Products + Services Data Centers Industries Learn About
IT research analysts, technology writers, and vendors regularly cite their “top issues” facing IT professionals. But what are the most prevalent issues that IT professionals themselves say keep them up at night? After all, they’re the ones on the frontlines of day-to-day IT operations.
In an IT security survey that US Signal conducted earlier this year, respondents noted that one of their top three challenges was protecting against email threats. That’s not surprising given the extensive list of email-based attacks many companies have been enduring, including phishing, spear phishing, whaling, business email compromise (BEC), CEO-to-CFO scamming, and email impersonation.
But just how big of a deal are email threats and what are IT professionals doing about them? We asked one of our clients.
Tom Drez is the chief information officer of Christian Brothers Services (CBS), a nonprofit organization that provides a variety of benefits programs to congregations, organizations, and dioceses throughout the United States and Canada.
He said that email security threats do pose a significant problem for his company, noting that phishing and spear phishing attacks occur every day. Among the challenges those attacks are the company’s own employees.
“We are only as strong as our weakest link, and unfortunately, we know that people are usually the weakest link in any equation when it comes to machines.
“We can protect the company from 999 attacks out of 1,000. However, the ‘bad guy’ only needs to get one person to click on a URL or file attachment in an email to win.”
Nonetheless, Tom says his company is seeing some success in their IT security efforts.
“A few years ago, we revamped our entire computer security awareness program to get in front of employees at least three to five days a week with news, education, and useful information. Security is not a baked-in topic for all employees yet, so we’re trying to keep security topics top of mind.
“Much of our focus is on moving employee ‘awareness’ to ‘behavioral change’ over time. Our educational initiatives include conducting our own phishing and spear phishing tests with our employees every month. They’re designed to be educational and informative, rather than punitive.”
Tom also says he and his team are trying to help employees by fending off threats as much as they can by implementing safeguards where prudent, appropriate, and reasonable.
“For example, in addition to educational resources, we remove spam and junk messages before they even hit an employee's inbox. All messages from the outside are labeled with [EXTERNAL] in the subject line.
“We validate every single inbound URL in an email message, stripping away known harmful URLs and file attachment types like .EXE files that can execute malware code. We provide a secure message center for our employees to encrypt outbound messages. And, we automatically encrypt all messages found to contain sensitive information or a large amount of data.”
While the IT team’s efforts aren’t stopping email threats entirely, Tom says they are making a difference.
“It can be difficult to see the forest for the trees, but I think if we stopped doing all of these things, people would notice. They’d become less efficient, less effective, and less productive, and our IT security risks would increase to the point where the business itself was at risk.”
Are your IT security efforts doing what you need them to do? To learn about some of the options US Signal offers to help strengthen your IT security profile, call toll-free: 866.2. SIGNAL, or email: [email protected].
If you’d like to learn more about US Signal’s work with Christian Brothers Services, you can download the case study here.
It used to be that an organization’s IT disaster recovery (DR) plan entailed simple data backup (on disk or tape) or, budget-allowing, a secondary data center that it could failover to if a disaster occurred. The introduction of cloud DR has expanded the options. Choosing what’s best for your company requires [...]
Expect to see the cybersecurity landscape continue to change throughout 2024. There will likely be increased regulatory scrutiny at the federal and state levels over the coming year as government authorities seek to encourage prompt, accurate, and complete disclosure of security threats and management-level preparedness. [...]
A majority of our daily lives involve interacting with various technologies. And in the course of those interactions, most of us seldom think about the actual technologies involved — unless they aren’t working or need to work better or faster. In those instances, we expect some form of “tech support” to help. [...]