While October was cyber security awareness month, don’t take the rest of the year off. Making sure your employees are following best computer security practices and company policies is a daunting task.
As Cyber Security Awareness Month ended, IT World Canada spoke to a several experts about what they’ve learned. Here are some tips:
The first thing to emphasize is no matter how much technology you throw into an environment it takes human error for viruses to get through. That’s why educating staff is so important. If people understand and appreciate the dangers and the risk associated with mismanaging information, then the exposure becomes measurably reduced.
Too many organizations are putting training videos out and hoping employees will watch them. Unfortunately, too many organizations (and employees) still think, “Who wants to attack us?”
Training must be edu-taining, meaning an online awareness course can’t be narrated with an artificial voice but by someone who has personality, and can inject sometimes some humor.
The tone of an awareness program must be that security is everyone’s job, and the message has to be re-enforced from executives. Bring accountability to down to the teams. Give managers information they can take to their team members on this cyber security is important to them. An example could show how a mistake by the finance team has ramifications in other departments. It’s much more pertinent when it relates to their specific roles.
Management should strive to create a culture where there’s a constant conversation about security although not to the point of boring staff. It should be made a positive element of what they do every day.
Distribute regular online newsletters on good cyber security practices. Posters in hallways and elevators with important information on who to call for help for security-related issues is also a good way to disseminate information.
The two most important things to focus on in an awareness program are how to handle email and password management. Surveys say up to 80 per cent of breaches involve credentials theft. These are two areas where an employee can become the doorway to an attacker if they aren’t aware.
Education should regularly include examples of what has happened to their company and how it was handled. Avoid dry, boring, once a month, “You’ve got to watch this video” orders. If training is relevant, pertinent, and concise then employees will listen.
Fifteen minutes at a company meeting about incidents that happened to you are far more effective than an hour with a presentation where you have to click and say ‘I agree’ so HR can say you’ve had the training. Anything you can do to shake it up is valuable. Even long-time employees need refresher courses.
In addition, encourage employees to report suspicious activity. That helps raise their security awareness. Employees shouldn’t feel they’ll be in trouble if they report a mistake they’ve made. Otherwise, employees will be “sweeping it under the carpet.”
All of us are going to be tired and make a mistake once in a while, so it’s vital an organization respond quickly to a breach of security safeguards. The best ways to do that is by creating a response playbook and to practice disaster response.
Rewarding staff for doing good security-related work – including a reward for developers who write code with no vulnerabilities is a great strategy. Another is giving them security tools for their home computers (like free antivirus) to help staff understand security awareness takes place everywhere.
Full article here – click here for link
We at Advanced Systems Solutions have helped many organizations protect themselves from harm. If you’re looking for a support company to help keep you safe, with unmatched customer service, please contact us. We love to help!
.
Like our Facebook page by clicking on the icon at the top right of this page to stay up to date with current alerts and information!
Disclaimer: The above information is not intended as technical advice. Additional facts or future developments may affect subjects contained herein. Seek the advice of an IT Professional before acting or relying on any information in this communiqué.