The Key to Cybersecurity is an Educated Workforce

The United Kingdom’s National Cyber Security Centre (NCSC) handled a record number of cybersecurity incidents over the last year, a 20% increase in cases handled the year before. With the increasing number and more innovative nature of cyber attacks, businesses of all sizes must prioritise cybersecurity. However, the fundamental starting point of any organisation’s security infrastructure must be a trained and aware workforce, who understand their responsibility in keeping business data safe. Oliver Paterson, Product Expert, VIPRE Security Awareness Training and Safesend, explains.

Business Size Doesn’t Matter
Whether a business is a start-up or a larger corporate organisation, all companies are at risk of a cyber-attack. We often see million-pound enterprises on the news when they suffer from a data breach, such as Estée Lauder, Microsoft and Broadvoice. But, no organisation is too small to target, including small and medium-sized businesses (SMBs), who are the target for an estimated 65,000 attempted cyber attacks every day, according to new figures. Unfortunately, these types of businesses may not have the same infrastructure and resources in place to survive such attacks, as it is found 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.

No matter the size of an organisation, the effects of a cyber attack can be devastating financially, as well as having longer-term damage to business reputation. Small businesses remain at the same level of security risks as those which are larger, for example, Volunteer Voyages, a small single-owned organisation, did not deploy the right level of security and fell victim to $14,000 in fraudulent charges using its payment information. Similarly, the entrepreneur who owns Maine Indoor Karting accidentally clicked on a malicious email pretending to be from his bank warning him of unfamiliar activity, resulting in clearing out his account. Nevertheless, SMEs can safeguard their data and themselves from these types of attacks by investing in their cybersecurity and being conscious and informed of the threats they face.

Human Error
As the year-on-year number of cyber attacks continues to accelerate, hackers are also becoming more advanced and innovative in their tactics. They are able to spot weaknesses in workforces, particularly preying on those who are working from home as a result of the ongoing pandemic, away from their trusted IT teams. In fact, a recent survey found that 90% of companies faced an increase in cyber attacks during COVID-19.

It is no surprise that hackers use humans to their advantage, as according to data from the UK Information Commissioner’s Office (ICO), human error is the cause of 90% of cyber data breaches. Humans make mistakes – stressed, tired employees who are distracted at home will make even more mistakes. Whether it’s sending a confidential document to the wrong person or clicking on a phishing email, no organisation is immune to human error and the damaging consequences this can have on the business.

Yet, these risks can be mitigated by educating workforces on the modern threat landscape and the existing risks. Teamed with anti-malware solutions and technology, such as VIPRE’s SafeSend, employees can be alerted to double-check their email attachments and recipients, as well as any potentially malicious incoming emails.

Cybersecurity Training
Businesses cannot solely rely on digital tools to protect their operations, information and people. However, they cannot expect workforces to understand and identify existing threats, as well as avert them from taking place, without education. Particularly, small and micro-businesses lack the resources and knowledge to defend against an attack, with a concerning 81% of organisations not receiving any training on cybersecurity.

Without this cognisance, workforces cannot stay ahead of the persistently evolving threat landscape. It is therefore essential that businesses choose the correct training programmes to get the most value and retention out of this learning. While deploying an annual security awareness training programme may satisfy instant requirements, it does not equate to a continuous defence strategy for ever-changing threats.

The key considerations include the length of the programme, the level of engagement, having a variety of multimedia content and ensuring it is relevant and relatable to a global audience. Adding in real-life situations and intriguing employees with diverse content, including virtual reality and phishing simulations, helps to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves. This, in turn, strengthens the workforce security culture, ensuring employees know what to do when faced with a cyber threat.

By working with a successful vendor, such as VIPRE, that has access to the appropriate security solutions and expertise, they can help CISOs create and foster a good security culture, making security part of the vision and values of everyone in the organisation.

A Responsible Workforce
Once workforces are trained and educated on the existing security risks, it is vital that they also understand their responsibilities when securing an organisation’s IT infrastructure. Traditionally, IT teams are often perceived to have a key role in ensuring the right security measures are in place, and it’s up to them to defend the business against hackers. However, this is not the case, particularly for SMBs who may not have a committed IT unit to rely on.

Especially now with dispersed workforces and social distancing restrictions in place, the help and support from those in IT is not so immediate. Now more than ever, the responsibility must be reinforced throughout the entire business. In order to combat imminent threats, employees who are on the front lines of the business’ cyber defence must understand that they have a key role to play in keeping data safe. After all, the final choice in sending sensitive information via email or downloading an external attachment is with them.

Forrester’s latest report re-iterates this, as it states that “Organisations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cyber safety and that of their employer.” The combination of having a vigilant and empowered workforce, supported with regular training and innovative tools, allows businesses to benefit from a security-first initiative with an educated and responsible culture long-term.

 

Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/qwytPclyUwk/the-key-to-cybersecurity-is-educated.html[/vc_column_text][/vc_column][/vc_row]

Project Manager vs Scrum Master – Stop Comparing

Difference between Project Manager and Scrum Master. This is a very popular comparison, but why do we compare and what goes behind this comparison? These are 2 different roles that originated from 2 different process frameworks. It is like goalkeeper in football vs full-back in Rugby. When goalkeeper switch to Rugby and start mapping old role in new game, imagine what will happen? Goalkeeper will start playing football in Rugby.


When you change the game, you learn new rules from scratch to get deeper insights to do a job better. If you find a Scrum Master job interesting then do it, else there are 2 more roles to choose in Scrum.


This is our learning after observing many teams to understand why they waterfall within scrum. So what did we do? Stopped comparing and started teaching it in our Scrum Master and Project Management classes.


Learn About the Role of the Scrum Master

As described in the Scrum Guide, the Scrum Master is responsible for promoting and supporting Scrum. Scrum Masters do this by helping everyone understand Scrum theory, practices, rules, and values.


The Scrum Master is a servant-leader for the Scrum Team. The Scrum Master helps those outside the Scrum Team understand which of their interactions with the Scrum Team are helpful and which aren’t. The Scrum Master helps everyone change these interactions to maximize the value created by the Scrum Team.



Roles a Scrum Master Plays

1. Service to the Product Owner

The Scrum Master serves the Product Owner in several ways, including:

  1. Ensuring that goals, scope, and product domain are understood by everyone on the Scrum Team as well as possible.
  2. Finding techniques for effective Product Backlog management.
  3. Helping the Scrum Team understand the need for clear and concise Product Backlog items.
  4. Understanding product planning in an empirical environment.
  5. Ensuring the Product Owner knows how to arrange the Product Backlog to maximize value.
  6. Understanding and practicing agility.
  7. Facilitating Scrum events as requested or needed.

2. Scrum Master Service to the Development Team

The Scrum Master serves the Development Team in several ways, including:

  1. Coaching the Development Team in self-organization and cross-functionality.
  2. Helping the Development Team to create high-value products.
  3. Removing impediments to the Development Team’s progress.
  4. Facilitating Scrum events as requested or needed.
  5. Coaching the Development Team in organizational environments in which Scrum is not yet fully adopted and understood.

3. Scrum Master Service to the Organization

The Scrum Master serves the organization in several ways, including:

  1. Leading and coaching the organization in its Scrum adoption;
  2. Planning Scrum implementations within the organization;
  3. Helping employees and stakeholders understand and enact Scrum and empirical product development;
  4. Causing change that increases the productivity of the Scrum Team; and,
  5. Working with other Scrum Masters to increase the effectiveness of the application of Scrum in the organization.

Scrum Master Training Dates: 2nd -5th June 2020

[/vc_column_text][/vc_column][/vc_row]

Five ways to prepare your company for Agile ways of working

Many organizations go into Agile assuming it to be a “silver bullet” for numerous business management issues.

Managers may have attended conferences or read articles where forward thinking companies, such as Amazon, Netflix or Toyota, are held up as positive case studies. This creates an expectation of success and – more often than not – the assumption that Agile will automatically work. But this is dangerous ground.
It overlooks the fact that Agile is more than a new set of systems and processes; it’s a set of values, a mindset and a fundamental shift in the culture of the organization.

Preparation is key

Every corner of the company will be expected to adopt new behaviours as part of the evolving Agile culture – many of which are likely to be worlds apart from long established habits. So it’s unrealistic to expect this level of change to happen overnight.

Rather than rushing into Agile – and then being disappointed when it doesn’t deliver immediate results – organizations need to pave the way for a smooth transition. This means preparing the company for change at the earliest opportunity; announcing your intention to evolve working practices and then following it through in a number of different ways. For example:

 

  1. Invest in Emotional Intelligence (EQ) training: ensure staff have all the information they need to be more open-minded. The decision to change has been imposed on them and you now need to actively support them to make the personal change required for this journey.
  2. Get rid of people holding you back: it makes no sense to keep anyone who is not on board with the new direction. Dutch bank, ING famously went through “an emotional revolution” to rid the organization of staff with the wrong mindset; those identified as such were made redundant, even if they had all the right skills.
  3. Encourage ownership: let staff have a say in the defining principles behind the new culture and the skills needed to make it happen.
  4. Start low key: an Agile approach doesn’t work for every project, so pick one or two relatively small initiatives as prototypes to demonstrate it in action.
  5. Build excitement: roll out the new approach in such a way that it creates a positive buzz across the company and brings everyone along as it gathers momentum.

It’s all in the (Agile) mind(set)

Even with the most thorough preparation programme in place, however, it should be remembered that the Agile method is not for everyone. It won’t suit every situation, project and organization. There is certainly no one size fits all approach. And yet….

I firmly believe that any individual involved in project or programme delivery needs to do everything they can to stay relevant and adopting an Agile mindset is a valuable asset. The world of work is changing, the way we interact is different and there is a new generation of disruptors coming into the workforce. In this context, being flexible in your thinking is a vital part of having the right mindset and behaviours to adapt and thrive.

Master agility. Maintain control.

A fusion of agile and PRINCE2 – where flexibility and responsiveness combine with stakeholder confidence and tailored, relevant governance. Consisting of guidance, training and professional certification, PRINCE2 Agile explores the interface between some of the world’s most popular agile delivery techniques and project management fundamentals. Scrum, Kanban, Lean Start-up and PRINCE2 – all covered in one guide, one course and one certification.

How will PRINCE2 Agile help your projects deliver more value?

  1. Reassure stakeholders through the globally recognized name of PRINCE2 – explore agile delivery techniques whilst not forgetting necessary control to keep your stakeholders confident and engaged.
  2. Understand the risks and benefits of Agile delivery – learn how to qualify how much or how little Agile should be used on each project, providing a truly tailored approach to each project
  3. Deliver value quicker – using an iterative workflow that focuses on achieving value at each stage, or sprint.
  4. Collaborative and transparent working – through techniques and behaviours such as daily stand-up meeting and retrospective reviews.
  5. Engaged customers – through a customer-orientated approach that tests and learns, to deliver products and services the customer expects.

How will PRINCE2 Agile help you?

  1. Learn about the most popular Agile techniques on the market– including Scrum, Kanban, Lean Start-Up.
  2. Learn the global common language of project management – PRINCE2 Agile gives you the tools to deliver in an agile way, whilst understanding the terminology and processes of the world’s most adopted project management methodology.
  3. Understand how to adapt your approach to your project environment – Learn how to tailor the PRINCE2 themes and process to an agile project, and when and how to use agile techniques for each project.
  4. Enhance your CV with a globally-recognized agile project management certification that demonstrates your understanding of both PRINCE2 and agile.

Why agile?

Agile project management is a growing trend; Google reports a massive 250% increase in the search term ‘agile project management course’ in 2019. In the AXELOS PPM Benchmarking report over 75% of individuals claim to be working in an agile way, and the top benefit realized is ‘increased customer satisfaction’*.

Why get certified?

84% of individuals report that professional certification has increased their job efficiency, 79% say it’s made them more satisfied in the workplace and over half say it’s directly increased their salary** *AXELOS PPM Benchmark report, 2019

Supporting Digital Transformation with ITSM and ITIL 4

One of the principal challenges for digital transformation in 2019 was, and still is, whether the change affects a whole organization or just the IT department. Successful digital transformation is not merely about an IT revolution – or introducing automation because you think you should – it’s a holistic business change covering entire organizations and working together with the overall business strategy. It requires mixing people, machines, and business processes, with all the challenges this entails. It also requires governance, continuous monitoring, and intervention from the top to ensure that both digital leaders and non-digital leaders are making good decisions about their transformation efforts.

According to AXELOS’ latest IT service management (ITSM) Benchmarking Report, which polled more than 1,600 ITSM professionals worldwide, digital transformation happens when organizations consider their customers, both internal and external, and evolve their operations to focus on customer value and experience. And, crucially, this is before seeking technology solutions.

What is the role of #ITSM in supporting an organization’s journey to #digitaltransformation in 2020 and beyond?CLICK TO TWEET

The signs, our research reveals, are promising: 59% of organizations now have a recognized digital transformation program. Compared to our previous report in 2017, this is progress, as then organizations were merely “moving towards” digital transformation.

Research from @AXELOS_GBP shows that 59% of organizations now have a recognized #digitaltransformation program.CLICK TO TWEET

ITSM’S ROLE IN DIGITAL TRANSFORMATION

What is the role of ITSM in supporting an organization’s journey to digital transformation in 2020 and beyond? 

While digital transformation means moving with higher velocity to deliver products and services it needs ITSM to provide governance, stability, and understanding at the business governance level. Here, ITSM practitioners provide organizations with clarity about how services connect and how data is protected while enabling and supporting digital delivery.

However, the ITSM function also needs to show how well it understands business requirements and what value means for the organization and its customers. Within digital transformation initiatives, value is – in the language of ITIL 4 – “co-created” through engagement, interaction, and having the expertise to transform customer demand into valuable services.

Among our survey respondents, almost all (97%) said that ITSM is important to digital transformation. And they’re confident that their companies recognize this, with more than three-quarters (77%) saying that their organizations treat ITSM as an important part of digital transformation. Similarly, 74% agreed that the ITSM function is both sufficiently supported and resourced to deliver on the objectives of digital transformation.

Ultimately somebody has to take responsibility for running digital services to ensure that they work and deliver value, which is where ITSM excels.

THE ROLE OF ITIL IN DIGITAL TRANSFORMATION

Many ITSM professionals are currently certifying in the new ITIL 4 guidance, which now includes both Foundation and the first two Managing Professional modules.

Our benchmark report asked our respondents how the ITIL framework contributed to successful digital transformation. Based on their ITIL experience, they highlighted:

  • Improved service delivery and customer satisfaction (67%)
  • Keeping IT systems up to date through continual improvement (57%)
  • Creating a more stable service environment to support business changes (53%)
  • Providing better management of business risks, service disruption, or failure (51%)
  • Greater visibility of IT costs and assets (44%)
  • Reduced costs through improved utilization of resources (43%).

With the introduction of ITIL 4, ITSM practitioners now also benefit from a holistic approach to service management via its new operating model and an easier integration with other ways of working such as DevOps, Agile, and Lean. ITIL 4 also includes the Guiding Principles which help IT professionals to adopt and adapt ITIL guidance to their own specific needs and circumstances. In the world of digital transformation, there’s benefit in having a flexible, non-siloed approach.

Thinking of services as a way to co-create value means connecting and collaborating more; becoming an integral part of an organization rather than simply striving to align IT with the business. Creating a clear engagement with business needs and working end-to-end with all stakeholders is essential to value co-creation. ITIL should be adopted for the entire IT function rather than a framework for ITSM alone.

#ITIL should be adopted for the entire IT function rather than a framework for #ITSM alone, says @AXELOS_GBP.CLICK TO TWEET

Ultimately, successful digital transformation is a cultural shift in how organizations use tech-enabled digital services to satisfy changing customer needs. The value that it creates – as outlined in ITIL 4 – is possible only when there’s collaborative working and communication between different IT disciplines and stakeholders to ensure the transformation is effective across the four pillars of digital transformation – experience, cultural, business, and operational transformation.

To request your copy of the AXELOS 2019 ITSM Benchmarking Report please click here: https://www.axelos.com/itsm-benchmarking-report-2019

Blog by:https://itsm.tools/author/jos%c3%a9-carmona-orbezo/