Strategies For A Cyber Security Culture (£)

Uploaded on 2016-10-25 in Directors Reports

Creating a culture of Cyber sensitivity is now a corporate/business priority that should be well understood and engaged with at the Board level. It should become a presentation and training process through-out the organisation. It certainly should not be left to IT, although they of course should be very involved with the process. 

One of the best ways to protect company information is to create a corporate culture that views information security as a shared responsibility among all employees.

Our recent research has shown that companies are not strategising and tactically implementing a continuous employees training program to deal with the implications of Cyber for the company. Those organisations that have programs in place and are operating them have significantly reduced Cyber Security issues.

However, this is not just a security issue, although that is of course very important and getting a lot of press/blogs, it is also an important opportunity/creative priority that needs real Board and Management attention.   

Certainly one of the better ways of improving the security aspect of cyber-attacks is to build a business culture where cyber security is seen and engaged by staff and management as a joint and shared responsibility. 

To make this part of the culture frequent Cyber training should take palace and the sharing of issues and opportunities should become part of the shared organisational culture. Regular meetings and training programs that discuss and offer help with email opening and finding malware of different sorts – make it something that is expected to happen and discuss new and different ways to avoid and share the issues.

Most business at present does not have regular security training and even where some cyber security education does take place it is often only once or twice every couple of years. Over thirty percent of small and medium size businesses have never had cyber security training for their staff or executives.

It is very important for senior management to first take some cyber security training and have them aware and implementing security on their own habits and work practices.

This is very important and a process that must be discussed across the organisation so that soon after when employees begin their training everyone is aware of the significance and importance that the business and senior management are giving to this issue.

IT standards and security initiatives are of course critical to security, however operations and strategy also is crucial. Here are Six points that business should also use:


First, any organisation must have a Cyber Security response plan that is in place and has the understanding and backing of the Board, Senior Management and has been discussed and presented to the employees and their feed-back has been included.

Second, the operation should use a White Hat Hacker Team to randomly hack your systems at different times and days – at least five/six times a year, without prior knowledge of employees and management as to when it will happen. The methods should be understood and the results explained to the Management and staff by the CEO.

Third, there should be HR’s engagement with the requirements for new staff and training of current staff into the IT systems and processes that are being used by the organisation. 

Training is very important and a key issues in reducing Cyber-attacks. Often hackers are helped by employee, often both management and staff, opening a malware email. These issues should be discussed and openly accepted that anyone could make the mistake of opening an email that contains the potential for a hack. 

Encourage people to discuss these issues and have training against hacking a continuous process as over half of what is taught in any one training session is forgotten by by most employees within a couple of hours of the session finishing – follow-up memos are very important and then more training in a few weeks is necessary.

Fourth, form business Cyber Security forums with other businesses and organisations and engage in discussions about recent hacks and security issues. Talk to different organisations about insurance and PR issues that hacking results in.

Fifth, create an internal Cyber Security response team that includes IT, HR and PR employees and ensure they have a continuous plan and process that is changing with the development of current hacking and issues of Cyber Security.

Six, create an analysis development team that can investigate and analyse the massive data that the Internet provides to get clearer views of your organisations position in the markets that it works within and related and connected markets. This process should be liked to sales and product development.    

This is an on-going process and should not be left just to IT as Cyber is effecting all aspects of any business even if at present some management and employees say it has no effects on their areas.

By Alfred Rolington

 

 

« Who Is Trying To Disrupt The Internet?
Cyber Security Myths for SMEs (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.