How to Improve Cyber Security Awareness In Your Organisation

Uploaded on 2018-04-13 in JOBS-Training, FREE TO VIEW, NEWS-Cybersecurity News

As the threat landscape continues to develop, and major data breaches appear to occur on a weekly basis, cybersecurity remains a critical issue for CIOs and businesses today.

Clarksons, Uber and CEX are just some of the organisations who hit the headlines after suffering from data breaches in 2017. Last year, Barclays Group Security CIO, Elena Kvochko wrote in CIO UK that businesses need to implement strong measures at every level of the organisation to remain resilient to the attacks.

An increasing number of Chief Information Security Officers, CIOs, are exploring new ways to protect customers and employees from online threats. And by highlighting security issues and raising overall awareness, CIOs can help combat the ever-evolving threats occurring in the workplace.

According to Harvey Nash, only 20% of organisations feel that they are prepared when it comes to a cyber-attack, with the problem continuing to grow.

A CISO is alert to the evolving cyber threats and the growing number of attacks. They share their advice and knowledge with executives and employees on the requirements for setting an effective security plan.

CISOs are arguably best suited for larger organisations with more complex security needs with Reckitt Benckiser, Hargreaves Lansdown, Unilever and Centre Parcs all having a CISO in place. They are responsible for laying the foundations of a plan and communicating the value of security within the organisation.

NATS CISO Andrew Rose told CIO UK: “The CISO role is becoming more business focused. My role is about influencing, stakeholder management, positioning and communication.

“It’s all about getting the board’s head in the right place so that they’re OK with spending money and putting resource into this, and that they realise the benefit in it.”

Training

In some organisations where there is no CISO, it is the responsibility of the CIO to ensure employees are trained and aware of security procedures and implications.

Training can highlight issues such as browser safety, network security and general cyber threats, which can help employees understand the risks of security, overall.

As cyber threats evolve, employees should be kept up to date so that they are prepared and know what malicious content to look out for.

According to the 2018 Global State of Information Security Survey, only 44% of executives are participating in the company’s overall security strategy.
 
In order to maintain an effective security strategy, new hires should receive training sessions before joining the work environment. Exploring creative ways to deliver training through the use of animation, infographics and interactive content can help keep staff engaged and aware of security issues.

CTO Mark Holt agrees security remains an ongoing challenge for organisations today and wants to ensure that it is a key element of Trainline’s culture.

“All of our developers are trained in secure coding practices, we have ‘MacGyvers’ in all clusters individuals with additional security training who are responsible for identifying and raising security concerns, as well as being a super-local centre of excellence for security skills,” he said.

Retain talent

According to a 2017 Spiceworks survey, 62% of IT professionals see cybersecurity as a key skill to develop. CIOs need to develop new ways in order to retain cybersecurity talent to ensure data is protected.

BMJ’s CDO Sharon Cooper says: “Security is a skill that everyone should have at varying levels, bringing diverse teams together and sharing knowledge. The hack day would bring suggestions that would fix business problems, develop new products or improve existing policies.”

Cultural change

One of the most effective ways to improve awareness of security threats is to encourage a cultural change. A security best practice should be available throughout the workplace, as this offers employees a useful resource to drive forward the shift in attitudes towards security.

CIOs can deliver a security strategy which underlines the importance of the risks, any personal concerns and how it will directly affect the business.

Today, employees are exposed to password theft, ransomware and malware, so businesses should be promoting a security culture that can help staff members to stay safe online and recognise telltale warnings surrounding cyber-attacks.

A cultural change should result in the staff’s behaviour adapting to the strategy and becoming more responsive to security protocol. This can help increase employees’ skills, attitudes and own safety when it comes to security.

TalkTalk Business COO Duncan Gooding sees security as much as a cultural thing as an IT solution.

“We have a whole cultural initiative from having training, workshops and group projects making staff aware of the types of security and risks in which we would expect in terms of best behaviour approach.”

The COO has helped change TalkTalk’s security strategy since the 2015 cyber-attack, which cost the telecom company £400,000 in fines.

“TalkTalk is very much going through a cultural expectance of what security means across the business post the cyber-attack,” he said. “The strategy is being discussed at every meeting and the fact that security is embedded in everything we do, from the process and the new products that we launch, to now being part of the day to day discussion.”

Employees need to understand the part they play in achieving a security strategy. Team collaboration is a great way to establish security in the workplace through planning ideas and setting budgets to help motivate the team to deliver a cultural change.

Collaborate with Security Teams

CIOs should collaborate with security teams and get to grips with existing security policies.

Security is a complex subject and ongoing issue for CIOs today. In-house teams cannot be expected to know everything from malware, data and information security.

Regular meetings with security departments can build a relationship while also outlining clear cybersecurity risks and legislation to ensure end-to-end security. 

Taking notes, asking questions and peer observations can help raise awareness within the organisation.

Create a strategy roadmap

A common result of cyber-attacks has seen personal details including email addresses, bank accounts and user passwords been accessed and stolen by hackers.

According to a 2017 Harvey Nash survey, under a third of organisations have been subject to a major security incident in the past 24 months.

Wonga, Pizza Hut and Equifax are just some of the organisations who were fell victim to a security breach in 2017. These infamous breaches have shown a loss of public confidence and cost companies millions of pounds. Raising security awareness can obviously help ensure the company is protected from cyber-attacks.

See the most infamous data breaches on Techworld

A security roadmap detailing the risk of employee’s actions when online will help protect them against common malicious content associated with document sharing, link clicking and file downloading. A roadmap will also ensure a set path is created with CIOs and employees can call upon, when needed.

Collecting information from previous reports and carrying out regularly penetration tests will help illustrate the areas CIOs need to address in order to prevent any security vulnerabilities. This can help ensure the business and its data is protected while, of course, raising awareness of security in the workplace.

Upgrade equipment

When it comes to security CIOs should look to see if there are possible upgrades to be made before purchasing equipment.

Although organisations shouldn’t be cutting costs when it comes to security and protecting customer data, security tools should be updated regularly to reduce the risk of cyber-attacks which inevitably will cost less money.

A good security suite can help protect your devices from a range of threats and prevent your organisation from a serious security risk.

Provide Secure Devices

CIOs should be prepared to provide employees with safe and secure IT equipment.

Security concerns surrounding mobile apps, file-sharing and downloads have become an issue for organisations today, with employees connecting to open and vulnerable networks more often.

Device management tools such as Miradore, Spiceworks and SOTI offer an extra layer of security and remote access, meaning that if any vulnerability is detected, the systems administrator can effectively shut down the device and limit the amount of potential damage that might be caused.

As organisations are exploring new ways to protect their customers, IT Director Jonathan Monk has turned his attention to information security to help protect his pupils at The University of Dundee.

“We have just deployed Microsoft Enterprise Ability Suite and key wins for that has been assuring personal and mobile devices are secure and encrypted wherever they are,” he said. “If they are accessing data from the university they can then be confident that is safe and secure," he explained.

You should also consider setting out a mobile or device best practice for security to ensure you are meeting the organisation's security needs and protocol. This approach will assess employee devices to ensure they are connected to the business network safely.
 
The applications and devices you want to permit can help ensure company data is protected while also educating staff on the overall risks of security. By regularly monitoring devices it can help limit organisations risks, reduce IT costs and help manage IT use.

CIO

You Might Also Read: 

The 3 Biggest Mistakes in Cybersecurity:

 

« UK Police Cybercrime Training
Cyber Criminals Have Ingenious Money Laundering Methods »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

Digital Element

Digital Element

Digital Element is a global IP geolocation and intelligence leader with unrivaled expertise in leveraging IP address insights to deliver new value to companies.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.