THANK YOU FOR SUBSCRIBING
Protecting enterprise security requires a multifaceted approach. To detect threats, protect your ecosystem, and respond to incidents effectively, you need more than strong leadership, world-class systems, and well-defined governance processes. You also need workforce engagement. Strong participation from employees across the organization is essential to keeping your products, operational technology, and IT systems secure.
Here are five ways to partner with your workforce to increase cybersecurity readiness:
1. Conduct regular phishing simulations. It’s not enough to educate your workforce about strategies for recognizing phishing emails. You must also create opportunities for employees to practice identifying and reporting suspicious emails. Monthly phishing simulations give employees the chance to flex those skills. Simulated phishing attacks also provide valuable data for measuring the efficacy of your organization’s phishing training, so that you can identify areas for improvement. For optimal results, be sure to vary the types of phishing simulations you send, as well as the distribution times.
2. Enable multifactor authentication (MFA). Multifactor authentication can help prevent cyberattacks. However, rolling it out to your employees is only one step in optimizing your organization’s security practices. You also want to encourage employees to enable MFA on their personal social media accounts.
When you help employees understand that cybersecurity is everyone’s responsibility, give them opportunities to flex their skills, and help them understand why it matters, you bolster cybersecurity readiness across all levels of the organization
3. Double down on data loss prevention (DLP). Data loss can be grouped into two buckets: intentional data loss and accidental data loss. Make sure you address both and have systems in place for preventing the use of removable storage devices such as flash drives. Especially during times when you anticipate high turnover, you’ll also want to review your offboarding processes to ensure access to systems and applications is revoked when employees leave.
4. Take advantage of educational tools available through the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA). Visit the CISA website Cyber Resource Hub for numerous resources that can help you increase cybersecurity readiness and gauge the efficacy of your organization’s internal cybersecurity awareness efforts. From cyber hygiene services like phishing campaign assessments to comprehensive cyber resilience reviews (CRRs), CISA offers numerous assessments and engagement opportunities that can help you identify gaps and advance cybersecurity awareness and maturity across the organization.
5. Celebrate successes to create a culture of cybersecurity. Finally, it’s important to remember that you’re creating a cultural shift that won’t happen overnight. You want employees recognize that cybersecurity is everyone’s responsibility, not just during October for Cybersecurity Awareness Month, but throughout the year. To make this shift positive and lasting, celebrate the successes along the way. Create a program for recognizing the Cybersecurity Stars in your organization who are consistently identifying phishing simulations and protect your organization from real cybercriminals or who recognize and report insider threats such as attempting to share confidential information. Celebrating these wins can go a long way toward transformational cultural change within your organization.
Your workforce is an essential partner in protecting enterprise security. When you help employees understand that cybersecurity is everyone’s responsibility, give them opportunities to flex their skills, and help them understand why it matters, you bolster cybersecurity readiness across all levels of the organization. That doesn’t just make your enterprise more secure in the moment, it also turns your employees into responsible defenders.
Nastassia Tamari is the Director of Information Security Operations for BD, a global medical technology company that is advancing the world of health by improving medical discovery, diagnostics, and the delivery of care. Nastassia is responsible for leading information security operations at BD, including incident response, vulnerability management, threat response, insider threat, and monitoring and detection teams across enterprise, product, and manufacturing systems for BD’s global environment.