This week we have focused on the people part of the security puzzle. As we know, people are the weakest link and the easiest point of access. But beating this point into your employees will not help them be better at computer and network security, and just make them feel hopeless and badgered.
Getting employee buy-in requires a little bit of strategy mixed in with a lot of fun.
- Sharing the actual experiences of other small companies that have been affected by cyber-crime will make the threat real. In addition these stories provide examples of what can happen and what to look for.
- Tailor the stories to their role in the company. You might talk about CEO fraud with your bookkeeping staff, for example.
- Encourage your staff to bring stories in to share, as this will stimulate security awareness.
- In staff meetings, have a security minute where recent issues can be shared.
- Provide a resource for your employees where they can go with security concerns. This could be a member of your IT staff, or perhaps built into you support agreement with your IT vendor
- Start the process right away with new employees and let them know that security is an important job that everyone shares.
One successful way to reduce crime in high crime neighborhoods has been to fix small issues, quickly; repair broken windows and doors, remove graffiti, and so forth. This technique works in cybersecurity too. Encourage staff not to share passwords, to mention unlocked computers to the owner. Security works best one-to one, and when everyone lends a hand. Expecting your IT department to keep everything at bay will not work.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com