Imagine the following: You’re racing against the clock, juggling a million tasks. You’ve gotten a lot done today… but there’s still so much more to do. That’s when you open an email and see what appears to be a genuine offer for a discounted vacation! You’re wiped, you’re multitasking, and the immediate thought of sunny beaches (or snowy mountains) takes over your senses. You just have to learn more! You click!
And there it is: you’ve just fallen victim to a phishing scam.
This is the reality for too many of us. You may feel foolish taking the bait, but the truth is the bad guys are getting smarter and more capable every day. In a world where convenience often trumps security, how do we secure our digital lives without sacrificing efficiency?
In this episode of the Make Work Happen podcast we talk to cybersecurity expert Heather Holiday, Vice President – Digital Business Practices Governance at JPMorgan Chase & Co. During the conversation we unpack the four pillars of online safety, from strong passwords to outsmarting phishing schemes, as well as why software updates are your secret weapon and how to empower your team to be cyber guardians.
This isn’t just about technology; it’s about people. Tune in to learn how to build a culture of cybersecurity in your organization.
What To Listen For
- Convenience vs. Security: There is an ongoing struggle between user convenience and robust security measures. Finding a balance is crucial.
- Education is Key: Educating employees and customers about cybersecurity best practices and the reasons behind security measures is essential.
- The Human Factor: People are often the most vulnerable aspect of cybersecurity. Training and awareness programs can help mitigate this risk.
- Proactive Approach: Businesses should proactively manage their software assets, prioritize updates, and monitor third-party suppliers to maintain a strong security posture.
Strong Passwords and Password Managers
Holiday highlights the tension between convenience and security when it comes to passwords.
People often choose weak, easily remembered passwords and reuse them across multiple platforms. This practice makes it easy for hackers to compromise accounts. Password managers can help by encouraging the use of strong, unique passwords for different platforms.
I would say the truth of the matter is that we like for things to be fast and easy and sometimes there’s a natural friction that takes place between convenience expediency and security. So many people are frustrated with the effort that it takes to remember longer, more complex passwords. So they take the shortcut. They find something simple to remember and then they reuse it over and over again across platforms. The trouble with that is when it’s easy for you, it’s easy for hackers, too.
Heather Holiday, Vice President – Digital Business Practices Governance at JPMorgan Chase & Co
However, Holiday cautions that users should research and select reputable password managers carefully.
Multi-Factor Authentication
Similar to strong passwords, MFA enhances security but can be perceived as inconvenient.
The other thing that I would say, from a business leader perspective, [is that] you may get some feedback from customers or clients to say that they don’t like being required to use MFA because it’s “not convenient.” So, it’s really important to help your customers to understand that this extra layer is for their protection and that you’ve made the decision to use multifactor authentication thoughtfully in order to help ensure their privacy and the integrity of their data.
Heather Holiday, Vice President – Digital Business Practices Governance at JPMorgan Chase & Co
MFA significantly improves security and is worth the extra steps. She suggests that business leaders should educate customers about the importance of MFA for protecting their data and explain that it is a necessary measure for safeguarding privacy.
Recognizing and Reporting Phishing
The human element is often the weakest link in cybersecurity.
Hackers exploit human tendencies to react quickly and emotionally to emails. Holiday advises users to slow down, think before clicking links, and be wary of emails that elicit strong emotions such as excitement, fear, or urgency.
She also mentions that AI has made it more difficult to detect phishing attempts based on grammar and spelling errors alone, as AI-generated emails can be well-crafted. Additional tips include scrutinizing logos and colors in emails, double-checking email addresses, and being aware of the typical communication patterns of organizations like the IRS.
Updating Software
Finally, Holiday acknowledges that keeping software updated is crucial but challenging, especially for larger companies. She outlines three key considerations for software updates:
- Inventorying Software Assets: Companies must know what software they have to update it effectively. This includes browsers, applications, and APIs.
- Prioritizing Updates: Updating software should be a high priority, and businesses should establish schedules and deadlines for updates.
- Third-Party Oversight: Companies should monitor how well third-party suppliers provide updates and patches and not solely rely on them.
Make Work Happen
How do IT leaders make work happen? Join us to hear how companies of all sizes are transforming their workplaces with stories of innovation, resilience, and success straight from the leaders making it happen.
Check out the entire catalog of episodes or download, stream, and listen to them on Apple Podcast or Spotify (wherever you like to listen to your podcasts the most).