Strategies For A Cyber Security Culture (£)

Uploaded on 2016-10-25 in Directors Reports

Creating a culture of Cyber sensitivity is now a corporate/business priority that should be well understood and engaged with at the Board level. It should become a presentation and training process through-out the organisation. It certainly should not be left to IT, although they of course should be very involved with the process. 

One of the best ways to protect company information is to create a corporate culture that views information security as a shared responsibility among all employees.

Our recent research has shown that companies are not strategising and tactically implementing a continuous employees training program to deal with the implications of Cyber for the company. Those organisations that have programs in place and are operating them have significantly reduced Cyber Security issues.

However, this is not just a security issue, although that is of course very important and getting a lot of press/blogs, it is also an important opportunity/creative priority that needs real Board and Management attention.   

Certainly one of the better ways of improving the security aspect of cyber-attacks is to build a business culture where cyber security is seen and engaged by staff and management as a joint and shared responsibility. 

To make this part of the culture frequent Cyber training should take palace and the sharing of issues and opportunities should become part of the shared organisational culture. Regular meetings and training programs that discuss and offer help with email opening and finding malware of different sorts – make it something that is expected to happen and discuss new and different ways to avoid and share the issues.

Most business at present does not have regular security training and even where some cyber security education does take place it is often only once or twice every couple of years. Over thirty percent of small and medium size businesses have never had cyber security training for their staff or executives.

It is very important for senior management to first take some cyber security training and have them aware and implementing security on their own habits and work practices.

This is very important and a process that must be discussed across the organisation so that soon after when employees begin their training everyone is aware of the significance and importance that the business and senior management are giving to this issue.

IT standards and security initiatives are of course critical to security, however operations and strategy also is crucial. Here are Six points that business should also use:


First, any organisation must have a Cyber Security response plan that is in place and has the understanding and backing of the Board, Senior Management and has been discussed and presented to the employees and their feed-back has been included.

Second, the operation should use a White Hat Hacker Team to randomly hack your systems at different times and days – at least five/six times a year, without prior knowledge of employees and management as to when it will happen. The methods should be understood and the results explained to the Management and staff by the CEO.

Third, there should be HR’s engagement with the requirements for new staff and training of current staff into the IT systems and processes that are being used by the organisation. 

Training is very important and a key issues in reducing Cyber-attacks. Often hackers are helped by employee, often both management and staff, opening a malware email. These issues should be discussed and openly accepted that anyone could make the mistake of opening an email that contains the potential for a hack. 

Encourage people to discuss these issues and have training against hacking a continuous process as over half of what is taught in any one training session is forgotten by by most employees within a couple of hours of the session finishing – follow-up memos are very important and then more training in a few weeks is necessary.

Fourth, form business Cyber Security forums with other businesses and organisations and engage in discussions about recent hacks and security issues. Talk to different organisations about insurance and PR issues that hacking results in.

Fifth, create an internal Cyber Security response team that includes IT, HR and PR employees and ensure they have a continuous plan and process that is changing with the development of current hacking and issues of Cyber Security.

Six, create an analysis development team that can investigate and analyse the massive data that the Internet provides to get clearer views of your organisations position in the markets that it works within and related and connected markets. This process should be liked to sales and product development.    

This is an on-going process and should not be left just to IT as Cyber is effecting all aspects of any business even if at present some management and employees say it has no effects on their areas.

By Alfred Rolington

 

 

« Who Is Trying To Disrupt The Internet?
Cyber Security Myths for SMEs (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Rackspace Technology

Rackspace Technology

Rackspace Technology is a leading provider of managed services across all major public and private cloud technologies. Secure your IT environments with powerful cloud security solutions and support.

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

Innova

Innova

Innova is Turkey's leading IT solutions company, providing platform independent solutions to organizations in telecommunication, finance, production, public and service sectors.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

SafetyDetectives

SafetyDetectives

SafetyDetectives mission is to give our readers accurate and valuable information so they can make informed decisions about staying safe, secure and protected on the internet.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Traced

Traced

TRACED is changing the detection paradigm. Empowering defenders to go on the offense to engage cyber attackers before they compromise your organization.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Netsurit

Netsurit

Managed IT, Cloud, and Security Services. Netsurit is Your IT Innovation and Digital Transformation Accelerator.

vpnMentor

vpnMentor

We started vpnMentor to offer users a really honest, committed and helpful tool when navigating VPNs and web privacy.

Security Risk Advisors (SRA)

Security Risk Advisors (SRA)

Security Risk Advisors deliver cybersecurity services to leading companies in the Financial Services, Healthcare, Pharmaceuticals, Technology and Retail industries.