for digital technology practitioners and users in Africa based on strong connections with leading technology companies and experts from around the world, and delivering state-of-the-art in digital strategy definition and execution, digital technology implementation and support, digital talent development, and digital services to organizations and independent consultants. We also accelerate digital technology startups by connecting them to funding and talent, as well as fostering collaboration with, and access to funding from, innovation-hungry enterprises.

Website: www.sdscope.com 
 
About the Blacks In Technology Foundation
Blacks In Technology is the largest global community of Black technologists with a combined membership and social media reach of over 50,000. The Blacks In Technology (BIT) Foundation’s goal and mission is to “stomp the divide” between Black tech workers and other groups, and to fundamentally influence and effect change on an industry that has historically not sought parity with respect to Black workers. BIT’s intent is to level the playing field through training, education, networking, and mentorship with the support of allies, partners, sponsors, and most importantly our global members. The Blacks in Technology Foundation is the official 501(c)(3) non-profit entity of Blacks in Technology, LLC.

 
Contact
Dennis Schultz, Executive Director
Blacks In Technology Foundation
908.938.1319