Page 26 - The Economist
P. 26
ADVERTISEMENT
Five steps to strengthen your
cybersecurity culture
,TWSV`LLZ HYL H JVTWHU`»Z NYLH[LZ[ ZLJ\YP[` ]\SULYHIPSP[` /LYL HYL [OL
[VW Ä]L [PWZ [V NL[ L]LY`VUL [V LTIYHJL [OL PTWVY[HUJL VM J`ILYZLJ\YP[`
he Equifax breach, which exposed the private in- For instance, consistently check all devices for malware and
formation of 146M Americans, was the result of update passwords. Additionally, start cybersecurity awareness
human error — both by employees and because when onboarding employees. If they learn how important
VM ÅH^LK JVTWHU` WVSPJPLZ protection is from day one, they are more likely to remain alert.
4HQVY IYLHJOLZ PU [OL OLHS[OJHYL ÄUHUJPHS LK\JH[PVU YL-
tail and government sectors have all been attributable to 3. TEST YOUR EMPLOYEES
human error: Employees succumbing to phishing attacks, Firms like PhishMe and Wombat Security test employees
falling for social engineering tactics or not practicing ap- with fake phishing scams and social engineering to help
WYVWYPH[L WHZZ^VYK THPU[LUHUJL management determine if employees
Numerous studies have shown are aware of threats and are acting
that the weakest links at major As long as human accordingly. “Phish your employees,” says
companies aren’t their systems, but Randy Abrams, an independent cyber-
[OL WLVWSL ^OV \ZL [OLT ( YLJLU[ error provides entry for ZLJ\YP[` HUHS`Z[ ¸0[»Z PTWVY[HU[ [V ÄUK [OL
survey by Kaspersky Lab found that weaknesses.”
44% of executives say the use of hackers, employees Kaspersky Lab has developed a highly
inappropriate resources is a major interactive program to promote engage-
]\SULYHIPSP[` ^P[OPU [OLPY VYNHUPZH[PVU will continue to ment on this issue. Through awareness
Some 47% of businesses say that be targets. [YHPUPUNZ HUK NHTPÄJH[PVU [OL` OLSW HSS
their biggest worry is employees levels in the organization learn that cyber
sharing inappropriate data via threats are real and that employees are an
mobile devices PTWVY[HU[ ÄYZ[ SPUL VM KLMLUJL
As long as human error provides entry for hackers,
LTWSV`LLZ ^PSS JVU[PU\L [V IL [HYNL[Z ;OL MHJ[ [OH[ IS\L 4. MAKE EDUCATION EFFORTS ENGAGING
chip companies like Target and The Home Depot have Don’t expect great results if a dry 45-minute PowerPoint pres-
stumbled because of human error illustrates how seemingly entation constitutes your company’s security training program.
PU[YHJ[HISL [OPZ PZZ\L PZ >OPSL UV[OPUN JHU LUZ\YL Instead, consider gamifying the process and adding humor
protection, experts say the best defence against human- to make the training fun, and most importantly, memorable.
MVJ\ZLK H[[HJRZ PZ [V KL]LSVW H J\S[\YL VM J`ILYZLJ\YP[`
5. APPOINT CYBERSECURITY LEADERS
1. MAKE IT A COLLECTIVE EFFORT Each line of business should have one non-IT employee
To get employee buy-in, let them know that everyone has a ^OV THUHNLZ [OL LќVY[ [V RLLW LTWSV`LLZ \WKH[LK VU
role to play. Emphasise that they are empowered to keep the the latest cyber scams and motivated to protect against
company safe. Josh Pauli, a computing professor at Dakota these attacks.
State University, says it’s critical to create a culture in which
employees feel they can report their mistakes to management A transparent, educated and engaged culture is the front
without fear of reprisal. “That’s really important because for line in protecting any company, large or small, from security
far too long there was this fear of the hammer being dropped IYLHJOLZ ,]LU [OL TVZ[ [LJOUPJHSS` HKLW[ 0; KLWHY[TLU[
on you because you clicked on something you shouldn’t,” or security partner relies on having a complete and timely
Mr Pauli says. “So maybe you just didn’t report it.” ]PL^ VM [OL [OYLH[Z [OH[ [OL` ULLK [V KLMLUK HNHPUZ[
Start strengthening that front line today by letting
2. MAKE SECURITY PART OF THE ROUTINE LTWSV`LLZ RUV^ `V\ HYL JV\U[PUN VU [OLT
Develop security concepts that can be embedded into daily,
weekly, or monthly routines. Employees are more likely to
adhere to policies and behaviours that are reinforced regularly.
