And this is the last article on cybersecurity tactics for small teams series. We have already finished the hardware computer-based parts, and I shall use this last article to cover more the social side of cybersecurity. We shall spend the following paragraphs speaking about your organization’s public image and how it can be affected by your cybersecurity defenses. At the end of the article, we shall present a summarized budget using all the budgets we created during the last couple of months. So let’s start.
During the last decades, we witnessed the rapid growth of various social media platforms. These days every organization has to show a stable social presence to improve its marketing. It is fascinating how virtual space can reflect on real people and places with its data and information. Having this in mind, we have to treat all the social accounts of a given organization as assets, and by assets, we have to find a strategy to keep them safe and secured.
Imagine what will happen if an attacker takes control of your team accounts. Usually, these accounts are used to have private chats with clients or customers in different social media systems. Data dump consisting of such talks can sometimes be quite hazardous to your organization.
Internal Team Communication
As we discussed in the previous article, teams must communicate. In remote-first groups, this communication must happen in some virtual place, where team members can coordinate and write. By default, every email server, chat server, and video conferencing server record things into a historical log. It is essential to take into account that these logs are information and company assets.
Sometimes the tone there is inappropriate, and thus dumping them over the Internet can cause significant problems to your organization. It is essential to understand that a cultural change must happen to make your organization understand the effects such an attack can have.
Unfortunately, with the rise of digitalization, the following tendency started to emerge – your personal digital life can affect and hurt your professional one. It means you have to be aware that simple private communication can be leaked and can cause tremendous problems to your persona and your organization.
Influencer economy and personal branding changed over the Internet during the last decade. Despite its asymmetric nature, the personal brands managed to keep going with the big enterprises. It is more and more common for companies to start using their employees’ brands to promote themselves. Which, in short, we can phrase as an asset’s loan. Employees loan out their assets to their employer during the period of working together. From a cybersecurity point of view, your organization must understand that now you defend company infrastructure and personal ones.
Now, after we covered the effects that public image can have on your organization, it is a good idea to cover how you can defend yourself from penetration:
- Security awareness course: A good security course will cover all these topics and many more. Still, it is good to touch some information security, not only cybersecurity topics, during the period. I would advise you to search for vendors providing information security business-based courses.
- 2FA: Especially for an account that is not part of your infrastructure, a 2FA is a must, including the organizational accounts and the personal accounts.
- Personal Development: Personal development of your team members can help a lot to avoid such attacks. There are multiple use cases and stories on the Internet from which you can take inspiration.
As we already discussed in the final paragraph of this article will be a combined budget from all the previous articles together with this one. The budget will have two categories – per team and person. The per team will be for your whole team, and per person will be for one team member. The budget will be for two years because this is the service life of most of the hardware equipment. The team will be five people. So let’s do it.
- Hardware toolkit (100$)
- Paper Shredder (50$)
- Camping Gear (50$)
- Safe (500$)
- Office Security System (4000$)
- SIEM System (0$)
- Email And Chat Server(85.68$)
- VPN Server(85.68$)
- GitLab Server(85.68$)
- Video Conferencing Server(85.68$)
- Cloud Storage(222.44$)
- Security Awareness Course(1000$)
Total per team: 6266$
- Router (180$)
- Switch (150$)
- Group Policy Server (150$)
- Pacsafe Backpack (190$)
- Business Series Laptop (1000$)
- Laptop Operating System(0$)
Total per team member: 5 x 1870$ = 9350$
With a total budget of around 15616$ for two years, we achieved a pretty good level of security. Still, a determined attacker can penetrate this setup, but it will take him more time and resources. The budget is almost less than 3300$ per team member and around 140$ per month.
And this brings our series to an end. I hope you enjoyed our journey, and in case of questions, you can always book a session with me. I shall be more than happy to answer.