Strictly Enforce a Multi-Tiered IT Security Plan for ALL Staff
As new threats arise, it is imperative to keep policies up to date to protect your business. Your employee handbook needs to include a multi-tiered IT security plan made up of policies for which all staff, including executives, management and even the IT department are held accountable.
“More than half of organizations Attribute a security incident or data breach to a malicious or negligent employee.” Source: http://www.darkreading.com/vulnerabilities—threats/employee-negligence-the-cause-of-many-data-breaches-/d/d-id/1325656
Training is NOT a One Time Thing; Keep the Conversation Going
Employee cyber security awareness training dramatically reduces the risk of falling prey to a phishing e-mail, picking up a form of malware or ransomware that locks up access to your critical files, leak information via a data breach and a growing number of malicious cyber threats that are unleashed each day.
Untrained employees are the greatest threat to your data protection plan. Training once will not be enough to change the risky habits they have picked up over the years. Regular conversations need to take place to ensure cooperation to actively look for the warning signs of suspicious links and e-mails as well as how to handle newly developing situations as they happen. Constant updates about the latest threats and enforcement of your IT security plan creates individual responsibility and confidence in how to handle incidents to limit exposure to an attack.
“Every business faces a number of cybersecurity challenges, no matter the size or industry. All businesses need to proactively protect their employees, customers and intellectual property.” Source: https://staysafeonline.org/business-safe-online/resources/creating-a-culture-of-cybersecurity-in-your-business-infographic
Training Should Be Both Useful Personal AND Professional to Stick
Create regular opportunities to share topical news about data breaches and explore different cyberattack methods during a lunch and learn. Sometimes the best way to increase compliance is to hit close to home by making training personal. Chances are your employees are just as uninformed about their personal IT security and common scams as they are about the security risks they pose to your business.
Expand on this idea by extending an invitation to educate their entire families about how to protect themselves from cybercrime during an after-hours event. Consider covering topics such that may appeal to a range of age groups such as how to control the privacy and security settings on social media, online gaming, etc and how to recognize the danger signs of someone phishing for personal information or money both via e-mail and phone calls. Seniors and young children are especially vulnerable to such exploitation.
Don’t Make a Hard Situation Harder; Remember you WANT red flags reported
Making ongoing security training a priority will greatly reduce repeat errors and prevent many avoidable attacks, however mistakes happen. It can be very embarrassing and a shock to ones pride to acknowledge their error and report involvement in a potential security breach. Your first instinct may be to curse and yell, but this would be a serious mistake. Keeping calm and collected is the key to the trust needed for employees to come to you right away, while they are feeling their most vulnerable.
For this reason, treat every report with appreciation and immediate attentiveness. Whether the alert turns out to be a false alarm or an actual crisis, avoid berating the employee for their mistake no matter how red your face may become.
When situation is under control, take an opportunity to thank them for reporting the situation so that it can be handled appropriately. Remember it takes a lot of courage to step up when you know you were to blame. Help the employee understand what to look out for next time is it was something that could have been prevented such as a user error.
Cyber Training Recap