blog

Cybersecurity Is a People Problem

Frustrated Guy

Lisa PersonBy Lisa Person

No matter how strong the firewall you install at a client site, it only takes one employee not recognizing a common phishing scheme to corrupt the entire network. That’s exactly what ransomware creators count on — and based on the latest estimates, their schemes work more often than they should. The lesson: Awareness of cybersecurity is crucial. Of all the vulnerabilities threatening critical systems, human error has become the most concerning to the business community in recent years. In fact, people are playing an even larger role in security breaches today compared with two years ago, especially for companies in maturing economies.

In order to minimize their exposure and protect their most valued information, approximately 90 percent of businesses are utilizing employee training today, according to the most recent CompTIA International Trends in Cybersecurity report. That’s a positive step forward — and a growing practice that IT services providers should consider adding to their portfolios, if it’s not already on their line cards. After all, “proactive” is what channel firms are all about, and few things are as important as protecting business and personal information. End-user training is a means to that ends.

In fact, knowing which remediation steps to follow (exactly what employees must do when their device is corrupted) may be the most crucial part of information security today, especially when it comes to regulatory compliance. Do your clients have this process well-documented? Are the steps listed clearly, and is the information readily available? A company’s IT security guidelines should be listed in the employee handbook, typically in a section covering rules for business and personal computers and electronics, and reviewed periodically in meetings and training sessions.

Ransomware is bad enough, but it’s not the only thing you need to worry about. Check out our free report on 7 Looming Cybersecurity Risks For 2017 and get prepared. Download Now!

Learn and Use the Available Channel Tools           

The good news for IT service providers is you’re not alone. Over the past year, the members and staff of CompTIA developed and rolled out a number of resources to help build or strengthen an IT security practice. That includes CompTIA CyberSecure, a self-paced training course that channel firms can offer their clients. It covers the essential security practices customers need to know to protect their data and networks, and other critical business systems, and it’s simple enough for anyone to follow along with — from the receptionist to the CEO.

Turning the tables, the CompTIA Channel Standard for Cybersecurity is the perfect guide for IT services providers. Essentially, this is a peer-developed and validated set of best practices for an IT security practice, representing countless hours of experience and expertise from some of the best in the industry. Channel firms can use the standard to tweak and strengthen their current procedures, to boost their protection as well as their response capabilities. No IT security plan is complete if it doesn’t address what happens after an attack. Despite the complexity and innovation of today’s protection measures, no system is 100-percent impenetrable, and true security experts put a lot of emphasis on the response.  

What should providers (and the customer’s employees) do if something were to sneak through their defenses? The end goal at that point is to limit the potential impact. Those details are among the many steps highlighted in the CompTIA Channel Standards for Cybersecurity.

In a crowded and noisy IT ecosystem, a cybersecurity specialization really stands out today. By downloading the free CompTIA Channel Standard for Cybersecurity and its accompanying workbook, providers will take a solid first step toward building a viable practice. Of course, that’s just the beginning, but the guide includes easy-to-follow instructions designed especially for channel professionals.  

The reality is that IT security awareness must be a year-round focus for business — and for channel firms charged with protecting their clients’ most critical information and systems. Businesses need your support and, for well-prepared providers, the margins can be quite lucrative. Are you ready, willing and able to capitalize on that opportunity?      

Lisa Person is Director, Member Communities, for CompTIA.


Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 53057