Seven Training Imperatives to Address Your Biggest Cyber Security Risk: Employee Behavior

diane-brown.png

One of your best defenses against a cyber attack? Your employees. Make sure they are trained on their role in protecting your organization.

There are pros and cons to the digital world that we all live in. Pros include access to an inordinate amount of information; the ability to immerse yourself in cultures you may otherwise never have an opportunity to explore and the ability to develop virtual friendships with people around the globe. Cons include the inability to disconnect from technology;  just as much bad information as there is good; and of course the vulnerability to individuals or organizations intent on inflicting harm upon you and/or your company.  

Cyber security threats are multiplying on a daily basis: it’s safe to say businesses operating in today’s digital landscape have their work cut out for them.

Maintaining Strong Defenses Against Compounding Cyber Security Threats

The days of simply reminding users to create strong network and email passwords and calling it good are long gone. Ethics and compliance officers, IT departments and executive staff members are now expected to manage internal access to critical information while protecting their organizations against increasingly aggressive, external cyber threats. No easy task. 


Preview NAVEX Global's cyber security training courses, developed with cyber security experts, Ridge Global.


Compounding the issue is the fact that most employees have multiple “smart” devices that they bring to work with them: laptops, phones, tablets and now even watches. If each employee in a 5,000 employee organization has at least two smart devices, that equates to 10,000+ potential entryways for hackers to access a company’s network (assuming that all these devices are accessing the organization’s network or email system in some capacity).

One of the Most Effective Steps Ethics & Compliance Officers Can Take to Help Protect Their Organizations from Cyber Threats? Training.

While there are many processes an organization should consider implementing to help manage cyber threats, education is the key to early threat detection and issue remediation. Cyber security training—whether online or in-person—can help significantly reduce cyber security risks. (Learn more about NAVEX Global’s cyber security training courses here.) 

What are some of the key elements that should be included in cyber security training? Here are just a few:

  1. Emphasize the role employees play in keeping the organization safe and teach them how to identify and report issues using internal reporting channels. (For content you can cut and paste into a memo to your organization’s middle managers, “Four Ways You Can Help Mitigate Our Rising Cybersecurity Risks,” click here.)
  2. You may think employees are up to speed on key terms related to cyber threats, but they may not be. Help employees get a grasp on basic cyber speak. Define key terms like “phishing” and “malware.”
  3. Develop an electronic device usage policy (including “bring your own device” or “BYOD” guidelines) and routinely educate your employees on the policy and related updates.
  4. Include policies related to cybersecurity in your code of conduct. (See page 19 of NAVEX Global’s  Code of Conduct, “Protection of Systems & Resources” for sample language.)
  5. Share your disaster recovery and post-breach communications plans with employees and other key stakeholders.
  6. Incorporate actual data from your organization’s security protocols into the training. If you can, share the number of intrusion attempts that have been made against your network and how they were identified and stopped. Real-life case studies have a lasting impact on most learners.
  7. Don’t forget to train your board of directors and executive team members—these audiences are just as important as your employee population. Be sure to tailor the content to fit this audience and their roles as it is extremely important they understand the risks involved in managing this growing threat.

Don’t wait for a security breach to deploy one of your important defense mechanisms—your employees. To learn more about developing a comprehensive cyber security risk assessment and corresponding curriculum map for your organization, schedule a consultation with an Advisory Services team member today.

 


What do you have to say? Share your thoughts in the comments below or join a discussion group on Compliance Next.


Technology is Transforming Third Party Risk Management: Predicting the Future

Guest author Michael Volkov, The Volkov Law Group, shares his insights on the seismic shifts in third party risk management—from the changing definition of an “effective” program to how to manage the flood of due diligence data while ensuring your organization is protected.
Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Insights from the E.U.—Creating and Sustaining a Strong Organisational Culture

At three recent executive roundtables held across Europe, more than 30 ethics and compliance professionals shared insights on how they are creating and sustaining an organisational culture of ethics and transparency. In this post, we share key highlights from their discussions.
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments