Cybersecurity in the Workplace

Author: Steve Casey, Director – Technology Operations & Security
Date: January 15, 2018

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In the cybersecurity world, security includes both technological and physical security. Ensuring maximum security requires coordinated efforts throughout the entire organization – it is not just a technology issue.

Every article you read related to the subject of cybersecurity and phishing episodes indicates that cyber criminals are becoming exceedingly more creative and aggressive and phishing expeditions are becoming more and more sophisticated. As we enter the first quarter of a new year, we are reminded that new cyber alerts will focus on threats related to personal financial information and fraudulent income tax fillings.

As a company, we will continue to review and refine our security procedures. These actions are essential for our business’ well-being. In addition, we need our people to be vigilant and surface any issues or concerns about security to the technology team. In 2017, we introduced employees to cybersecurity awareness training. We require all new employees to complete a cybersecurity assessment before they begin working at CIG. These initiatives will continue because the consequences of a security breach could be devastating to our operations.

We will continue to require cybersecurity awareness training for every employee. In addition, we will test our security measures to ensure they are appropriate. This may include intermittent testing of user email accounts to 1) ensure employees are alert to suspicious activities, and 2) the suspicious activity is reported.

One of the problems we have identified during our testing is an apprehension to report suspicious activities to tech support immediately. It is imperative that people escalate potential concerns, whether or not the threat is real. It is management’s responsibility to reinforce these cybersecurity procedures and remind their people that cybersecurity is everyone’s responsibility.

In the near future, CIG will be releasing a schedule of activities, including ongoing training to promote cybersecurity awareness. You are certainly welcomed and encouraged to speak with Steve Casey, CIG’s Director of Technology Operations and Security if you have any questions about these policies.