Linked: Data breaches happen constantly and there are very little consequences
|

Linked: Data breaches happen constantly and there are very little consequences

This is the crux of the problem. Personal information is going to be breached, eventually. There is no 100% secure data. None. No business, government entity, non-profit, or any other place that collects and stores data is completely secure. The only true security for personal information is to not have it. To have not collected it or delete it once it’s no longer needed.

That is the radical re-think that is necessary. It’s also the complete opposite of everything these organizations have been taught and incentivized to do. If we are going to pass federal privacy laws, this should be the central theme.

Linked: Pandemic Leaves Firms Scrambling for Cybersecurity Specialists
| |

Linked: Pandemic Leaves Firms Scrambling for Cybersecurity Specialists

I’m not sure that these companies have done the math. If enough experienced workers in an industry do more than switch between competing offers but step away from the industry into a different career path, there will not be enough experienced workers to go around.

What are you going to do about that? Sit around with unfilled positions and cry about it, or get serious about raising up the next generation of cybersecurity talent?

Linked: Cybersecurity Mistakes Are Costing More Jobs Than Ever
|

Linked: Cybersecurity Mistakes Are Costing More Jobs Than Ever

On the one hand, I have argued before that we need to hold people accountable because, without a stick, our people will not have as much of a reason to care in the first place. On the other hand, a couple of the stats from the report that Doug pulled out tell me something different:

Linked: How to build a culture of cybersecurity
|

Linked: How to build a culture of cybersecurity

This is the one thing I’ve talked about before when it comes to where we might fall short on our cybersecurity training, we don’t really hold anyone accountable.

Make cybersecurity part of formal employee evaluation. Give people a reason to care. Much like I talked a couple of weeks ago about creating a training culture, provide a way for people to learn more and to learn from others. Give them space and time to talk about security. Recommend they read some security blogs, meet to share stories about the latest phishing information out there, etc.

Linked: 8-Character Passwords Can Be Cracked in Less than 60 Minutes
|

Linked: 8-Character Passwords Can Be Cracked in Less than 60 Minutes

So, best practices?

– use complex passwords.
– use each complex password on exactly one website. (Do NOT reuse).
– use a password manager to keep track of all those passwords.
– Use multi-factor authentication when available, as an extra step beyond your password.