[BreachExchange] Why Cybersecurity Should Be on Everyone’s Plate

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jun 22 14:33:00 EDT 2018


https://www.business2community.com/cybersecurity/why-
cybersecurity-should-be-on-everyones-plate-02082562

The hard truth about protecting business data and intellectual property
assets is that simply putting more resources and headcounts into
cybersecurity is not enough. As competent as IT security specialists might
be, they cannot do the job alone. Threats originate at every corner of
organizations, and it’s virtually impossible to centrally anticipate and
fight all of them.

What’s possible to do for better data protection, however, is to
decentralize cybersecurity and put some level of responsibility in the
hands of individual employees and managers. This post looks at how business
professionals can do that in practice.

>From individual errors to massive data breaches

Let’s take a quick look at how large-scale data breaches build up. More
often than not, big system failures and hacking attacks featured in the
news start with small individual errors happening in one or more
departments due to, among other reasons, negligence, stress, and
multitasking.

Hence staff members might set weak passwords that hackers can easily crack
or may inadvertently attach the wrong file due to seemingly confusing
names. What’s more, employees may get deceived by spoofed email addresses
and impersonators pretending to be the CEO and requesting an urgent bank
transfer or access to confidential information.

Such examples can quickly escalate into financial harm, broken customer
trust, reputational damage, and even, very uncomfortable situations for
individuals whose private data is at risk.

Best practices to prevent human errors

Since everyone is prone to human error, it’s reasonable to approach
cybersecurity with individuals in mind, notably by:

Making cybersecurity part of the organizational culture

First thing first, employees need to know that their organizations take
cybersecurity seriously. Otherwise, why would they care? Probably the most
effective way to convey the message is to start with organizational
culture. Companies can add cybersecurity and data protection to their key
values and define exemplary behaviors and rewards for doing the right
things — e.g., alerting IT security specialists immediately when a threat
is detected.

Empowering employees with awareness and training

The chances are that staff members, especially new hires, cannot prevent
threats alone. They need a little help knowing what they’re up against.
Cybersecurity awareness initiatives such as creating a simple newsletter
about recent attacks as well as offering security training modules and
conducting cyber attack simulations could help here. With some preparation,
employees become much more capable of playing their part.

Using error prevention software

A lot of IT security solutions look at how to block malware, viruses, and
other external threats. But most human errors happen because of actions
that were taken by individuals internally. As such, these behaviors often
fall under the radar and require other techniques to spot the situations
conducive to data breaches — for instance, by notifying users when it’s the
first time they interact with a recipient or if files contain confidential
information that likely should not be shared externally.

—

All in all, while IT security specialists play a fundamental role in
fighting cybercriminals, everyone should be involved as part of a
collaborative effort to protect data and IP assets.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180622/3869d735/attachment.html>


More information about the BreachExchange mailing list