How to Improve Cyber Security Awareness In Your Organisation

Uploaded on 2018-04-13 in JOBS-Training, FREE TO VIEW, NEWS-Cybersecurity News

As the threat landscape continues to develop, and major data breaches appear to occur on a weekly basis, cybersecurity remains a critical issue for CIOs and businesses today.

Clarksons, Uber and CEX are just some of the organisations who hit the headlines after suffering from data breaches in 2017. Last year, Barclays Group Security CIO, Elena Kvochko wrote in CIO UK that businesses need to implement strong measures at every level of the organisation to remain resilient to the attacks.

An increasing number of Chief Information Security Officers, CIOs, are exploring new ways to protect customers and employees from online threats. And by highlighting security issues and raising overall awareness, CIOs can help combat the ever-evolving threats occurring in the workplace.

According to Harvey Nash, only 20% of organisations feel that they are prepared when it comes to a cyber-attack, with the problem continuing to grow.

A CISO is alert to the evolving cyber threats and the growing number of attacks. They share their advice and knowledge with executives and employees on the requirements for setting an effective security plan.

CISOs are arguably best suited for larger organisations with more complex security needs with Reckitt Benckiser, Hargreaves Lansdown, Unilever and Centre Parcs all having a CISO in place. They are responsible for laying the foundations of a plan and communicating the value of security within the organisation.

NATS CISO Andrew Rose told CIO UK: “The CISO role is becoming more business focused. My role is about influencing, stakeholder management, positioning and communication.

“It’s all about getting the board’s head in the right place so that they’re OK with spending money and putting resource into this, and that they realise the benefit in it.”

Training

In some organisations where there is no CISO, it is the responsibility of the CIO to ensure employees are trained and aware of security procedures and implications.

Training can highlight issues such as browser safety, network security and general cyber threats, which can help employees understand the risks of security, overall.

As cyber threats evolve, employees should be kept up to date so that they are prepared and know what malicious content to look out for.

According to the 2018 Global State of Information Security Survey, only 44% of executives are participating in the company’s overall security strategy.
 
In order to maintain an effective security strategy, new hires should receive training sessions before joining the work environment. Exploring creative ways to deliver training through the use of animation, infographics and interactive content can help keep staff engaged and aware of security issues.

CTO Mark Holt agrees security remains an ongoing challenge for organisations today and wants to ensure that it is a key element of Trainline’s culture.

“All of our developers are trained in secure coding practices, we have ‘MacGyvers’ in all clusters individuals with additional security training who are responsible for identifying and raising security concerns, as well as being a super-local centre of excellence for security skills,” he said.

Retain talent

According to a 2017 Spiceworks survey, 62% of IT professionals see cybersecurity as a key skill to develop. CIOs need to develop new ways in order to retain cybersecurity talent to ensure data is protected.

BMJ’s CDO Sharon Cooper says: “Security is a skill that everyone should have at varying levels, bringing diverse teams together and sharing knowledge. The hack day would bring suggestions that would fix business problems, develop new products or improve existing policies.”

Cultural change

One of the most effective ways to improve awareness of security threats is to encourage a cultural change. A security best practice should be available throughout the workplace, as this offers employees a useful resource to drive forward the shift in attitudes towards security.

CIOs can deliver a security strategy which underlines the importance of the risks, any personal concerns and how it will directly affect the business.

Today, employees are exposed to password theft, ransomware and malware, so businesses should be promoting a security culture that can help staff members to stay safe online and recognise telltale warnings surrounding cyber-attacks.

A cultural change should result in the staff’s behaviour adapting to the strategy and becoming more responsive to security protocol. This can help increase employees’ skills, attitudes and own safety when it comes to security.

TalkTalk Business COO Duncan Gooding sees security as much as a cultural thing as an IT solution.

“We have a whole cultural initiative from having training, workshops and group projects making staff aware of the types of security and risks in which we would expect in terms of best behaviour approach.”

The COO has helped change TalkTalk’s security strategy since the 2015 cyber-attack, which cost the telecom company £400,000 in fines.

“TalkTalk is very much going through a cultural expectance of what security means across the business post the cyber-attack,” he said. “The strategy is being discussed at every meeting and the fact that security is embedded in everything we do, from the process and the new products that we launch, to now being part of the day to day discussion.”

Employees need to understand the part they play in achieving a security strategy. Team collaboration is a great way to establish security in the workplace through planning ideas and setting budgets to help motivate the team to deliver a cultural change.

Collaborate with Security Teams

CIOs should collaborate with security teams and get to grips with existing security policies.

Security is a complex subject and ongoing issue for CIOs today. In-house teams cannot be expected to know everything from malware, data and information security.

Regular meetings with security departments can build a relationship while also outlining clear cybersecurity risks and legislation to ensure end-to-end security. 

Taking notes, asking questions and peer observations can help raise awareness within the organisation.

Create a strategy roadmap

A common result of cyber-attacks has seen personal details including email addresses, bank accounts and user passwords been accessed and stolen by hackers.

According to a 2017 Harvey Nash survey, under a third of organisations have been subject to a major security incident in the past 24 months.

Wonga, Pizza Hut and Equifax are just some of the organisations who were fell victim to a security breach in 2017. These infamous breaches have shown a loss of public confidence and cost companies millions of pounds. Raising security awareness can obviously help ensure the company is protected from cyber-attacks.

See the most infamous data breaches on Techworld

A security roadmap detailing the risk of employee’s actions when online will help protect them against common malicious content associated with document sharing, link clicking and file downloading. A roadmap will also ensure a set path is created with CIOs and employees can call upon, when needed.

Collecting information from previous reports and carrying out regularly penetration tests will help illustrate the areas CIOs need to address in order to prevent any security vulnerabilities. This can help ensure the business and its data is protected while, of course, raising awareness of security in the workplace.

Upgrade equipment

When it comes to security CIOs should look to see if there are possible upgrades to be made before purchasing equipment.

Although organisations shouldn’t be cutting costs when it comes to security and protecting customer data, security tools should be updated regularly to reduce the risk of cyber-attacks which inevitably will cost less money.

A good security suite can help protect your devices from a range of threats and prevent your organisation from a serious security risk.

Provide Secure Devices

CIOs should be prepared to provide employees with safe and secure IT equipment.

Security concerns surrounding mobile apps, file-sharing and downloads have become an issue for organisations today, with employees connecting to open and vulnerable networks more often.

Device management tools such as Miradore, Spiceworks and SOTI offer an extra layer of security and remote access, meaning that if any vulnerability is detected, the systems administrator can effectively shut down the device and limit the amount of potential damage that might be caused.

As organisations are exploring new ways to protect their customers, IT Director Jonathan Monk has turned his attention to information security to help protect his pupils at The University of Dundee.

“We have just deployed Microsoft Enterprise Ability Suite and key wins for that has been assuring personal and mobile devices are secure and encrypted wherever they are,” he said. “If they are accessing data from the university they can then be confident that is safe and secure," he explained.

You should also consider setting out a mobile or device best practice for security to ensure you are meeting the organisation's security needs and protocol. This approach will assess employee devices to ensure they are connected to the business network safely.
 
The applications and devices you want to permit can help ensure company data is protected while also educating staff on the overall risks of security. By regularly monitoring devices it can help limit organisations risks, reduce IT costs and help manage IT use.

CIO

You Might Also Read: 

The 3 Biggest Mistakes in Cybersecurity:

 

« UK Police Cybercrime Training
Cyber Criminals Have Ingenious Money Laundering Methods »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

PhishX

PhishX

PhishX is a SaaS platform for security awareness that simulates Cyberthreats, train people, while measure and analysis results, reducing Cybersecurity risks for People and Companies.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Green House Data

Green House Data

Green House Data is a managed services provider delivering hybrid solutions to enterprises who need secure IT environments and efficient management of their critical applications and business data.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Womble Bond Dickinson

Womble Bond Dickinson

Womble Bond Dickinson is a transatlantic law firm, providing high-quality legal experience and outstanding personal service from key locations across the United Kingdom and United States.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Vana Solutions

Vana Solutions

Vana Solutions is an Information Technology Services company. We help commercial & federal organizations select, adapt, and integrate the right technology solution so you can move faster.