HOME
VAR Panchayat

Creating Cyber Security Culture

by VARINDIA 2017-05-01
Creating Cyber Security Culture
 
 
The weakest link in an organization’s cyber security is their employees
 
The concept of cybersecurity and privacy at work has long since left the IT department and is now looming on the minds of all employees from C-suite to remote workers.
 
Cyber Security Culture flows Top Down
 
No good change strategy ever started at the bottom. If you want to create a culture of cybersecurity, then you must first start with C-suite. CXOs and the board are generally a hard bunch to convince if you aren’t fully prepared, especially when you aren’t able to show how their investment will pay off.
 
The first step is to start by establishing how it is no longer optional to invest in cybersecurity. Constantly rising instances of cybersecurity breaches across the globe suggest that it is very expensive to clean up after a data breach, rather than prevent one. A recent study by IBM and the Ponemon Institute suggests that India is the most targeted country for data breaches in the world. The average cost incurred by Indian enterprises for a data breach has shot up to Rs.9.73 crore this year from Rs.8.85 crore last year.
 
What is worse is that the cost of a data breach is not always possible to calculate in figures. Some companies suffer a massive loss in reputation or drop in stock prices. In the absence of adequate levels of cybersecurity, you are leaving your trade secrets open to hackers.
Most CXOs travel extensively and make important communications while travelling, but most of them are unaware that they are open to communication interception while on the road. Do they re-use passwords? Do they log into open Wi-Fi networks and send sensitive data over such networks. It is worth asking tough questions and explaining how they are making themselves and their own company vulnerable.
 
Invest In Cyber Security Training
 
Once you have approval and adoption from the board to the CXOs, you should look at investing in a long-term cybersecurity training programme for all employees. Of course, you want to be able to share this information in an easy and manageable way without affecting the productivity of employees. Consider the following methods:
 
Cyber Security Onboarding
 
Work with your HR department to start a cybersecurity onboarding programme for new employees. During the induction programme, even before someone is allotted IT equipment, they should be given the basic cybersecurity training, including the following topics: Basics of password management; the basics of encryption and digital signing, if you're using those types of solutions; understanding phishing attacks; backing up work; sending personal and important information; account limits, access and authentication; policies and best practices
 
The training must be supplemented with the supporting documents for ready reference even after on boarding.
 
Ongoing Cyber Security Training
 
New attacks or vulnerabilities hit the market every day, some more popular than others. It should be up to the IT department to send regular bulletins about the types of attacks and what employees can expect to look out for.
 
You could also carry out regular phishing simulation tests and gamify these so that people are always on the lookout for phishing emails, or websites with the hopes that they might receive something for being the first to report it to their IT department.
 
Cyber Security Policies and Guides
 
You should work with your HR and legal department to define a cybersecurity policy for your company. This should be based on all of your company’s weakest vector points. For example, if you have a lot of employees using their own phones and tablets to work, you will need to establish a mobile workforce or BYOD policy. If you have a lot of remote workers, you might want to establish a guideline or best practice for their use of networks at home.
 
The guidelines and policies will need to be updated regularly based on new threats and new best practices. These updates will also need to be communicated regularly to people in your company.
 
Communicating Cyber Security with Employees
 
The final tip for those who want to create a culture of cybersecurity at work is to make sure you are always communicating about cybersecurity in your company. This should typically involve:
 
• Updating employees of new regulation or policy
 
• Holding quarterly or biannual cybersecurity meetings or training
 
• Having a cybersecurity section added to the company newsletter
 
• Partnering with cybersecurity initiatives like the National Cyber Security Alliance or (and most preferably) all of the above!
 
Other types of cybersecurity communication will include things like incident response strategy and communication with employees should you actually have a data breach. What will you tell employees and how will you ask them to respond?

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
T-Mobile confirms breach by Chinese hackers in ongoing cyber espionage campaign

T-Mobile confirms breach by Chinese hackers in ongoing cyber espionage campaign

Helldown ransomware expands its reach, targeting Linux systems and virtualized environments

Helldown ransomware expands its reach, targeting Linux systems and virtualized environments

Sattrix and Cloud IOT sign JV to drive cybersecurity and digital transformation business in Southeast Asia

Sattrix and Cloud IOT sign JV to drive cybersecurity and digital transformation business in Southeast Asia

SOFTWARE
View All
PhonePe & Bharat Connect to announce easy contributions for NPS

PhonePe & Bharat Connect to announce easy contributions for NPS

Elastic collaborates with LG CNS to enable innovation in knowledge management

Elastic collaborates with LG CNS to enable innovation in knowledge management

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

START - UP
View All
ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

Whatfix and Deloitte India Partner to Drive Digital Adoption

Whatfix and Deloitte India Partner to Drive Digital Adoption

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
Tata Elxsi, DENSO, and AAtek Open New Robotics and Automation Lab in Frankfurt

Tata Elxsi, DENSO, and AAtek Open New Robotics and Automation Lab in Frankfurt

Prudential Unveils Global AI Lab in Singapore

Prudential Unveils Global AI Lab in Singapore

HPE delivers its fastest exascale supercomputer El Capitan to Lawrence Livermore National Laboratory

HPE delivers its fastest exascale supercomputer El Capitan to Lawrence Livermore National Laboratory

Cloudera announces new AI Assistant with intelligent capabilities

Cloudera announces new AI Assistant with intelligent capabilities

Futurense Launches India’s First Futurense Leadership Council

Futurense Launches India’s First Futurense Leadership Council

MediaTek Powers India's Digital Future with Latest Innovations

MediaTek Powers India's Digital Future with Latest Innovations

Akamai launches ready-to-deploy, cloud-agnostic application platform

Akamai launches ready-to-deploy, cloud-agnostic application platform

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

NXP rolls out pioneering Ultra-Wideband wireless battery management system

NXP rolls out pioneering Ultra-Wideband wireless battery management system

Netpoleon India Partners with Cavisson Systems

Netpoleon India Partners with Cavisson Systems