How to Raise Security IQs Within Your Organization Heres how organizations can better educate their employees on security issues Any organization is a potential target for tech-related crises, and all levels of staff can take steps to protect their data and devices from being compromised. Ongoing user education continues to be the best defense against cyber attacks, and security-conscious business processes will play a larger role in these efforts next year and beyond. Here are three suggestions to help your employees to be more security-aware. Devote More Attention to Devices: Rather than hold an annual security briefing, CSOs should work regularly with managers across departments to integrate cyber security best practices into employees’ workflow, especially with regard to the devices they use. Particularly in environments with a prominent BYOD presence, IT and front office leaders must develop policies governing personal device use that balance security concerns with employees personal and work-related needs. Providing device encryption, clear standards for file storage and a variety of corporate-approved applications will go a long way toward avoiding common security gaps without overburdening employees. Promote Better Password Management: Most employees fall into one of two camps: those that precariously assign the same password to every device and app, or those that burden themselves with dozens of forgettable password variations. Even IT departments well-intentioned requests to routinely change passwords exacerbate the problem, encouraging employees to track passwords on Post-Its or unprotected files. Enforce company-wide password security protocol, and take the time to teach users how to pick a strong, yet memorable password. If possible, invest in corporate single sign-on tools that eliminate the need (and liability) of juggling multiple log-ins. Rethink Processes: Business processes are typically designed to maximize efficiency, with security concerns addressed only loosely (or not at all). As a result, vulnerabilities to threats like social engineering remain embedded within employees’ workflow. Social engineering techniques – from impersonation to phishing – capitalize on employee confusion over proper procedures and protocol, and they continue to grow in sophistication. Companies need to bake better controls into their processes, such as requiring identity verification before accessing certain files, or implementing multi-factor authentication. Front-office workers are less likely to divulge sensitive information when they are aware of potential threats, understand how to identify trusted sources and have a clearly established set of guidelines to follow. IT departments have been aware and engaged with security issues, but as cybersecurity threats intensify, they cant be the only concerned parties. IT teams must work with all employees to enforce policies What are you doing to assist customers with understanding security issues within their organizations? What are they doing wrong?
Posted on: Tue, 30 Dec 2014 03:27:09 +0000
Trending Topics
Recently Viewed Topics
© 2015