Use the content in Compliance Communicator to help strengthen tone in the middle: we grant you permission to re-use our content for your E&C newsletters.
Never Miss an Issue: Subscribe to Compliance Communicator
Memo to Managers
Are You Helping Create a Culture of Cyber Security?
How confident are you that your team’s day-to-day business decisions will help us strengthen a culture of cyber security in our organization? If you’re not sure of the answer, read on!
The majority of cyber security breaches are caused by human error. We need your help to keep cyber security top of mind. Ask yourself the following questions to determine the degree to which your team is helping our organization stay secure:
- Does my team using their own phones, tablets, flash drives, etc. at work? Reinforce the need to comply with our “bring your own device” policy—and the potential impact of even one security breach on our network.
- Would my employees know what to do if they encountered something suspicious in their email in box? It only takes one click in a phishing email to create a system vulnerability or inadvertently download malware. The rule of thumb should be think before you click—and when in doubt, ask. Cyber criminals are using increasingly sophisticated methods to target employees and break in to system networks. Immediate internal reporting is an essential part of maintaining effective cyber security.
- Does my team stay on top of required security updates from IT? Putting off security updates you’re requested to make by the IT team creates risk. Reinforce with your team the need to act promptly when a security update is required.
- How often do we use web apps? Using popular, online, web-based apps might seem like an easy choice—but they may not be the most secure choice. Check with IT before you say “yes” to a team member who wants to use a web app—or before using them yourself.
- When is the last time I talked with my team about taking laptops on the road? Team members who travel or work off site need extra reminders about keeping data safe and secure. Give periodic reminders about the need to be extra vigilant about preventing laptop theft, and using only secure wi-fi connections to access the network or confidential documents.
As with all aspects of ethical and compliant behavior, your team looks to you to determine which behaviors are acceptable and which are not. Remind employees that their behavior can have a major impact—and make sure you’re setting a good example.
Questions of the Month
Q: The IT department told us we couldn’t use a web-based file-sharing service anymore because it’s not secure. But it’s going to be a major hassle to move everything over, and it’s really the easiest way to send large files. Is it really that risky?
In short, yes. Talk to your IT department to find alternatives to the service you were using. As a business partner, they’re committed to helping meet your needs while keeping our organization compliant with our policies and cyber security best practices.
Q: A colleague mentioned that you can download malware by clicking on links on social media websites. That’s not true, is it?
Actually yes, it is true. Links in social media can be infected with malware. And if your team members use social media at work—either for personal use or for work use—they need to exercise great caution in clicking on links from unknown or suspicious users.
To help reduce the risks of human error, the leading cause of cyber security risk, we’ve created a toolkit with a free micro learning training course, sample acceptable use policy, a sample phishing email and more. Get your free toolkit today!
Using Compliance Communicator
Equipping managers with the skills they need to navigate the E&C challenges they face is critical. Use the content in Compliance Communicator to help keep compliance top of mind with your managers and strengthen your organizational culture. NAVEX Global grants you permission to publish any or all of the content to best suit your needs.
For more valuable content from our Advisory Services team, subscribe to our blog, Ethics & Compliance Matters™. You’ll find perspectives on the latest E&C trends that impact your program, and get insights on increasing program effectiveness.