Use the content in Compliance Communicator to help strengthen tone in the middle: we grant you permission to re-use our content for your E&C newsletters.
Memo to Managers
Four Ways You Can Help Mitigate Our Rising Cyber Security Risks
As FBI Director James Comey recently stated, “There are only two types of companies when it comes to cyber security. Those that have been hacked and those that do not know they’ve been hacked.” With so many potential entry points to our company’s network (smart phones, tablets, laptops, etc.), the bottom line is that cyber security risks have increased for all organizations, including ours.
Understanding and Managing Our Cyber Security Risk
As a manager, you have a responsibility to help protect our organization’s sensitive information—including personnel, financial and strategic data—to thwart potential risks.
Consider taking the following steps to protect yourself, employees and our organization online:
- Be sure your employees complete and understand the training provided by both our compliance department and IT/Information Security. Make sure your team is getting the information they need to effectively protect our organization from cyber security risks.
- Teach employees how to spot phishing emails and report suspicious emails. When applicable, use case studies from real security breaches to highlight the importance of being vigilant when accessing websites, logging onto the network from other devices and clicking on links embedded in emails.
- Understand your role in protecting your employees’ personal information. Do not work on compensation or other sensitive employee information on an unsecured network or on a device that does not have the appropriate encryption technology.
- As always, be there to answer their questions. As is crucial for fostering a culture of compliance, support a speak-up culture by demonstrating that when your employees aren’t sure what to do, they know can talk to you.
Compliance with our technical guidelines does not automatically equate security. Even the most compliant organizations have or will experience a security breach at some point. But we should all be proactive about ways to deter, detect and remediate should a breach occur in our organization and your contributions are critical to that equation.
Questions of the Month
Q: I know one of my employees is transporting our intellectual property on an unsecured device. Our IT training says we shouldn’t do that. How should I address the situation with them?
A: You should direct your employee to the relevant IT Security/Compliance policy. The employee should be required to remove the content from the device as soon as possible.
Q: Doesn’t IT own cyber security risk? Why am I getting this message from the compliance office?
A: While this risk area is technical in nature, much of cyber security risk is related to human error. The compliance team works with you to help educate and train your employees to ensure that our organization is protected. We work hand-in-hand with our more technical colleagues to ensure you have the tools you need to assist the employees that report to you.
Until recently, cybersecurity has been a siloed risk in IT. But, with the vast majority of cybersecurity breaches related to human error, it is essential to address root causes through all facets of your ethics & compliance program—especially policies and training. This webcast maps out:
- Cyber Security’s relationship with ethics and compliance programs
- How you can work with IT and other key departments across your organization to protect your business from cybersecurity threats
- Best practices for mitigating cybersecurity risk—and ensuring board-level attention and action around this issue
Using Compliance Communicator
Equipping managers with the skills they need to navigate the E&C challenges they face is critical. Use the content in Compliance Communicator to help keep compliance top of mind with your managers and strengthen your organizational culture. NAVEX Global grants you permission to publish any or all of the content to best suit your needs.
For more valuable content from our Advisory Services team, subscribe to our blog, Ethics & Compliance Matters™. You’ll find perspectives on the latest E&C trends that impact your program, and get insights on increasing program effectiveness.