Security Awareness – Could Your Employees Constitute an Inside Threat?
Malicious outsiders usually get the blame for cyber threats to businesses – hackers doing their best to steal corporate intelligence, raid confidential customer listings and access financial information. However, sometimes the door is unintentionally opened to these cyber criminals by the ignorance or negligence of a company’s employees. What this boils down to is that employees need to be educated about cyber security and their responsibility in helping to prevent it being breached. With respective to your company, don’t be reactive; rather assume that your security will be compromised at some point, and help your employees learn how they can assist in keeping your business safe. Here are some sensible steps to increase the security awareness inside your company.
Talk to Your Employees
It’s not just a question of having your personnel read and sign a document regarding your organization's IT policies. What you need to do is to also communicate the likelihood of a cyber attack and stress the potential negative impact on the functioning of the organization. Get your employees involved by explaining that they have obligations to the company in this respect.
Involve the Whole Company
It’s important to include executives and top management. Cyber “pirates” can aim their malfeasance at traveling executives using free hotel Wi-Fi without encryption. Keep in mind that potential damage and financial rewards can be much larger for cyber criminals if top level management is targeted.
Hold Regular Training Sessions
Training in cyber security should be mandatory for all new employees and refresher courses conducted for everyone. Training needs to happen before there’s a problem. Specific rules should be put in place with respect to Web browsing, e-mails, file transfers, application downloads, mobile devices and social networks. Employees should be made aware of suspicious links from unknown sources. They also should be trained to recognize suspicious contacts from individuals posing as co-workers and asking seemingly innocuous questions – what these persons are really doing is gathering information about the company and its operations. Give your attendees regular quizzes to test their cyber security knowledge – make it relevant, fun, and rewarding with incentives for good responses.
Encourage your employees to make it known if they find some procedures too difficult to comply with. For example, if you make it mandatory for everyone to change their passwords on a weekly basis, be aware that they will find less secure workarounds such as writing them down in their personal on-line documents or on post-it notes in their cubicles.
Don’t Discourage Your Employees from Reporting an Incident
Even if it transpires that it's a false alarm, never disapprove or make a joke out of an employee who puts up a red flag. If you do, all you will accomplish is to make the individual think twice before speaking up again. If you think that there are too many false alarms, take a look at your training methodology.
Alert Your Workforce Promptly to a Problem
If you do have an incident, communicate this to your employees as soon as possible. A delay in getting this information out may significantly increase the adverse impact of the situation.
One plan should contain step-by-step instructions about what employees should do if they believe they have encountered a cyber incident. Another plan should provide internal communications and public relations strategies to ensure a prompt and calm response to a cyber attack.
You need to defend your business against cyber crime and malware. However, you don’t have to try to do this alone; we have the expertise to help you. Please get in touch with us to learn how you can significantly reduce your organization’s security-related risks from inside and outside sources.