Schedule Your Free Security Assessment

The Formula – Part 3: Protect Your People

The episode emphasizes that cybersecurity is fundamentally a people problem, not just a technical one. As Mark Goodman states, "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."

Key Statistics

  • People are the #1 way organizations get attacked
  • Passwords are the #2 most common attack vector
  • Most businesses never expect people to be their biggest vulnerability

Essential Components for Protecting People

1. Policies and Procedures

  • Required policies include:
    • Acceptable use policy
    • BYOD (Bring Your Own Device) policy
    • Clean desk policy
    • Privacy policies
    • Data security policies
    • Remote work policies
    • Asset management policies

Important note: Don't overwhelm employees with all policies at once. Implement and enforce them gradually for better adoption.

2. Education

Three crucial layers:

  1. Annual Training (baseline requirement)
  2. Regular Micro-Training (1-3 minute sessions)
  3. Phishing Simulations (practical testing)

Schedule Your Free Security Assessment

3. Culture

  • Must be implemented from top down
  • Leadership must participate in security practices
  • Gamification can help engage employees
  • Reward good security behavior
  • Consider termination for repeated security violations
  • Provide proper tools to prevent "shadow IT"

Essential Tools

  1. Password Managers
  2. Multi-Factor Authentication (2FA/MFA)
  3. Dark Web Monitoring
  4. Standardized File Sharing Solutions
  5. Modern, Well-Maintained Equipment

Key Takeaways

  1. Security should be inconvenient - if it's not, you're probably doing it wrong
  2. Policies must be living documents, regularly discussed and enforced
  3. Training must be ongoing, not just annual
  4. Culture must support security from the top down
  5. Proper tools are essential to prevent workarounds

Notable Quotes

"If security isn't a giant pain in the ass, you're doing it wrong." - Justin Shelley

"Cybersecurity is a shared model." - Brian Lachapelle

"How you handle anything is how you handle everything."

The episode emphasizes that protecting people is an ongoing journey that requires constant attention, regular training, and a strong security-focused culture. While it may not be exciting or sexy, it's crucial for business survival in today's threat landscape.

Schedule Your Free Security Assessment