By Isaac George, SVP and UK Regional Head, Happiest Minds.
IDC: By 2018, 67% of the CEOs of Global 2000 enterprises will have digital transformation at the centre of their corporate strategy.
The whole world is moving at breakneck speed. Across every industry, organisations are looking to digitally transform their operations to keep up with customer demand, business expectations and global competition, and as a result, businesses are increasingly digitising their data, products and processes in a quest for growth and competitive advantage.
However, while digitisation offers many benefits, such as increased efficiency, better customer experience, quicker access to data, greater collaboration and reduced costs, it also exposes organisations to greater cyber security risks by expanding the attack surface and opening up more avenues for hackers to target.
Putting in place appropriate cyber security services certainly helps to defend your organisation from cybercrime, however, studies reveal that the majority of security breaches are still caused by human error and inappropriate user behaviour. Therefore, the key to ensuring heightened cyber security lies in building awareness among your employees. A comprehensive security awareness program helps sensitise employees to the risks that their actions can pose to the organisation by educating them on the guidelines and procedures that should be followed while using sensitive data.
So, as security becomes further digitised, how should an organisation go about implementing a security awareness program?
Assess the current security awareness of your employees by checking if they are aware of the established policies and procedures, and gather information on how your employees utilise technology, the kind of data they use and their ability to spot a cyber-attack. Evaluate their knowledge of organisational defence strategies and the cyber security services in place, as well as areas of vulnerability.
Educate employees through training programs that familiarise them with organisational policies and procedures, as well as cyber security services. This also helps them understand how to avoid risk and drives an organisation-wide culture of secure behavior that reinforces security. Such training programs help improve an employee's ability to identify and thwart potential attacks, as they may harbour the mistaken impression that they will never be the target of a cyber-attack and then bring this attitude to the workplace – emphasise that this is not true.
Cyber security awareness initiatives and training programs should sensitise employees to some key aspects:
- Data classification: Classify data as internal, external, restricted, confidential, highly confidential etc. Based this on the risk associated with the data's unauthorised disclosure, so that employees take care while handling high risk data
- Cyber security services: Educate employees on the required course of action in case of a cyberattack, and ensure that they are aware of their organisation's cyber security services and the procedures for getting in touch with support to report an attack. This may sound like common practice but believe me, the number of organisations that I know have cyber policies in place but have failed to communicate them to their staff would surprise you
- Access management: Put in place password protocols and ensure that your employees follow them. Stress the importance of creating strong passwords and changing them often, and encourage your employees to use passphrases rather than passwords
- Safe practices: Inform employees of the various ways in which a breach can occur inadvertently – social engineering, phishing, unacceptable browsing, social media posts, using personal devices for official purposes etc. Furthermore, educate your employees on what can and cannot be installed on the computer, and implement strict rules to ensure that this is covered as part of an organisational security policy
- Staying alert: Stress the importance of staying alert and immediately reporting any unusual cyber activity
The value of a cyber security awareness program is determined by its effectiveness. Conduct surveys to check if your employees understand the information imparted through the awareness program and lay down key metrics to track the performance of the program.
Effectively protecting your company from cyberattacks starts with educating your employees, and as we move into a world that is increasingly more digital, employers have to be increasingly sure that their staff are aware of the potential risks and indeed, of their own behaviour. Putting in place cutting edge technology solutions will be of little use if your employees fail to understand what is required of them to protect sensitive company data and resources. Educating your employees therefore plays a vital role in successfully securing the modern digital organisation.