This week we have focused on the people part of the security puzzle. As we know, people are the weakest link and the easiest point of access. But beating this point into your employees will not help them be better at computer and network security, and just make them feel hopeless and badgered.
Getting employee buy-in requires a little bit of strategy mixed in with a lot of fun.
- Sharing the actual experiences of other small companies that have been affected by cyber-crime will make the threat real. In addition these stories provide examples of what can happen and what to look for.
- Tailor the stories to their role in the company. You might talk about CEO fraud with your bookkeeping staff, for example.
- Encourage your staff to bring stories in to share, as this will stimulate security awareness.
- In staff meetings, have a security minute where recent issues can be shared.
- Provide a resource for your employees where they can go with security concerns. This could be a member of your IT staff, or perhaps built into you support agreement with your IT vendor
- Start the process right away with new employees and let them know that security is an important job that everyone shares.
One successful way to reduce crime in high crime neighborhoods has been to fix small issues, quickly; repair broken windows and doors, remove graffiti, and so forth. This technique works in cybersecurity too. Encourage staff not to share passwords, to mention unlocked computers to the owner. Security works best one-to one, and when everyone lends a hand. Expecting your IT department to keep everything at bay will not work.Share