I keep going to the same topics, since we have the same issues come up again and again.
We have discussed the Psychology of Security (all of these topics are also in my book “Too Late You’re Hacked”), in this blog before – just search for Psychology of Security and you will see the posts.
My book discusses many of these topics, but I want to revisit them.
In the psychology of security the end result is that 30% of people do not pay attention to security for different reasons. More reasons:
- Have not gotten hacked yet.
- The thought is they are too small to be hacked.
- Cybersecurity is complicated
- Therefore the belief is that will not get hacked – and the company will survive without a major problem if it does happen.
Part of the problem is that there is also a kind of Catch 22 within standard IT work.
- Rebooting ones own computer is difficult – who wants to stop what they are doing and resetting all of their documents and applications?
- Testing backups is time consuming
- Installing patches or upgrading software is hard and can be time consuming.
- Software EOL (End Of life) creeps up and then one must fix the issue (but lot of people wait until after the system is already obsolete.
- Can’t Microsoft and/or Apple take care of this? My anti-virus or XYZ should fix it.
Notice the issues here have to do with some people not wanting to face some difficult choices and more work. But we are human after all.
Notice that some tasks in IT are genuinely difficult and if one does not understand these issues very well, then the task is exponentially more difficult (which is why I wrote my book) “Too Late You’re Hacked”. Tasks like updating and patching which include reboots. Testing backups and testing the environment for vulnerabilities (maybe because the software is EOL).
The patch cycle is a good one to know – which has to do with vulnerabilities after they are found and properly patched by the manufacturer:
This is why I want to instill a new movement of the “Cybercrowd” which will help small businesses learn about IT stuff that may not be on the radar of the owner.
There are a lot of things that the small business owner (which is too busy running their business to understand the intricacies of complex cybersecurity).
-
Phishing education
-
Upgrade software
-
Backups and test them
Last blogpost was my top5 prevent hacks post(lot of other posts): https://oversitesentry.com/top-5-prevent-hacks/