==
Home » Uncategories » REGULARLY TALK TO EMPLOYEES ABOUT CYBERSECURITY

REGULARLY TALK TO EMPLOYEES ABOUT CYBERSECURITY



REGULARLY TALK TO EMPLOYEES ABOUT CYBERSECURITY.
• Explain the potential impact a cyberincident may have on your organization’s operations, and spell out employee obligations, particularly with the use of mobile phones.
• It’s not enough to require an annual review and signing of an “I have read and understand company IT policies.”

EXTERNAL THREATS EXPERIENCED

In a recent survey conducted by B2B International and Kaspersky Lab, 94% of companies reported some form of external threat.


Tip #1
REGULARLY TALK TO EMPLOYEES ABOUT CYBERSECURITY.

Spam
Viruses, worms,
spyware and other
malicious programs
Phishing attacks
Network intrusion/hacking
Theft of mobile
devices
Denial of Service (DoS),
Distributed Denial of
Service Attacks (DDoS)
Theft of larger hardware
Corporate espionage
Targeted attacks
aimed specifically at
our organizations/brand
Criminal damage

• Top managers are often targeted because:
— They have access to more information. The bad guys recently targeted
traveling executives using free hotel Wi-Fi without encryption.
— IT bends the rules for them.
— The damage/financial payoff can be much bigger.
• With their unlimited power over the network, IT folks are also vulnerable.


Tip #2

EXPLAIN TO THE EMPLOYEES THAT, WHILE YOU MAKE THE BEST EFFORT TO SECURE THE COMPANY’S INFRASTRUCTURE, A SYSTEM IS ONLY AS SECURE AS THE WEAKEST LINK.
• Encourage cooperation, not just compliance.
• Create a policy sophisticated enough to cover all possible attack vectors.
• Recognize that humans have weaknesses and make mistakes.

Tip #3

HAVE REGULAR, FOCUSED SESSIONS WITH EMPLOYEES TO EXPLORE DIFFERENT TYPES OF
CYBERATTACKS.
• Since new employees start work all the time, cybersecurity training should be
part of your general onboarding activities.
• Consider different formats (e.g., Lunch & Learn).
• Make it useful.
— Most employees have PCs at home and relatives who also need help.
• Make it useful.
— Reference topical news stories.
— Use social media.


Tip #4
WARN EMPLOYEES TO PAY SPECIAL ATTENTION TO SOCIAL ENGINEERING ACTIVITIES.
• Beware of social media, blog and suspicious links from unknown sources
while at work or using corporate devices.
• Many cyberincidents begin with a phone call from someone posing as a
co-worker asking seemingly innocuous questions, gathering information
about the company and its operations.
• A cybercriminal exploiting social weaknesses almost never looks like one.

Tip #5

TRAIN EMPLOYEES TO RECOGNIZE AN ATTACK.
• Have policies in place that assume you’ll be infiltrated. Don’t wait to react.
Have a documented remediation plan in place and update or review
frequently.
• Communicate step-by-step instructions about what to do if employees
believe witnessed a cyberincident.
• Training needs to happen before there’s a problem.
Trainings should include specific rules for email, Web
browsing, mobile devices and social networks.
Don’t forget to include the basics:
• Physically unplug your machine from the network.
• Notify your administrator of any suspicious emails, unusual activity or if you
lose your mobile device.
• If you can’t find your emergency IT number in 20 seconds or less, start
memorizing!


Tip #6

NEVER DISAPPROVE OR MAKE FUN OF AN EMPLOYEE WHO RAISES A RED FLAG.
• Even if it’s a false alarm, it’s important not to discourage employees for
speaking up in case a real cyberattack happens.
• If false alarms happen regularly, improve your training approach.

Tip #7

IF AN INCIDENT HAPPENS, GIVE YOUR EMPLOYEES A HEADS-UP AS SOON AS POSSIBLE.
• A lack of transparency or improper handling of a cyberincident may
significantly increase the impact of the event.
• Issue instructions about how to speak to the public and the press about the
incident.
• Have an internal communications plan and PR strategy in place before
anything happens.
• Consider insurance for cyberincidents.

Tip #8

REGULARLY TEST EMPLOYEES CYBERSECURITY KNOWLEDGE.
• Make it relevant for their digital lives.
• Make it fun or rewarding (or fun
and
rewarding) with incentives for
prompt responses.

Tip #9
INVITE, LISTEN AND RESPOND TO FEEDBACK.
• If you force employees to change passwords every week, be prepared that
they will write them down and post them in their workspaces.
• If it’s too difficult or complicated to access something they need to do
their jobs, they will find less secure work-arounds like using personal
email, USB sticks and using colleagues to bypass restrictions.
• Learn the root cause of unsafe behavior.


Tip #10
INVITE, LISTEN AND RESPOND TO FEEDBACK.
• If you force employees to change passwords every week, be prepared that
they will write them down and post them in their workspaces.
• If it’s too difficult or complicated to access something they need to do
their jobs, they will find less secure work-arounds like using personal
email, USB sticks and using colleagues to bypass restrictions.
• Learn the root cause of unsafe behavior.
Admin

Pro Teknologi dibuat pada 22 Februari 2017. Blog ini adalah harapan saya agar dapat membagi manfaat kepada orang lain,berupa tips-tips Seputar Blog,Internet,Komputer,dan Info-Info Menarik lainnya.

0 Response to "REGULARLY TALK TO EMPLOYEES ABOUT CYBERSECURITY"

Post a Comment

Subscribe to: Post Comments (Atom)