5 Steps to Increase Your Company’s Cyber Security Awareness
Just over a month ago, I published a blog with 5 Steps to Increase Your Cyber Security Awareness. This is the follow up so that you can have great personal cyber security, preventative practices and safeguard your entire company as well.
Below is a list of 5 steps your organization can take towards better cyber security practices and increased awareness. Every organization will find some of these steps easier than others. It’s important to keep in mind that cyber security is an ongoing process and every, little step towards increased awareness is a step towards keeping your organization more secure.
With all of this in mind, let’s dive right in:
1.) Executives and Board Members need to set the example
If security measures are not consistent across the company, responsibility gets confusing and motivation is tempered. It is so important that the board room sees cyber security important enough to invest resources into security measures.
After an unexpected hack of a German steel mill, in 2015, The Guardian held a roundtable discussion with cyber security experts weighing in on cyber security awareness across an organization. The experts discussed many aspects, but their first point was to “raise the profile of cybersecurity in the boardroom”. Under this topic, the experts noted that many boardroom members aren’t fully aware of how immersive technology has become to their day-to-day operations. In most companies today, a cyber security breach could not only result in sensitive employee and customer information, but could also damage critical infrastructure or even shut down all systems in a network.
One Expert remarked, “If you have a major safety incident, somebody sat at the board level goes to prison,” referring to the Health and Safety Offences Act. “If a cyber-incident became an imprisonable offence, how quickly would the chief information security officer find himself sat on the board?”
Organizations who are successful in protecting their networks and systems will embody this sort of sentiment without the need for regulatory incentives.
2.) Authorization and Access
Not every employee needs the same level of access across your organization. Limiting access, to those who don’t need it, greatly increases your cyber security. There are a few ways you can go about limiting internet access where applicable.
- Password authentication is the first step to limited access. Assign employees to certain network user groups based on their log-in. Don’t forget to use strong passwords and two-factor authentication.
- You can have a Network Administrator create an access filter allowing certain users access while blocking others.
- There are software programs available allowing administrators to restrict internet access.
3.) Update and Backup Files
I cannot stress the importance of updating software and backing up files enough. Make company-wide standards for updating software and backing up files. If your programs are updated consistently, you will get any new vulnerability patches needed for your programs. If you back up your files regularly, you are nearly impervious to ransomware, and don’t need to worry about corrupted or deleted files, in case of a cyber-attack.
It may seem like a hassle, but it’s well worth the trouble of having to restart your computer once a week compared with the possible catastrophe that could ensue from a ransomware, or other cyber, attack.
4.) Deploy an Engaging Cyber Security Awareness Program
An engaging cyber security awareness program goes beyond a yearly training course, or occasional reminders. This step is probably the most involved.
- You’ll need a budget and management involved.
- Internal marketing materials such as posters and company-wide emails reminding employees of key security practices.
- Get non-IT employees involved with responsibility and accountability within the program.
- Gamify the program by keeping score and awarding achievement-oriented incentives.
- Deploy phishing simulators, quarterly, to both raise awareness and track progress.
The Sans Institute has a great outline for a comprehensive awareness program, publicly available.
5.) Employee Cyber Security Awareness Training
The final piece may be the most important, as far as awareness is concerned. Having your employees engage with annual or bi-annual cyber security awareness training is imperative to your company’s success in preventing, and mitigating, cyber-attacks.
Hackers’ and cybercriminals’ methods and tactics advance rapidly. Security experts themselves often have a hard time keeping up with new hacking and social engineering techniques. Deploying the most up-to-date training, and requiring employees to revisit more current training programs yearly is critical to your company’s security. Not only is repeat training a great reminder for best-practices already in place, but will also keep your employees privy to the latest tricks and traps to avoid.
The Optimal Training Solution
CyberTraining 365’s Data Security and Privacy Training is a comprehensive training solution aimed at teaching employees how to identify, mitigate and report cyber threats; creating awareness of information security risks for all roles across a company, Finance, HR, Legal, IT, Marketing, etc. This training is available on https://datasecurity365.com.
The training is subscription based, which is great for optimizing your budget with rotating seats, and has white-labeling availability. This way, you can keep your academy consistent with your internal branding.
On top of this, you can create a wider library for your business with advanced cyber security training courses for your IT team, data security and privacy training for your non-technical employees and the most current, up-to-date methodologies for your cyber security team to keep up with the industry.
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.