Just as in the 1980s when manufacturing companies recognized that quality was an attribute that had to baked into every facet of an organization (from design, production, delivery, and through product lifecycle), not inspected in at the end of the process, effective cyber security depends on every employee playing a part in keeping the enterprise secure.
The most sophisticated and expensive security technologies and tools can be instantly undermined by poor employee judgement and actions [taking confidential data and removing it from its controlled environment like a payroll application and copying it onto a thumb drive that can easily be lost or stolen]. Not surprisingly, most data breaches are caused by mistaken behavior of employees simply trying to do their jobs and not malicious actors.
The best money any organization can spend is in educating its employees about their role in keeping the enterprise safe.
What are some of the steps that organizations can take?
- Develop an appropriate use policy that spells out how corporate IT resource can and cannot be used. For example, dont visit shady web sites at work.
- Dont click on embedded hyperlinks in an incoming email message from someone you dontknow and trust. Too often, it is a malware vector.
- Dont share passwords IT should set minimum password quality standards.
- Dont ever download software onto a work machine when a web site requests you to do so your browser has all the software you need. Let the IT professionals take care of any softwareupdates or upgrades.
- Dont copy data from a controlled environment.
- Employee security awareness must be a compulsory part of onboarding every employee andthose responsibilities should be formally acknowledged annually.
Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.