Cybersecurity has become the number one priority for many businesses in the wake of some very high profile data breaches at the beginning of the year. But despite the heightened awareness of decision-makers and stronger defense precautions being taken, companies are still falling prey to hackers everyday. For most organizations there is an easy explanation for the security disparity: uneducated employees.
Security doesn’t exist in a vacuum, and if the individuals interacting with the systems that need protecting aren’t taught proper defense best practices, they are bound to put enterprise networks at risk. Recognizing that people are the greatest threat to a company’s security, Kaspersky Labs created a guide with their top security tips for educating employees about cybersecurity. Spreading these tips to employees throughout the organization, and not just in the IT department, is the most reliable way for businesses to improve security.
1) Get the whole company involved in security
Having the entire workforce partake in security training and being briefed on best practices can go a long way toward improving enterprise defenses. When employees are actively involved in the process of protecting company assets, they are more likely to take ownership of their obligations and responsibilities regarding security. Inform workers about the risks surrounding sensitive data and Internet use in general. Also teach them about situational awareness and how to identify system vulnerabilities.
2) Hold executives accountable
Just because the people in the C-suite have a lot on their plates doesn’t mean they should get a pass on security training. In fact, these are the employees most likely to be targeted by hackers because of the high level of network access they posses, so it’s even more important they know the signs of a cyber attack or phishing scheme.
3) Integrate security into corporate culture
When something feels foreign or confusing, most people will ignore it and try their best not to deal with it at all. For many companies, that’s how their employees see cybersecurity. By making something an inherent part of the company culture, the topic is appears more welcoming and the practices associated become second nature. Offering frequent sessions where employees can learn and discuss real world examples of cybersecurity can make the topic seem more relevant and get workers more engaged.
4) Explain the dangers of social engineering
By now, most people are so used to sharing personal information on social media that they don’t think twice before posting. But that information is available online for anyone to see and hackers are taking advantage of it to launch devastating social engineering attacks. Employees should be taught how to verify authentic messages and requests, as well as counseled on what types of information to keep to a private audience.
5) Set up a plan to follow if employees suspect a cyber attack
One of the most reliable ways to mitigate the effects of an attack is to act quickly to eliminate the threat. Setting up a response protocol employees can follow if they believe they have been compromised can help improve the outcome dramatically. Create a document that offers users explicit steps to take in a variety of scenarios so they will always be prepared.
6) Run periodic, unannounced security tests
All of the work a company does to train its employees won’t matter if none of the information gets retained. Tools are available that allow IT teams to send simulated phishing emails to see if workers take the appropriate action and will deliver a remedial lesson if they don’t.
7) Take employee feedback to heart
The bottom line is that employees won’t warm to policies and systems that make it more difficult to do their jobs. If security requirements get in the way, they will likely find shortcuts that can leave enterprise networks at risk. Work in tandem with staff to create policies and procedures that will be respected and followed so the security is improved, not diminished.
8) Realize that nobody’s perfect
Even after working with employees to improve their understanding of enterprise security and best practices, it won’t eliminate 100 percent of mistakes. Implementing an application whitelisting program from Faronics acts as a second line of defense and will help businesses block malicious and unwanted systems from being downloaded to enterprise networks if employees slip up and download something unknowingly.