Week 3 of National Cybersecurity Awareness Month (NCSAM) has just wrapped up, and we want to shine a spotlight on helping everyone at work — from the break room to the boardroom — understand the importance of online safety. When you are on the job – whether it’s at your corporate office, a satellite location, or onsite with a client ‒ your organization’s online safety and security are a responsibility that everyone shares. And, as the lines between our work and daily lives become increasingly blurred, it is more important than ever to be certain that smart cybersecurity carries over between the two.
The industry has some best practices for making sure employees and contingent workers know how to play an active role in helping keep the workplace and company data secure. Executives should recognizing that employees are the first line of defense in corporate security and, therefore, should cultivate a culture where security is top of mind and sets expectations for good security hygiene by helping employees know what actions to take.
Some examples include:
- Delivering more role-based information security training courses to the enterprise and providing annual Information Security Awareness training.
- Executing regular companywide information security awareness campaigns to engage employees and keep them connected to corporate information security and privacy policies, as well as the evolving security landscape.
- Enforcing compliance and managing change via targeted internal communications.
Keep in mind that all businesses need to take measures to help prevent attacks and have a set plan ready to go if one does occur. Across the board, NCSA recommends a top-down approach to creating a culture of cybersecurity in the workplace. The following steps ‒ developed by NIST ‒ will help tremendously as you formulate a plan to keep your business secure.
- Identify: Conduct an inventory of our most valuable assets – the “crown jewels” of greatest importance to our business and of most value to criminals – such as employee, customer and payment data.
- Protect: Assess what protective measures you need in place – such as keeping our software up to date or by following these tips – to defend the organization as much as possible against a cyber-incident.
- Detect: Have systems set up that would alert you if an incident occurs, including the ability for employees to report problems.
- Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.
- Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.