UnHacked 50: Security Is a Team Sport: Turning Employees from Liabilities to Cyber Defenders

Key Points:

• This is the 50th episode of UnHacked podcast featuring the original three hosts: Justin Shelley, Bryan Lachapelle, and Mario Zake
• The podcast focuses on cybersecurity education for business owners
• The hosts emphasize that nearly all breaches are preventable and "you can't get unhacked" once you're breached

Main Topic: The Human Element of Cybersecurity

• Approximately 95-97% of breaches involve human error
• Humans are considered the weakest link in cybersecurity
• Technology can be hardened, but the human brain is much easier to "hack"

Why People Are Vulnerable:

• The human brain is wired to be exploited in two main ways:
  1. The desire to help others
  2. The need to avoid conflict
• Social engineering exploits these vulnerabilities
• Example shared of how easily someone gained access to a phone account through social engineering

Schedule Your Free Security Assessment

Creating a Security-Focused Culture:

• Focus training on recognizing social engineering attempts
• Create a "no shame, no blame" environment where people feel comfortable reporting mistakes
• Reward good behavior and reporting of potential issues
• Gamify security training with scores and rewards
• Keep training sessions short (5 minutes) and frequent rather than infrequent long sessions

Real-World Examples:

• Story of Leanna becoming extremely security-conscious after failing a phishing simulation
• Example of an employee forwarding a phishing test to his wife who tried to interact with it
• Various breaches caused by executives or owners clicking on malicious links

Key Takeaways:

• Security awareness training is essential but must be implemented properly
• People matter more than firewalls in cybersecurity
• Training should be an ongoing effort, not a one-time event
• Create a culture that rewards security awareness rather than punishing mistakes
• Security is everyone's responsibility, not just the IT department's

Conclusion:

While technology solutions are important, the human element requires continuous focus through proper training, building a positive security culture, and treating mistakes as teaching opportunities rather than reasons for shame.