[BreachExchange] Getting Your Staff to Take Cybersecurity Seriously
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Mar 30 10:06:16 EDT 2018
http://www.thestaffingstream.com/2018/03/27/getting-your-
staff-to-take-cybersecurity-seriously/
It doesn’t matter what type of business you run, you always need to make
sure your cybersecurity is top-notch and on par with modern standards. And
even if you take all the necessary steps and do your best to make
everything secure, no one can guarantee that safety. Why? Because of the
biggest security flaw there is: the human factor.
People are always the biggest threat to your business security, no matter
the size of your company. Improper security training, abstract approach
toward security issues, and various other reasons lead to the point where
your employees simply don’t understand in which ways they jeopardize your
business’ security. This is a problem for all types of businesses, but
luckily, there are some things you can do to help educate your workers and
coworkers and increase the overall safety of your business. We did a bit of
researching and we’ve come up with this short guide to help put you on the
right path when it comes to raising your employees’ safety awareness. So,
without further ado, let’s dive straight into it.
Continuous Training
When it comes to cybersecurity, you cannot simply have a guy from your IT
department talk to other employees about it and hope for the best. It
requires some time and effort to make the message stick, but also to make
sure that your workforce understands the biggest security problems they can
encounter. Business security and cybersecurity courses are great, but
people tend to forget what they’ve learned if they don’t have a way or a
reason to use that knowledge.
Quite a lot of business experts have stated that the best results come from
a continuous training which takes place throughout the year. You need to
train your employees according to their working positions and security
risks that may concern their specific job. For example – your IT department
needs to be prepared for a technical attack, while your HR has to know how
to avoid phishing emails and malware attacks. Following some simple rules
like not using your professional equipment anywhere except in the office
can significantly increase your cybersecurity. Make sure your employees are
always prepared for a security breach and that they are up to date with
potential cybersecurity risks, so they can act accordingly and minimize the
potential damage to your company.
Perform Training Exercises
Training your employees is extremely important, but in order to make sure
they’ve really understood those training classes, you must put them to a
test. In order to fully understand all the potential security breaches your
company is facing, you need to perform a number of “live fire” exercises.
This means that you will have to find a way to simulate a cybersecurity
attack so that you can see the response.
While writing this article, we’ve consulted with one of the leading IT
companies in Sydney and they’ve emphasized the importance of these
training-tests. You can have your IT department organize a simulated
attack, or you can outsource these services from some outside vendor, but
these tests should give you the clear picture of the state of security in
your company. These tests will also help your employees gain a better
understanding of what the company is going through in such situations, and
what kind of implications such events leave. There is no better way to see
how secure your company really is.
Evaluation, Communication, and Reward
As with any other business aspect, when it comes to the cybersecurity, you
need a lot of planning and evaluating. You will need to do regular
check-ups and you will have to do periodic evaluations of both your
employees and your security systems and strategies. Make sure you’ve tested
them thoroughly before any implementation. Find the best possible way to
connect with your employees when it comes to cybersecurity. Communication
is extremely important when it comes to making sure that everyone is on the
same page. If you can’t find a way to describe a problem or a security
issue to your employees – you can’t expect them to understand how to
prevent or avoid it.
Another great practice that has shown some interesting results is
definitely rewarding your employees. When users find malicious emails,
phishing attempts and similar security risks, reward them in a way. Take
into consideration that some of your employees go through thousands of
emails a day, so when they manage to find something suspicious and report
it, a reward of some sort can be a great incentive to keep them on alert.
Wrapping It Up
These are just some of the ways you can ensure your employees are on the
same page as you when it comes to the cybersecurity, but you should keep in
mind that no matter what, education is just one of the cybersecurity
aspects. There is always a percentage of cyberattacks that will get
through, so make sure that your employees are always on a lookout, and your
security plan and your tools are always updated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180330/8348fd0b/attachment.html>
More information about the BreachExchange
mailing list