Anyone can be a target of a cyberattack that can affect the whole organization. The good news is, we can all be cyber-defenders, taking responsibility for cybersecurity by being cyber-aware and following our organizations’ guidelines.
In addition to overarching cybersecurity responsibility, all departments face different challenges and threats. And each has unique opportunities to protect their organization.
Threats: IT has top-level access to the network and administrative capabilities, including cloud-based services and email platforms. And IT Managed Service Providers are persistently targeted because of their access to not just one, but all of their clients’ network and administrative portals.
Opportunities: IT is knowledgeable about cybersecurity and plays a huge part in taking precautions and deploying protective technology. Additionally, IT often helps to inform management about risks and rolling out ongoing cybersecurity measures.
Threats: As the monetary authority, finance is often targeted or impersonated by business email compromise. They may also receive phony financial requests that look like they are coming from management.
Opportunities: Finance sets and follows the payment policy. If customers know to expect invoices through secure email or a secure portal, they won’t be fooled by an email impersonating the finance team. In this role, it’s also doubly important to verify unexpected requests.
Sales and Marketing
Threats: Sales and marketing handle customer contact information and other internal and external sensitive data. They can also be targeted by phishing-style messages sent through social networks, inbound lead systems, or even live sales chat.
Opportunities: Sales and marketing should carefully review all incoming communications. Additionally, they can scrutinize what potentially sensitive information is shared on social media and the public website. Marketing has a unique opportunity to assist with cybersecurity promotion through campaigns, signage, and social media.
Threats: HR hosts a potential gold mine of sensitive employee data such as health information, social security numbers, and payroll and tax information. Additionally, HR frequently fields unknown email attachments. Recently, a brewery was hit with ransomware when an attacker sent an infected file masquerading as a job application.
Opportunities: HR helps communicate and enforce the Technology and Data Use Policy and participates in remediation of any security slipups. HR may also run background checks on new employees and be responsible for documenting employee performance including relating to cybersecurity activities.
Reception & Administrative
Threats: The reception area is where visitors access the building, which means the potential for unauthorized physical access. Administrative personnel are also prime targets for vishing (voice phishing) and other social engineering attacks.
Opportunities: It’s important to maintain a visitor log, answer the phone according to company policy, and confirm visitor details and identification. Additionally, reception personnel should pay attention to what confidential information is visible on their screen and be sure to lock their computers when leaving their desk.
We have shared a few ideas, but we challenge you to think about cybersecurity responsibilities in your role. We all have individual jobs, but cybersecurity is everyone’s job!
Your Friends @ Defendify