Strategies For A Cyber Security Culture (£)

Creating a culture of Cyber sensitivity is now a corporate/business priority that should be well understood and engaged with at the Board level. It should become a presentation and training process through-out the organisation. It certainly should not be left to IT, although they of course should be very involved with the process. 

One of the best ways to protect company information is to create a corporate culture that views information security as a shared responsibility among all employees.

Our recent research has shown that companies are not strategising and tactically implementing a continuous employees training program to deal with the implications of Cyber for the company. Those organisations that have programs in place and are operating them have significantly reduced Cyber Security issues.

However, this is not just a security issue, although that is of course very important and getting a lot of press/blogs, it is also an important opportunity/creative priority that needs real Board and Management attention.   

Certainly one of the better ways of improving the security aspect of cyber-attacks is to build a business culture where cyber security is seen and engaged by staff and management as a joint and shared responsibility. 

To make this part of the culture frequent Cyber training should take palace and the sharing of issues and opportunities should become part of the shared organisational culture. Regular meetings and training programs that discuss and offer help with email opening and finding malware of different sorts – make it something that is expected to happen and discuss new and different ways to avoid and share the issues.

Most business at present does not have regular security training and even where some cyber security education does take place it is often only once or twice every couple of years. Over thirty percent of small and medium size businesses have never had cyber security training for their staff or executives.

It is very important for senior management to first take some cyber security training and have them aware and implementing security on their own habits and work practices.

This is very important and a process that must be discussed across the organisation so that soon after when employees begin their training everyone is aware of the significance and importance that the business and senior management are giving to this issue.

IT standards and security initiatives are of course critical to security, however operations and strategy also is crucial. Here are Six points that business should also use:


First, any organisation must have a Cyber Security response plan that is in place and has the understanding and backing of the Board, Senior Management and has been discussed and presented to the employees and their feed-back has been included.

Second, the operation should use a White Hat Hacker Team to randomly hack your systems at different times and days – at least five/six times a year, without prior knowledge of employees and management as to when it will happen. The methods should be understood and the results explained to the Management and staff by the CEO.

Third, there should be HR’s engagement with the requirements for new staff and training of current staff into the IT systems and processes that are being used by the organisation. 

Training is very important and a key issues in reducing Cyber-attacks. Often hackers are helped by employee, often both management and staff, opening a malware email. These issues should be discussed and openly accepted that anyone could make the mistake of opening an email that contains the potential for a hack. 

Encourage people to discuss these issues and have training against hacking a continuous process as over half of what is taught in any one training session is forgotten by by most employees within a couple of hours of the session finishing – follow-up memos are very important and then more training in a few weeks is necessary.

Fourth, form business Cyber Security forums with other businesses and organisations and engage in discussions about recent hacks and security issues. Talk to different organisations about insurance and PR issues that hacking results in.

Fifth, create an internal Cyber Security response team that includes IT, HR and PR employees and ensure they have a continuous plan and process that is changing with the development of current hacking and issues of Cyber Security.

Six, create an analysis development team that can investigate and analyse the massive data that the Internet provides to get clearer views of your organisations position in the markets that it works within and related and connected markets. This process should be liked to sales and product development.    

This is an on-going process and should not be left just to IT as Cyber is effecting all aspects of any business even if at present some management and employees say it has no effects on their areas.

By Alfred Rolington

 

 

« Who Is Trying To Disrupt The Internet?
Cyber Security Myths for SMEs (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Nu Quantum

Nu Quantum

Nu Quantum is developing quantum photonics hardware to power the quantum revolution in communications, sensing and computing.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

Cenobe Cyber Security

Cenobe Cyber Security

Cenobe provides customized solutions to keep you ahead of potential threats and ensure the security of your organization's systems and data.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.