“We have met the enemy and he is us.” – Pogo
Review
Our last two blog posts have focused on revealing the greatest threat to your company’s security. The first cited a 2018 report published by PricewaterhouseCoopers that indicated cyber threats to the security of company data are continuing to increase and that employees are the top sources of security incidents. The second shared the finding that “100% of government entities see their own employees as the biggest threat to security.”
This week we wrap up the series by getting ‘down to the brass tacks’ of the best practices you can implement to minimize the greatest threat to your company’s security.
Respond
Knowledge is power only if we use it. Now that we are aware that the greatest weakness in our systems appears to be the users, how we respond to that knowledge is key to protecting your data. Here are a few recommendations for your business.
- Establish policies that define usage rights and responsibilities.
- Develop a training program. The program should be formal and documented. Each module of the program should be comprehensive and comprehendible.
- Start at the beginning. Include employee security awareness and expectations when onboarding new employees. Include computer use policies and cybersecurity awareness and practices as an essential part of employment.
- Train continuously. Avoid falling into the “one-and-done” trap so common in business training. People to not retain everything they learn. Remind, review, and update training continuously.
- Put employees to the test. Some companies have gone on phishing excursions. The company creates and sends “fake phishing” emails to employees to see who, if any, responds to them. Use the results to coach those employees and, discreetly, use their cases as examples during employee training.
- Evaluate employee security performance. Cybersecurity has become an important and essential part of your business. It should, therefore, become an important part of the regular employee evaluation process.
- Raise awareness of new threats. Stay abreast of new cybersecurity concerns as they arise. Communicate those dangers to your employees. Add the new threats to your cybersecurity training.
- Reward employee performance and compliance. When employees spot a potential security issue, recognize their contribution. Do the same when they “pass” phishing tests or demonstrate an exemplary approach to their use of your technology.
- Don’t expect perfection. Yes, after all, we are human. That is what makes employees the biggest threat to your company’s cybersecurity. An occasional reminder that you, too, are human is always helpful. The mistake that is made could be yours.
- Always err on the side of caution. Need we say more?
We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).
Joe Thibodeau
Tech Sentries Inc
2105 Leopold Street
Johns Island, SC 29455
843-282-2222 Office/Fax
843-902-6885 Cell