[BreachExchange] How to create a cyber security culture in your business

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jun 19 18:54:02 EDT 2018


https://www.talk-business.co.uk/2018/06/19/how-to-create-a-
cyber-security-culture-in-your-business/

While it’s imperative for businesses to take the necessary steps to reduce
an organisation’s vulnerability, they also need to make appropriate
adjustments early enough to protect internal resources and their customers.

Spread the word

Cyber security shouldn’t be seen as an ‘IT department thing’; it’s
everyone’s responsibility to the business. Culture is the operating system
of every organisation so having total employee buy-in is essential to
achieve success.

Ensure all employees at all levels are on board with your cyber security
strategy. This is critical. As a starting point, regularly provide employee
training on the best I.T. and security practices and then check staff are
following through with what’s been taught.

Try to make the training relevant to employees’ lives outside the
organisation and show them how to use this information to protect their
personal online lives as well. This will resonate far more effectively.

Know your third parties

You may feel safe knowing your own internal systems are secure, but there’s
no end to major cyber breaches which have originated from third-party
suppliers.

However, research has shown when companies evaluate the security and
privacy policies of all suppliers, the likelihood of a breach falls from 66
percent to 46 percent. So, a key focus should be making cyber security a
central part of the decision and contract signing process when forming new
partnerships.

Once you’ve established which vendors will have access to the most
sensitive data, you can use a  variety of methods to boost security measure
between all parties. For example; you could discuss the option of regular
vendor self-assessments or ask them to purchase specific cyber insurance.

If your company or an external supplier experiences a data breach, it’s
important to create an intelligent response plan outlining the potential
scenarios and business impact both companies could face.

It’s imperative to prioritise the critical systems you’ll need to keep
online and to have a strong communication plan in place so you can inform
other partners, customers and the public of any security issues, in a
timely and sensitive manner.

Process perfection

With GDPR soon coming into force, security and privacy should be at the
heart of all your internal processes and updated according to the new
regulations, if it hasn’t already been done. However, with today’s
employees regularly connecting personal devices to corporate networks or
using company phones and laptops for remote working, it can be tricky to
implement these practices.

Set out some internal guidelines for all staff to follow and ensure you
provide regular training on these protocols, so all staff are aware of any
changes in regulations or internal requirements. This should improve
self-management, strengthen protection against external attacks and promote
accountability across the business at all levels.

Another issue is the access employees have to particular files and
information. Putting a monitor in place and limiting the availability of
specific data, will make it easier to track viewing privileges and where
and how that information is being used.

Customer interaction

Creating a better cyber security culture extends to your customer base too.
You must ensure you’re being completely transparent and honest with your
customers to gain their trust.

If your organisation is facing a cyber-attack or data breach, you should
inform all customers immediately. They will need to know what has happened,
what they can do to protect themselves and what you will do in the future
to prevent this from re-occurring.

Make sure you to try to reach as many customers as quickly as possible by
sending out emails, text messages or social media updates. You could even
place a prominent, temporary banner on your website’s homepage letting
customers know an incident has occurred.

Encourage customers to re-confirm their preferences once the breach has
been resolved and try to compensate any victims as much as reasonably
possible, to show customers you are aware of how they feel and they are a
priority for your business.

The moral of the story is all workers have a role to play in the success or
failure of a business and this principle extends to cyber security too.
Implementing processes that are both comprehensive and resilient will help
to limit damage from breaches or attacks, speed recovery, enhance customer
satisfaction and create a stronger, more-informed business culture.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180619/9c29c81e/attachment.html>


More information about the BreachExchange mailing list