In the past, cybersecurity was the concern of a few people making sure hardware was security and passwords were changed regularly. It was a simpler and much more manageable time where scalability was of little concern.
Today security is everyone’s job. With the significant rise (and unfortunate success) of phishing attacks, every employee needs to be on alert for suspicious emails and activities to protect their organization. With this being the case, companies should be asking, how can we help our employees be cybersecurity savvy?
April Slayden Mitchell, Dasera’s VP of Engineering & Operations, recently discussed with SC Media, four ways that companies can improve their employees’ security awareness:
- Providing regular training to employees - emphasizes the importance of continually educating employees about the latest security threats and best practices for protecting sensitive data.
- Implementing a "security culture" within the company - stresses the importance of making security a company-wide priority and encouraging employees to take ownership of their role in protecting the company's data.
- Making security a part of the onboarding process for new employees - suggests that new employees should receive training on security policies and procedures as soon as they join the company.
- Involving employees in security incident response drills - highlights the importance of involving employees in incident response drills to ensure that they are prepared to respond effectively in the event of a security incident.
These steps to increase employees’ awareness are only the beginning of a company’s security journey. Organizations will reap the benefits of a security-focused workforce with continuous training. Every team member should build awareness and familiarity with all security practices, and over time they will develop security-first muscle memory. Least privilege reviews should feel like second nature for managers. Engineers should expect and be familiar with multiple reviews of all source code changes; make a backup, encryption, and limited access the default, not the exception, for every DevOps lead.
By taking these steps, companies can help ensure that their employees are equipped to recognize and respond to security threats and that they understand the importance of their role in protecting the company's data.
Read the article for a deeper understanding of how an organization can start and/or optimize its internal security awareness training.