Computer Repair Shops are Not Safe

Computer Repair Shops are Not Safe

I’ve written before about the IT people in your company who probably know more about you than you might think. This now extends to taking your personal devices to a repair shop. You should assume someone might be surfing through your data while working on your computer, and you should decide if you are OK with that or if the physical destruction of the device after being replaced is the safer option.

Linked – Failure to prioritize security and train staff – not shallow talent pool – likely behind cyber workforce shortage
|

Linked – Failure to prioritize security and train staff – not shallow talent pool – likely behind cyber workforce shortage

Organizations that like to complain about not being able to find talent but also don’t bother to develop it are just leeches on their industry. Do you want more people skilled in cybersecurity or any other skill you’re having trouble finding? Teach it. Develop it. Grow it.

It’s not easy, but that’s how you address a lack of skilled workers. Educational and systemic changes are going to take way too long.

Linked – Fired admin cripples former employer’s network using old credentials

Linked – Fired admin cripples former employer’s network using old credentials

I spent a lot of my time these days focused on onboarding, bringing in new people, getting them up to speed, and contributing. That’s an important process. So is off-boarding, because when you don’t have a proper process for departing employees, stuff like this can happen.

Linked: Bad news: The cybersecurity skills crisis is about to get even worse
| |

Linked: Bad news: The cybersecurity skills crisis is about to get even worse

Now, the shortage of people leading to overworked stressed, and burned-out workers is the headline, but if you look at the reasons given in the article below, it’s not “just” that. It’s where that situation leads. When you’re short-staffed and constantly putting out fires, you don’t really take the time to think about showing appreciation, helping employees grow their skills and careers, or creating a diverse workplace.

Yet those are the exact things that employees are looking for elsewhere.

Appreciating and growing your employees is not something that is “nice to have” anymore. It’s a requirement.

Linked: Most organizations that paid a ransom were hit with a second ransomware attack
|

Linked: Most organizations that paid a ransom were hit with a second ransomware attack

Whatever you choose to do, though, the next step needs to be doing everything possible to make sure it doesn’t happen again instead of breathing a sigh of relief that you got your data back and continuing business as usual. That would seem to be the common mistake here.

Don’t make that mistake.

Security pros, where do you fall on the debate on paying or not paying, and does this report change your thinking?

Linked: Employees’ email still drives most of the data loss at organizations
|

Linked: Employees’ email still drives most of the data loss at organizations

A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.

It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.