FEATURE : THE INSIDER THREAT educate employees about the increasing risks of cyberattacks and how to identify threats .
2 . Create a partnership between the security team and other departments
Renee Tarun , Deputy CISO / Vice President Information Security , Fortinet
Cybersecurity cannot fall on the shoulders of the security and IT teams alone ; especially as cyberthreats continue to grow more sophisticated and challenging to detect . In addition to ensuring that employees can identify phishing attacks , leaders should also encourage collaboration between the security team and other departments . This means helping both sides understand expectations .
While the security team will be the expert in terms of determining the risk and threats , other departments will be critical in helping to develop user-friendly policies that are easy to follow both in the office and in remote work environments , even for those who are not entirely cyber-aware .
Through collaborative efforts , CISOs can ensure that all individuals across the organization are not only aware of security policies , but also understand the impact their actions can have on the organization as a whole . Helping employees understand safe cybersecurity practices and the ramifications their actions can have should lead to improvements in how these individuals respond when confronted with a suspicious email or website , even while working from home .
When employees know what is expected and feel like they are a part of the team , they are more encouraged to follow best practices and help chip away at the behaviors that cause accidental insider issues , such as forgetting to change default passwords or neglecting to use strong passwords . And as more employees follow suit , the human firewall acting as the first line of defense to the organization will only grow stronger .
3 . Establish straightforward best practices
Even once employees are made aware of what to look for in the case of a social engineering attack , they may still need some guidance when it comes to next steps . While it is easy to ignore or delete a suspicious-looking email , what about those that appear normal that the receiver is still unsure about ? In this scenario , CISOs should encourage employees to ask themselves certain questions to help make the right judgment call : Do I know the sender ? Was I expecting this email ? Is this email invoking a strong emotion like excitement or fear ? Am I being told to act with urgency ?
While these questions should help clear up any confusion in regards to whether the email is malicious , the receiver should still take extra steps to protect themselves and their organization . This includes
hovering over links to see if they are legitimate before clicking , not opening unexpected attachments , calling
the sender to verify they actually sent the email , and reporting all suspicious emails to the IT or security team . By explaining these steps to their employees from the beginning , CISOs can avoid negative repercussions down the line .
The ability to be cyber-aware is a critical piece of the puzzle when it comes to keeping organizations secure . Whether employees realize it or not , their actions could open the door for cybercriminals to access sensitive information , meaning passivity towards security is no longer acceptable .
By prioritizing training and collaboration between departments and the security team , CISOs can lay the groundwork for a strong culture of security . Identifying suspicious behaviors , keeping devices up-to-date and practicing safe cyber behavior should be built into the fabric of all job roles to ensure that the human firewall continues to stand firm . p
ESTABLISHING A BASELINE FOR GOOD CYBERHYGIENE MUST BEGIN WITH CISOS HELPING THEIR EMPLOYEES TAKE CYBERSECURITY SERIOUSLY .
www . intelligentcio . com INTELLIGENTCIO APAC 55