Make your people your first line of defence
Cyber security is an ongoing battle. Make your people your first line of defence by developing information security awareness and vigilance among your employees so that everyone has the right level of knowledge about security and feels responsible for it.
A check-box training exercise is no longer enough. There must be a continued and concerted effort to bring about a real change in culture and behaviour.
It is a big ask for InfoSec teams. Employees are more tech savvy than ever before, often finding it easier to use their own familiar devices, apps and programmes than your authorised solutions. So-called “shadow IT” and BYOD pose new risks and challenges for IT and InfoSec teams who must not only adapt to accommodate these new ways of working, acknowledging where there is a real business need for greater flexibility and ease of use, but at the same time protect the business.
Be prepared to try different approaches to help the InfoSec message stick. 70% of millennials admit to bringing in outside devices into the work environment, against IT policies. 60% say they aren’t concerned about corporate security when they use personal apps instead of corporate apps.
You have a challenge on your hands to find ever-more creative and impactful ways to communicate security messages to all of your internal stakeholders. You’ll need a range of tactics up your sleeve:
- Regular internal communications – using all channels
- Multi-media communications, such as videos, blogs
- Promote and reward positive behaviour where people demonstrate “doing the right thing” in relation to information security
- Put into every staff member’s business plans a measure and KPI in relation to information security
- Have your CEO discuss the importance of information security to the company on a regular basis
- Educate and build awareness in fun and engaging ways, such as gamification
Layer your defences
Our InfoSec team has more than quadrupled in size over the past 2 years, and now has 12 people dedicated to Information Security which is a reflection of the growing importance we place on cybersecurity and also a direct response to the growing threat level the financial services industry faces. In that time, we achieved the ISO/IEC 27001 security certification, the internationally-recognised best practice framework for managing information security. It should also be noted that our first line of defence is our people, more than 1850 of them, not just the 12 that sit in the dedicated information security team.
Ultimately, the only thing protecting your business from becoming a cybercrime victim is your people, so layer your technology defences with a powerful human shield. Remain vigilant and continue to strengthen and evolve your security practices. As Einstein said, “We can’t solve problems by using the same kind of thinking we used when we created them.”
We’d love to hear your feedback on this article. Please click here