Agreement with Dunkin Donuts Inc. To become a Franchisee in Indianapolis with a commitment to open at least 25 Dunkin Donuts restaurants. In August of 2007, Miracle Restaurant Group purchased 12 Arby’s restaurants from Speciality Foods. Today Miracle Restaurant Group operates over 60 restaurants in 6 different states (IL,IN,TX,CO,LA,and MS). Jan 26, 2018 BOSTON - A franchisee with more than 60 Dunkin’ Donuts locations - including three in Hingham and Norwell - has agreed to pay $60,000 over allegations that his company didn’t tell employees. . Managing 36 Dunkin Donuts as part of the Salz Enterprise Network managing many high volume units averaging five to nine million each. Wrote up an employee handbook/code of conduct.
As more and more data breaches and hacks make the news, affecting businesses ranging from kitchen manufacturer OXO to investment management giant BlackRock, it’s vital that you take the time now to look at where your organization is vulnerable. While you can set up any manner of systems to protect your business with cybersecurity, the truth is that many attacks target you where you’re most vulnerable: your employees. Understanding how to train employees for cybersecurity is essential for every organization.
With so many resources available to businesses to protect their digital assets, like managed IT services that provide top-notch security on a small business budget, hackers have resorted to tactics like spear-phishing and social engineering to find an easy mark. The landscape is constantly shifting, and it can be hard for businesses to keep up. Here are eight tips and best practices to help you train your employees for cybersecurity.
Many people look at the news of a massive data breach and conclude that it’s all the fault of some hapless employee that clicked on the wrong thing. While it’s true that they may have been the one to fall for the trap, blaming an individual for not having the right knowledge at the right time is really a way of avoiding the organization’s responsibility to ensure its employees keep its network and data secure.
The onus is on the organization to come up with a plan for ensuring everyone has the knowledge they need to make the right decision and knows where to go if they have any questions. That means being clear about what to do if anybody has questions, and setting up the infrastructure necessary to share new threats as they emerge and get everyone invested in organizational security.
One of the most important concepts to grasp with cybersecurity is that maintenance is a constant job. New attacks develop monthly, if not daily, and your approach to guarding against them can’t be limited to annual training.
If you only updated your network devices once a year, your security would be a nightmare. The same is true for your people.
Wesley Simpson, COO of (ISC)2, suggests in an interview with TechRepublic that we should think about security training as people patching. “Your people are your assets, and you need to invest in them continually,” Simpson says. “If you don’t get your people patched continually, you’re always going to have vulnerabilities.”
You need to commit to a wide variety of approaches to keep your team abreast of what’s out there and what to do about it. This requires a mindset shift: not viewing the person who opened the wrong attachment as the point of failure and, instead, recognizing that it’s the security and training structure around that individual which has failed.
Even if you know which way the trends have been pointing, it’s hard to get your head around just how regularly data breaches occur. Cyber Security Hub’s “Top 5 Cyber Security Breaches of 2019 So Far” includes incidents that have affected Dunkin’ Donuts, Toyota, and Walmart, and we’re only halfway through the year.
Even more shocking is realizing how little coverage most of these attacks have gotten in the media. Before you start thinking that your small business can fly under the radar, keep in mind that according to the Keeper Security and Ponemon Institute 2018 “State of Cybersecurity” report, two-thirds of SMBs have suffered a cyberattack in the past twelve months.
One way to get the message across to your team is to share cybersecurity news regularly. The volume and frequency of attacks will certainly get the message across that everyone needs to be thinking about security in their day-to-day.
At the same time, you don’t want to flood inboxes so much that your emails head straight to the archives. Instead, think about appending a “cybersecurity in the news” section to emails or reports that you already make or simply including a few links in your signature that you can continually update.
In an organization, change needs to happen from the top. Just like with any digital transformation project, if you don’t find a champion who is invested in the value of what you’re trying to do, it’s going to be an uphill battle to justify the man-hours and expenses necessary to implement a solid cybersecurity plan.
When making a case for investing in regular training (and more) for your employees, you need to speak to executives in terms they can understand. As we’ve cited elsewhere in this article, data breaches are a common occurrence, and there is no shortage of news articles covering the damages to organizations big and small. It’s the price we pay for all the incredible things that technology and the cloud have made possible.
If you’re looking for executive buy-in, it helps to be incredibly clear about how data breaches and other cyberattacks can affect the bottom line. The costs are more wide-ranging than most people think, and it’s helpful to use some numbers to make things more tangible.
The average cost of a data breach in 2018 was $3.86 million, and only figures to rise. Put a price on everything, from the organizational cost of losing access to mission-critical data to the potential liability of being at fault for leaking customer information. You’ll find it’s a lot easier to get the support you need.
We all know that following password best practices is a fundamental building block of a solid organizational security plan. The challenge is getting your team to actually do it. To review, a strong password has these traits:
The best approach to ensure compliance is to remove the friction for your team and hopefully solve other problems they may run into in their day-to-day workflow. We recommend adopting a password manager like LastPass or 1Password. These tools will generate and remember strong passwords for every account your employees use. They also make it easy to share passwords across your team, allowing you to collaborate remotely while still following best practices.
As we’ve discussed, some of the most powerful and effective cyberattacks that are out there today rely on human error. Attackers can spoof email addresses, domains, and even something like Google’s two-factor authentication form to create a targeted man-in-the-middle attack to compromise even the most protected accounts. Throw in some fake corporate branding and you have a recipe for disaster.
Here, again, we see the importance of not blaming an individual employee for something that your business needs to solve—as an organization. Hackers cast a lot of lines to see where they can get a nibble, but a sophisticated attacker with the right information can create a highly-targeted scheme to work their way into your network. You need to teach your employees how to identify a “phishy” looking email and where to go if they have questions.
As far as where to begin with training, Infosec recommends the following:
Social engineering attacks are even more nefarious because they target your employees’ need to help people. An attacker will call or email your organization, posing as a vendor and asking for help. If you’ve recently received a robocall, you know how easy it is to spoof a phone number.
Again, common sense rules apply here. How has this person proven they are who they say they are? Why are they requesting this information? Teaching employees to take a step back and think things through is critical to avoid falling prey to this kind of attack.
First impressions are everything, and cybersecurity is no exception. If organizational security isn’t a part of your onboarding, it’s time to start incorporating it into your training process from the start.
Password security, phishing, and social engineering attacks—all of it needs to be covered from day one. Most critically, make sure you’re not just going over the rules but also explaining why these best practices are so important.
Just like with getting executive buy-in, it’s important to be clear about just how much of a threat data breaches are and why it’s their problem, too. Creating clear employee cybersecurity guidelines can be a major asset here, as it gives them a resource to turn to if they need help. Remember that it’s better to know about a potential breach as soon as it happens, so make sure you’re creating an environment where sharing is encouraged and avoiding a situation where someone tries to cover up their mistakes and makes a risky situation even worse.
You’d never train an employee for a new piece of software without giving them a chance to experiment in a realistic environment where they can put their newly-acquired skills into practice. On the same note, you can’t expect your team to build the correct cybersecurity habits without finding a way for them to put these concepts into action and even learn from their mistakes.
Mac users:. Fixing your permissions can help with the 255 error on startup. Disable Web Sharing (System Prefs - Sharing - Uncheck Web Sharing). Mac users that just cannot get TinyUmbrella to work properly - Install TinyUmbrella to your /Applications directory then run /Applications/TinyUmbrella.app/Contents/MacOS/umbrella-tool from the Terminal. Tinyumbrella 7.04.00.
Whether you use an outside vendor or run it through your own security department, it’s well worth the investment to test your organization with a “live fire” simulation. Your team may understand the principles of recognizing a phishing or social engineering attack, but the key is to run those mental checks in the course of a busy workday where you have a million other concerns.
Just like a fire drill, running regular (practice) attacks will help your employees learn from your mistakes. You’ll also get data as to where in your organization there’s the most room for improvement, helping you plan future training sessions as necessary. We all hate falling for the same trick twice, so a successful practice attack can make for a real teachable moment about why security is so important.
As the number of data breaches and hacks continue to rise, it’s vital for your business to take steps to ensure you don’t find yourself in the headlines. Just like with any organizational transformation project, that means getting your team to buy in and build habits.
Ernst levy pdf. Training is the key here, as well as constant reminders that there are threats out there and maybe even a “live fire” exercise to show how easily you can fall victim to an attack. Remember that cybersecurity is a team effort, and you need to put your employees in a position to succeed.
Training is everything when it comes to cybersecurity. New attacks are constantly cropping up, and you need to put your employees in a position to succeed. They need to be in the habit of thinking critically any time they’re asked to share login information.
You should train employees once a quarter or more, with intermittent “live fire” training exercises and constant reminders about new attacks that have developed and breaches that occur.
Cybersecurity training needs to include how to recognize phishing and social engineering attacks, password best practices, and the potential cost of a data breach to your business.
A cybersecurity employee policy is the central resource employees can go to if they have any questions about cybersecurity. It includes anything addressed in training, as well as organizational policies and best practices.
At Dunkin’, we are invested in our people. We offer great benefits, including medical and dental plans with a company contribution. We also provide:
These are just a few of the many benefits we offer to employees.
Namaste during the work day? You bet! Health and happiness matter at Dunkin’, so we support our employees by offering fitness classes in our free on-site gym, healthy options at our café. In addition, we have:
Who doesn’t love perks? At Dunkin’, we go above and beyond to thank our employees and make their lives a little easier. Check out these fun perks of being on our team:
Did you perk up at these benefits?
Check out current job openings at Dunkin’ Brands.