Strategies For A Culture of Cyber-Security

Uploaded on 2016-10-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Information security can sometimes be an overwhelming concept to grasp, but it's a necessary part of protecting your business' sensitive data.

Traditionally, information security within an organization has been viewed as a function owned by a few individuals or one department. But, as the volume of electronic and paper information collected throughout an organization increases, it’s time to shift perception on who or which department is responsible for this important undertaking.

When data protection is prioritized and done well, it provides more disciplined operations, increased customer and stakeholder trust, and minimized risk. One of the best ways to protect company information is to create a corporate culture that views information security as a shared responsibility among all employees. This can be done by implementing regular and comprehensive training programs for all employees on the right way to manage, store and destroy physical and digital data.

According to recent research, US companies are not prioritizing employee training in their fight against fraud and data breaches. Seventy-eight percent of US Small Business Owners and half (51 percent) of C-Suite report that they only conduct employee training on their company’s information security procedures once a year or less. Furthermore, 28 percent of US Small Business Owners report they have never trained employees on how to comply with legal requirements or company information security procedures and 22 percent only conduct training on an ad-hoc basis.

Experts suggest that employees may forget 50 percent of training information within one hour of a presentation, 70 percent within 24 hours and an average of 90 percent within a week. When you consider this, it is clear that training once a year or on an ad-hoc basis is insufficient to ensure valuable customer, employee and business data is being protected.

These results demonstrate the importance of proper training repeated throughout the year so employees have the knowledge and skills to protect organizations from serious risks such as theft, fraud, data loss and reputational damage.

While regular training mitigates the risk of data breaches caused by human error or lack of knowledge of security practices, it also serves as an important reminder to employees to follow company policies. When organizations provide infrequent training for employees, it may give the impression that management is not committed to a culture of information security and employees may not take information security policies and procedures seriously.

Senior management must help their team become more aware of the risks associated with mishandling confidential information. The following measures can help ensure employees have a solid understanding of company information security policies, procedures and best practices.

Commit to a Culture of Information Security

When management demonstrates a commitment to information security, employees are more likely to follow suit. If managers behave in a way that undermines security policies and procedures, employees won't take them seriously either. Consider asking employees to take a pledge to make their workplace a more secure environment. Display the pledge in various locations throughout the office. To encourage participation from all areas of the business, consider appointing employees from a range of departments to participate on a committee focused on improving information security practices.

Repetition and Frequency Are Key

Repetition and frequency are the keys to a successful training program that builds knowledge and capacity on the right way to safely manage, store, and destroy physical and digital data. Training should occur throughout the year and include various modules on organizational information security policies. Consider a "multichannel" approach utilizing a mix of in-person and digitally-delivered video training content to ensure employees are aware of how to handle and dispose of confidential information.

Out of Sight, Out of Mind

Place visual cues throughout the office to remind employees of their responsibilities in protecting confidential information. Reminder posters, such as this series of office security posters from Shred-it that targets common workplace errors and areas that increase the risk of a data breach.

Go Where Your Employees Are

A growing number of employees are now working outside of the traditional office environment. Ensure training addresses the safe destruction of confidential information for both office and remote workers. Also leverage internal newsletters, intranet news feeds, employee and corporate social media accounts to provide constant reminders about different aspects of information security that employees can access regardless of their location. Keep the information short to make it more digestible.

Embed It

Make security best practices a seamless part of daily tasks. Implement a Shred-it all Policy, which requires all documents to be destroyed once no longer needed and a Clean Desk policy which encourages employees to clear their desks and lock documents and small digital storage devices in a filing cabinet or storage unit when they leave their workstation at the end of each day or for extended periods of time.

When these policies become common practice, there is little decision left to employees on what should and shouldn't be destroyed. In addition, all shredded paper is recycled, adding an environmental benefit to a security solution for businesses.

All businesses should increase the priority of employee training to protect workplace information security. When all employees understand how to manage and identify privacy risks, business leaders are in a better position to protect their customers, their reputation and their people.

Information-Management

 

 

« Islamic State Cyber Attacks
Surprise: FBI Say US Political Hacks ‘Probably Was Russia’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.