Strategies For A Cyber Security Culture (£)

Creating a culture of Cyber sensitivity is now a corporate/business priority that should be well understood and engaged with at the Board level. It should become a presentation and training process through-out the organisation. It certainly should not be left to IT, although they of course should be very involved with the process. 

One of the best ways to protect company information is to create a corporate culture that views information security as a shared responsibility among all employees.

Our recent research has shown that companies are not strategising and tactically implementing a continuous employees training program to deal with the implications of Cyber for the company. Those organisations that have programs in place and are operating them have significantly reduced Cyber Security issues.

However, this is not just a security issue, although that is of course very important and getting a lot of press/blogs, it is also an important opportunity/creative priority that needs real Board and Management attention.   

Certainly one of the better ways of improving the security aspect of cyber-attacks is to build a business culture where cyber security is seen and engaged by staff and management as a joint and shared responsibility. 

To make this part of the culture frequent Cyber training should take palace and the sharing of issues and opportunities should become part of the shared organisational culture. Regular meetings and training programs that discuss and offer help with email opening and finding malware of different sorts – make it something that is expected to happen and discuss new and different ways to avoid and share the issues.

Most business at present does not have regular security training and even where some cyber security education does take place it is often only once or twice every couple of years. Over thirty percent of small and medium size businesses have never had cyber security training for their staff or executives.

It is very important for senior management to first take some cyber security training and have them aware and implementing security on their own habits and work practices.

This is very important and a process that must be discussed across the organisation so that soon after when employees begin their training everyone is aware of the significance and importance that the business and senior management are giving to this issue.

IT standards and security initiatives are of course critical to security, however operations and strategy also is crucial. Here are Six points that business should also use:


First, any organisation must have a Cyber Security response plan that is in place and has the understanding and backing of the Board, Senior Management and has been discussed and presented to the employees and their feed-back has been included.

Second, the operation should use a White Hat Hacker Team to randomly hack your systems at different times and days – at least five/six times a year, without prior knowledge of employees and management as to when it will happen. The methods should be understood and the results explained to the Management and staff by the CEO.

Third, there should be HR’s engagement with the requirements for new staff and training of current staff into the IT systems and processes that are being used by the organisation. 

Training is very important and a key issues in reducing Cyber-attacks. Often hackers are helped by employee, often both management and staff, opening a malware email. These issues should be discussed and openly accepted that anyone could make the mistake of opening an email that contains the potential for a hack. 

Encourage people to discuss these issues and have training against hacking a continuous process as over half of what is taught in any one training session is forgotten by by most employees within a couple of hours of the session finishing – follow-up memos are very important and then more training in a few weeks is necessary.

Fourth, form business Cyber Security forums with other businesses and organisations and engage in discussions about recent hacks and security issues. Talk to different organisations about insurance and PR issues that hacking results in.

Fifth, create an internal Cyber Security response team that includes IT, HR and PR employees and ensure they have a continuous plan and process that is changing with the development of current hacking and issues of Cyber Security.

Six, create an analysis development team that can investigate and analyse the massive data that the Internet provides to get clearer views of your organisations position in the markets that it works within and related and connected markets. This process should be liked to sales and product development.    

This is an on-going process and should not be left just to IT as Cyber is effecting all aspects of any business even if at present some management and employees say it has no effects on their areas.

By Alfred Rolington

 

 

« Who Is Trying To Disrupt The Internet?
Cyber Security Myths for SMEs (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

Symantec Ventures

Symantec Ventures

Symantec Ventures is an active, strategic partner at key stages of a startup’s growth. We are dedicated to helping visionary entrepreneurs protect the Cloud Generation.

Cloudsine

Cloudsine

Cloudsine (previously Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Pentest360

Pentest360

Pentest360 is a 24x7x365 Penetration testing service offered through a feature-rich, centralised platform on the cloud that delivers instant visibility during security assessments.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Asimily

Asimily

Asimily’s IoMT risk remediation platform holistically secures the mission-critical healthcare devices that deliver safe and reliable care.

BlockSec

BlockSec

BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top security researchers and experiencedexperts from both academia and industry.

Nicoll Curtin

Nicoll Curtin

Nicoll Curtin is a global company with over 20 years of experience in connecting outstanding talent with industry leading companies within Technology, Change and Cyber Security.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.