She found that the main weak link of businesses remains employees, who often do not have enough knowledge and conditions to resist the attack of hackers. After examining the best practices of mature companies, Telia presents five tips on how to strengthen cyber security by changing the internal culture of the organization.
“Attacks are increasing not because of companies’ indifference or unwillingness to protect themselves, but because of misaligned priorities. Organizations often fail to realize that the most important “antivirus” these days is their employees. It is they who can put the most important passwords or even all the funds in a bank account into the hands of fraudsters, rendering expensive electronic protections useless. As a result, it is necessary to simplify security processes, turn the company into a safe space and make sure that all employees, including managers, fasten their cyber “safety belt”, says Giedrė Kaminskaitė-Salters, head of Telia in Lithuania.
Make your company a safe space
According to Splunk, an international digital security consulting organization, as many as 98 percent all cyber-attacks are based on social engineering, so it should be accepted from the start that an employee’s mistake will almost inevitably be responsible for the attack. However, an atmosphere of fear and shame will not only discourage people, but will also increase the vulnerability of the company.
“Almost all businesses with a reputation for cyber resilience have created a culture where employees are not afraid to share their experiences and report attacks. For example, if account logins were inadvertently entrusted to fraudsters, it is better for those responsible to find out about this mistake as soon as possible. This will allow timely blocking of access to sensitive data and prevent fraudsters from causing costly damage. In other words, an atmosphere that allows employees to talk about their digital “mistakes” without negative reactions gives the company a stronger cyber shield,” observes G.Kaminskaitė-Salters.
Safety is a management priority
In today’s organizations, where business processes are increasingly interwoven with technology, cyber security is becoming the responsibility of management, not IT professionals. The understanding of the organization’s leader that cyber security is not an expense, but a long-term investment, creates the most favorable conditions for the company to fight potential threats.
Unfortunately, this is still a rarity at this stage. According to Telia’s research, as many as 71 percent companies in northern Europe do not have attack recovery strategies, which shows a low level of management involvement in solving this issue and a lack of will to make decisive decisions.
According to the manager of Telia, the manager’s participation in the development of security strategies is important not only for the distribution of resources. The head of a company that proactively addresses cyber threats often acts as a bridge between different departments and helps ensure that security strategies are integrated across all areas of operations, from IT to human resources or marketing.
Simplify
It is not uncommon for a company to face the challenge of motivating employees to actively participate in cyber security processes. Often this is because the safety instructions are too complicated or are presented using technical jargon. When rules seem confusing, people naturally tend to ignore them or not take their importance seriously enough.
Ensuring that your company’s security policy is clear and simple is essential for employees to understand and apply safe cyber-behavior practices. Therefore, it is recommended to present the most important algorithms in infographics, short videos or other interactive form. By simplifying communication, conditions are created for every employee to understand the fundamental principles of security and relate them to daily activities.
Make security inclusive
In modern business practice, it is still very common to organize cyber security training for all employees at the same time, hoping that they themselves will be able to adapt and apply the general advice received in their work. It is even worse when training is not organized at all, and the responsibility of ensuring cyber security is “dropped” on the shoulders of the IT team.
“Since each department of the organization faces specific risks, all departments of the company must be involved in the development of the security strategy. For example, the HR department can help identify potential social engineering threats, while the legal department can help ensure that the company’s data protection policy complies with legal requirements. The more diversity and competences are included in security processes, the broader and more effective cyber resilience becomes,” reveals G.Kaminskaitė-Salters.
Get interested
The fact that cyber security is one of the most important topics in modern organizations does not automatically mean that every employee will be eager to take an interest. Oftentimes, cybersecurity topics seem dry, complicated, and overly technical, which can leave employees feeling distant. One way to engage skeptics is to create educational content with entertainment elements or games where the employee has to “think like a criminal”.
In order to strengthen the common interest, the manager of Telia, G.Kaminskaitė-Salters, also recommends maintaining “light paranoia” within the company. Regularly organized unplanned exercises, using fake “phishing” letters or scammers’ calls, can encourage the team to take cyber security seriously and check how successful they are in applying the knowledge gained in theoretical training. In this way, employees will be motivated to take an active interest in how and what should be done so that the company does not fall into the traps of criminals due to their fault.
#Companies #hacked #people #employees #important #weapon #cyber #attacks #Business
2024-10-07 08:49:17
