We previously looked at what challenges CSOs will face in 2015, but executives aren't the only ones responsible for their company’s IT security. Any organization is a potential target for tech-related crises, and all levels of staff can take steps to protect their data and devices from being compromised. Ongoing user education continues to be the best defense against cyber attacks, and security-conscious business processes will play a larger role in these efforts next year and beyond. Here are three suggestions to help your employees to be more security-aware.
Devote More Attention to Devices: Rather than hold an annual security briefing, CSOs should work regularly with managers across departments to integrate cybersecurity best practices into employees’ workflow, especially with regard to the devices they use. Particularly in environments with a prominent BYOD presence, IT and front office leaders must develop policies governing personal device use that balance security concerns with employees' personal and work-related needs. Providing device encryption, clear standards for file storage and a variety of corporate-approved applications will go a long way toward avoiding common security gaps without overburdening employees.
Promote Better Password Management: Most employees fall into one of two camps: those that precariously assign the same password to every device and app, or those that burden themselves with dozens of forgettable password variations. Even IT departments' well-intentioned requests to routinely change passwords exacerbate the problem, encouraging employees to track passwords on Post-Its or unprotected files.
Enforce company-wide password security protocol, and take the time to teach users how to pick a strong, yet memorable password. If possible, invest in corporate single sign-on tools that eliminate the need (and liability) of juggling multiple log-ins.
Rethink Processes: Business processes are typically designed to maximize efficiency, with security concerns addressed only loosely (or not at all). As a result, vulnerabilities to threats like social engineering remain embedded within employees’ workflow.
Social engineering techniques – from impersonation to phishing – capitalize on employee confusion over proper procedures and protocol, and they continue to grow in sophistication. Companies need to bake better controls into their processes, such as requiring identity verification before accessing certain files, or implementing multi-factor authentication. Front-office workers are less likely to divulge sensitive information when they are aware of potential threats, understand how to identify trusted sources and have a clearly established set of guidelines to follow.
IT departments have been aware and engaged with security issues, but as cybersecurity threats intensify, they can't be the only concerned parties. IT teams must work with all employees to enforce policies
What are you doing to assist customers with understanding security issues within their organizations? What are they doing wrong?