Archive for category: Kevin Landers

Moving Beyond Annual Inspections: The Importance of Monthly Cybersecurity Checks

June 18, 2024/in Guest Bloggers, Kevin Landers/by Caroline Slee-Poulos

Moving Beyond Annual Inspections: The Importance of Monthly Cybersecurity Checks

Guest writer Kevin Landers tackles a huge source of anxiety for many of us in the digital age, our online security. Read on for, “Moving Beyond Annual Inspections: The Importance of Monthly Cybersecurity Checks.”

In today’s rapidly evolving digital landscape, cybersecurity has become a critical concern for businesses of all sizes. Regulations and guidelines from the Federal Trade Commission (FTC) and even cyber liability insurance providers mandate an annual security check. But if you look at the facts about how criminals operate, it is clear that this frequency is insufficient.

Did you know that the average time a cyber attacker resides in a system before detection is 290 days? This means that a breach could go unnoticed for nearly ten months if you conduct security checks only once a year. By the time the annual inspection rolls around, the damage could already be extensive, potentially costing the business in terms of data loss, financial penalties, and reputational harm.

Businesses should consider monthly cybersecurity inspections to ensure their systems remain secure and resilient against potential threats.

The Regulatory Baseline: Annual Checks.

The FTC and most cyber liability insurance providers require organizations to perform security checks at least once a year. This requirement is aimed at ensuring that companies maintain a basic level of cybersecurity hygiene. The process typically involves a high-level meeting with executive leadership and stakeholders, followed by a series of scans on a handful of computers. These scans generate reports highlighting any vulnerabilities or breaches, with a follow-up meeting to discuss the findings and necessary actions.

Being Basic is not Good Enough.

While annual checks are a regulatory requirement, more is needed for effective cybersecurity management. A yearly inspection can leave significant gaps in the fast-paced world of cyber threats. Cybersecurity is not a “set it and forget it” task; it requires continuous monitoring and regular updates.

In our experience conducting these assessments over the past five years, we have never encountered a dealership without vulnerabilities. Whether it is outdated software, weak passwords, or other security lapses, there is always something to address. Relying on annual checks means these issues could remain undetected for months, giving cybercriminals ample time to exploit them.

Benefits of Monthly Security Checks.

Proactive Threat Detection: Monthly checks enable businesses to detect and mitigate threats quickly. Regular scans and reports ensure that vulnerabilities are identified and addressed before they can be exploited.
Compliance and Peace of Mind: Although the FTC and insurance providers recommend annual checks, exceeding these requirements by conducting monthly inspections demonstrates a proactive approach to cybersecurity. This can provide stakeholders, customers, and regulatory bodies peace of mind.
Continuous Improvement: Cybersecurity is a constantly evolving field. Monthly checks allow businesses to avoid new threats and adapt their security measures accordingly. This continuous improvement cycle helps maintain a robust defence against cyber-attacks.
Building a Security Culture: Regular interactions between IT teams and leadership foster a culture of security within the organization. This ongoing dialogue helps demystify cybersecurity, making it a shared responsibility rather than a specialized isolated task.
Overcoming the Intimidation Factor: Many business leaders find cybersecurity intimidating due to its technical complexity. However, it is crucial to break down these barriers and communicate in plain language. Monthly security checks offer an opportunity to educate stakeholders about the importance of cybersecurity and the specific actions being taken to protect the organization. By translating technical jargon into understandable terms, we can help leaders make informed decisions about their security posture.

Conclusion.

In conclusion, while annual cybersecurity checks meet the minimum regulatory requirements, they are insufficient in today’s threat landscape. Monthly inspections provide a more proactive and effective approach to managing cyber risks. By committing to regular security assessments, businesses can protect their data, maintain customer trust, and ensure long-term success. Do not wait for a breach to highlight the gaps in your security—take action now and make monthly cybersecurity checks a core part of your business strategy.

Did you enjoy this blog? Read more great blog posts here.

For our course lists, please click here.

Are Cybersecurity Vulnerabilities Haunting Your Dealership?

January 9, 2024/in Guest Bloggers, Kevin Landers/by Caroline Slee-Poulos

Are Cybersecurity Vulnerabilities Haunting Your Dealership?

Kevin Landers is the President of rocketwise – an IT and Cyber Security firm based out of Knoxville, TN. He and his team support equipment and commercial truck dealers across North America. He makes his initial blog post for Learning Without Scars with, “Are Cybersecurity Vulnerabilities Haunting Your Dealership?”

Kevin possesses the unique ability to understand, and explain in non-threatening and non-technical ways how technology, business and team members work with, and sometimes, against each other. He has an innate ability to understand how technology works at the basic conceptual level and how it interacts with hardware, software, networking, people and business processes. A rare combination in today’s technology arena.

He puts these abilities to work daily to make dealerships better by enabling them to deliver extraordinary service with rocketwise’s “Dealer Ally Success Platform”.

Kevin lives in Tennesse with his bride Summer, and their two sons – Caleb and Isaiah.

Let’s delve into a topic that’s crucial for dealerships like yours – cybersecurity. While you might not have old skeletons hidden away, there’s a good chance that cybersecurity vulnerabilities are lurking in the shadows, just waiting to cause trouble. You can’t address what you can’t see, which is why it’s time to shed light on these hidden dangers. This will empower you to take initiative-taking measures to safeguard your dealership from potential cyber threats. Here are some of the most common cybersecurity challenges faced by dealerships:

Outdated Software: The Neglected Nightmare

We understand that updating software can be a hassle, but running outdated software is akin to leaving the dealership doors wide open for hackers. When software vendors release updates, they often include crucial security patches that plug vulnerabilities. Don’t let outdated software haunt your dealership’s digital presence. Keep everything up to date to fortify your online defenses.

Weak Passwords: The Gateway for Cyber Intruders

If your passwords are weak, it’s like handing over the keys to your dealership to cybercriminals. Using predictable passwords like “123456” or “password” is a big security no-no. Instead, establish robust and unique passwords for all accounts and devices. Consider a mix of upper and lowercase letters, numbers, and special characters. Password managers can be invaluable for generating and securely storing complex passwords. As a dealership owner, set guidelines for creating strong passwords and employ software to enforce this policy.

Unsecured Wi-Fi: The Vulnerable Entry Point

Imagine a scenario where a cybercriminal lurks in a parked vehicle, exploiting your dealership’s unsecured Wi-Fi network. Terrifying, right? Unsecured Wi-Fi can serve as an entry point for hackers to intercept sensitive data. Ensure your Wi-Fi is password-protected and use WPA2 or WPA3 encryption for an added layer of security. For critical dealership operations, consider implementing a virtual private network (VPN) to shield your data from prying eyes.

Lack of Employee Training: The Risk of Ignorance

Your employees can either be your dealership’s strongest defense or its weakest link. Employee errors contribute to approximately 88% of data breaches. Without proper cybersecurity training, your staff might unknowingly fall prey to phishing scams or inadvertently expose sensitive information. Regularly educate your team on cybersecurity best practices, including recognizing phishing emails, avoiding suspicious websites, and using secure file-sharing methods.

No Data Backups: The Catastrophic Loss

Imagine waking up to find your dealership’s data vanishing into the digital abyss. Without backups, this nightmare can become a reality due to hardware failures, ransomware attacks, or unforeseen disasters. Embrace the 3-2-1 rule: maintain at least three copies of your data, stored on two different media types, with one copy stored securely offsite. Regularly evaluate your backups to ensure they are functional and dependable.

No Multi-Factor Authentication (MFA): The Risky Gamble

Relying solely on passwords for account protection is a risky gamble, much like having a screen door at the entrance of your dealership. Implementing MFA adds an extra layer of security, requiring users to provide additional authentication factors, such as a one-time code or passkey. This significantly bolsters your account security and makes it challenging for cyber attackers to breach your dealership’s defenses.

Disregarding Mobile Security: The Vulnerable Phones

Mobile devices have become indispensable tools for dealership operations, but they can also be vulnerable to security risks. Ensure that all company-issued devices have passcodes or biometric locks enabled. Consider implementing mobile device management (MDM) solutions to enforce security policies, remotely wipe data, and ensure devices remain up to date.

Shadow IT: The Unwanted Surprise

Shadow IT refers to the use of unauthorized applications within your dealership. While it may seem harmless when employees use convenient online tools, these unvetted applications can pose significant security risks. Establish clear policies for software and services usage within your dealership and conduct regular audits to identify any lurking shadow IT.

Incident Response Plan: Preparedness for the Unexpected

Even with all precautions in place, security incidents can still occur. Without an incident response plan, your dealership could be left scrambling. Develop a comprehensive incident response plan that outlines how your team will detect, respond to, and recover from security incidents. Regularly evaluate and update the plan to ensure its effectiveness.

Don’t let cybersecurity vulnerabilities haunt your dealership. We can assist you in identifying and addressing potential threats, ensuring a robust security posture that protects your business. Reach out to us today to schedule a cybersecurity assessment. Your dealership’s security is our top priority.

Did you enjoy this blog? Read more great blog posts here.

For our course lists, please click here.

TESTIMONIALS

Dollar Time

We are all on “lock down” today. Some of us are working from home, using communications and virtual software tools, while some of us are going into the office or workplace. Let’s use this time as effectively as possible. So, if you have time think about your job. What can you do, should you do, to make it better? What do we do to eliminate duplications, minimize mistakes, decrease expenses, increase sales? Make a list, talk with your coworkers about it. Let’s do something different this time. Send me your ideas. Send it to ron@learningwithoutscars.org. After a week or so I will consolidate all these ideas and put them in a table and send them back to you. Then you can look into making the necessary changes that you identified or someone else suggested. Let’s make time as effective as we can.

The Time is Now.

https://vimeo.com/403180203

April 1, 2020

The Current U.S. Labor-Market Conundrum

Guest writer Edward Gordon has returned with his February Gordon Report: "The Current U.S. Labor-Market Conundrum."

The February 2024 BLS jobs report showed a surge of 353,000 jobs added in January, more than double than what was predicted in economic surveys. This follows a gain of 330,00 jobs in December. Another surprise in this February report is that average hourly wages grew rather than holding steady. Over the past year they have grown 4.5 per cent. What factors may be behind these unexpected numbers?

An average of 10,000 workers from the large baby-boomer population have been retiring each day. This year the average will grow as the baby-boomer retirements peak. This flood of retirees will continue until 2030. Therefore, this year and until the end of this decade, many job openings will arise from the need to replace retirees.

In at least some sectors of the economy, it appears that employers are raising wages to find workers with the skills they need. Chief Economist Bill Dunkelberg of the NFIB (an association of small business owners) reported on their January survey, “owners continue to raise compensation to retain and attract workers with the skills and willingness to do the job, but hiring remains a struggle in a tight labor market.” So far, this strategy has not been very successful. In that same survey 39 percent of the respondents reported having unfilled job openings. Members of the Association of General Contractors also have high levels of unfilled jobs despite providing a wage premium of almost 19 percent over that of the average for private-sector production employees.

In some cases, higher wages may attract people who have not been participating in the labor force to seek a job if the pay level would offset the costs of childcare, a long commute, or obtaining additional training. A recent Korn Ferry survey of job seekers, however, found that many applicants do not have the skills required for open jobs. In some case this is due to the development of new types of jobs with recently updated skill sets.

The above data points to a current labor market with a significant skills-jobs mismatch. But the Training Industry Annual Survey of 2023 reported that business investment in employee training remained flat. Going forward, predictions are that companies will cut their training budgets. The irony is that one way or the other business will have to pay more to find skilled workers either through continuing to raise wages or by investing in more in-house or collaborative training programs.

Edward E. Gordon is the founder and president of Imperial Consulting Corporation in Chicago. His firm’s clients have included companies of all sizes from small businesses to Fortune 500 corporations, U.S. government agencies, state governments, and professional/trade associations. He taught in higher education for 20 years and is the author of numerous books and articles. More information on his background can be found at www.imperialcorp.com. As a professional speaker, he is available to provide customized presentations on contemporary workforce issues.

We invite you to submit your questions or comments by email or calling us in Chicago at 312.664.5196.

Thank you for your continued interest in our publication.

Did you enjoy this blog? Read more great blog posts here.

For our course lists, please click here.

February 27, 2024