|On The Calendar |
Tuesday, July 25th at Globe Life Park in Arlington, The Fulcrum Group will be joining DFW B2BCFO partners for “Grow Successfully,” an educational event for business owners sharing tips on sales and business strategy, opportunities for networking and wrapping up with some awesome Texas Rangers baseball entertainment! Check our Events page out for more details on this event and reach out to your Fulcrum Group Account Manager if you’re interested in attending.
The Fulcrum Group July Webinar – How To Create Effective IT Policies – will be Thursday, July 27th from 10:00 – 10:30 a.m. RSVP today! After you signup, you can expect to receive an Outlook calendar appointment from us, with all relevant details inside.
Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us. If you’re new to our newsletter and you’d like to subscribe, let us know.
|How To Create Effective IT Policies |
IT policies must be clear and understood by all affected parties to be effective. Using specific yet simple terminology that can be easily understood by everyone is critical. Our July webinar will help you address the steps needed to create effective and easily-understood policies.
Step 1 – Remember the essence of a good policy.
Keep it short and relevant, being mindful of any regulatory frameworks in which you operate and making sure the policy adds value to the business or organization.
Step 2 – Identify what IT policies are needed.
Thoroughly explore why the policies are needed and the purposes behind them. Consider the business objectives of your organization, and how the IT policies can help support and accomplish these objectives.
Step 3 – Identify who will be responsible, overall, for the IT policies.
This person will establish the format of the policies. Individual IT policies may be handled by specific staff.
Step 4 – Develop your IT Policies.
Make sure to use clear and concise language that can be understood by everyone. You’ll want to consider exceptions, ways to allow for flexibility for decision-makers, and also, who else needs opportunities for input.
Step 5 – Preview IT Policies with Stakeholders and Executives.
For IT Policies to be effective, they need to have top down approval and backing, and stakeholders need to know that their concerns have been heard.
Step 6 – Implement IT Policies.
Start with communication, then provide training for staff and managers.
Step 7 – Monitor, Review, Revise.
The old adage, “If you can’t measure it, you can’t manage it” applies to IT Policies as well. Having a regular review of IT policies, at least annually, with a standardized review process, will help you revise IT policies as your situation changes or new threats/technologies emerge.
We will be expanding on these steps in our upcoming Fulcrum Group July Webinar, “How To Create Effective IT Policies” on July 27th at 10 a.m. RSVP here!
|Your Surprising First Line of Cyber Security Defense |
Small businesses might feel like it is easier to fly under the radar when it comes to their cyber security and vulnerability to being compromised, but recent trends prove that untrue. Small businesses are actually quite a big target for malicious activity due largely in part to lack of employee awareness, as well as internal security vulnerabilities. Staying mindful that your own employees might unintentionally be the biggest threat to your organization’s security, here are some ways to help tighten up your organization’s first line of defense, its people.
On whom should I focus most?
Every employee – from the company President, to all levels of management, cashiers, administrators, even custodians – should receive adequate cyber security training and be held accountable for following all security policies. Also important to note is a significant amount of cyber crime has been attributed to insider fraud and carelessness. Personal device use among employees, on and off company premises, are a BYOD (“Bring Your Own Device”) concern. Even with BYOD security policies in place, mixing work with personal devices is an area deserving consistent attention. Any device that connects, even sporadically, to company systems and accesses business data can be targeted by cyber criminals and should be subject to specific security requirements.
Why involve my whole team?
Your people need to understand not only what the risks are, but why ongoing training is so critical. Most millennials and post-millennials are well-versed in the use of technology, but even the savviest tech user can be easily tricked by ransomware. And, simply being immersed in the day-to-day grind, each of us has a tendency to “forget the rules” sometimes.
Because we can’t avoid or assist with what we don’t understand or remember to recognize, it is important to rally the team regularly, and bring your employees back – often – to your “defensive line.” With potential risks including phishing emails, malware, ransomware, out-of-date software, or the use of unapproved applications, employees must be taught to recognize and report suspicious activity, to avoid clicking on links and opening attachments, to think before clicking.
Threats are far more likely to be handled properly and avoided altogether when employees are routinely trained. So, not only is it critical to make cybersecurity training an integral part of the onboarding process, but as an ongoing practice throughout their employment. This training should include the basics of current threats and information regarding emerging threats. An interesting study of WHO in a company was unintentionally inviting in potential cyber mischief was recently featured on The Today Show and sure drives this point home!
What kind of training do we need to consider?
The following elements should be a part of both initial and ongoing cyber security training:
- Common Threats– Employees must understand and be able to recognize typical signs of common threats. At the very least, these warnings should be written down and displayed in visible locations in every department. Ask your Fulcrum Group Account Manager for free end user security awareness posters that you can post in visible locations throughout your office.
- Communication– Employees need to feel encouraged to speak up and speak out if they suspect an issue. They need to feel empowered to take time away from normal business long enough to address concerns with a supervisor, manager, or managed services partner.
- Prevention Rules– Employees need clear guidelines regarding the sites from which they can or cannot access information, as well as guidelines detailing what may or may not be installed on their company computers and devices. They need simple instructions about what attachments should not be opened and which links should not be clicked. They should be required to report any solicitations or non-work-related messages from unrecognized sources. Finally, companies should use high spam-recognition standards to minimize threats that otherwise would require skilled employee intervention.
- Password Standards– One of the most frustrating aspects of our modern technological world is the need for multiple passwords on multiple devices and accounts, especially the frequent changing of passwords for the same accounts. While biometric capability may soon relieve some of this frustration, insisting on strong passwords, multi-factor authentication, and password security is currently recommended as essential.
These are a few simple considerations that are not particularly burdensome, but WILL help in protecting your organization. With the increase in cyber-attacks over the last decade, not providing cyber security training to employees is not an option for any company that wants to grow. Our website geared especially to business owners and IT managers has some additional resources to browse regarding the security of your small business.
While statistics prove employees will always be helpful as a first line of defense against ransomware attacks, the most comprehensive solution is for leaders of all organizations and businesses of all sizes to invest in stronger IT security solutions and implement policies that include a comprehensive, automated backup and disaster recovery solution such as SPOT Protect. These protections, combined with ongoing staff training, strict security policies, and constant vigilance, are an absolute necessity in today’s cyber-environment. Contact your Fulcrum Group Account Manager today to ensure your company’s defensive line is ready to play.