Staff training. Your firm’s employees are the first line of defense in protecting your network. As such, it is important that they are educated about the increasingly sophisticated methods cyber criminals use to steal sensitive data. Your IT personnel can conduct the training, or you can utilize an external vendor. Our firm opted to use a virtual training consultant that provided education regarding three areas:
- Security awareness – Through this training, our staff learned to spot the red flags associated with social engineering cyberattacks and potential malware behaviors, in addition cybersecurity best practices. They were very surprised to learn the offline methods criminals will use to set up a cyberattack.
- Phishing – Phishing can be attempted in a variety of different formats, so we wanted our employees to have an in-depth understanding of this practice in order to better recognize its various types. The training covered the dozens of possible signs – which are not always immediately apparent – that an email is fraudulent.
- Staying safe while working remotely – Many of our employees travel to project sites and have to work remotely while on the road. In addition, with the COVID-19 pandemic, we had many of our staff working from home. The Working Remotely module covered practices such as ensuring internet connections are secure, using VPN, using a wired connection whenever possible, access protecting devices, and locking up/shredding sensitive documents.
- Staff testing. We felt it wasn’t enough to simply provide staff training on cybersecurity – we wanted to ensure that they absorbed the lessons and had the corresponding increased vigilance. We worked with our training provider to set up test phishing attempts to check whether employees were able to recognize and avoid simulated cyberattacks. We were surprised that even after training, 12 percent of our employees still fell for these (fake) attempts. These staff members were then assigned further training. Over time, we’ve seen these incidences decrease. Practice makes perfect, or so those who fell for these told us.
- Firewall upgrade. Like all technology, firewalls eventually become obsolete; however, it is prudent to upgrade your firewall before it is completely out-of-date/no longer has manufacturer support. In addition to training your staff on cybersecurity, one of the other best things you can do to protect your network security is utilize comprehensive, up-to-date firewall technology. The general stated best practice is to upgrade your firewall every three to five years; however, other triggers for a firewall upgrade include a change in your network requirements or if your firm experiences a significant growth spurt. In addition to upgrading your firewall as appropriate, it is also important to keep up with its updates, which are sometimes available as frequently as daily, to ensure you are protected from ever-changing vulnerabilities.
Jul 06, 2020
About Zweig Group
Zweig Group, three times on the Inc. 500/5000 list, is the industry leader and premiere authority in AEC firm management and marketing, the go-to source for data and research, and the leading provider of customized learning and training. Zweig Group exists to help AEC firms succeed in a complicated and challenging marketplace through services that include: Mergers & Acquisitions, Strategic Planning, Valuation, Executive Search, Board of Director Services, Ownership Transition, Marketing & Branding, and Business Development Training. The firm has offices in Dallas and Fayetteville, Arkansas.