If you haven’t created a culture of cyber security, you’re asking for big trouble, like long-term damage to your firm’s reputation.
Protection from cyberattacks involves much more than firewalls and encrypted passwords. Of course, these measures are imperative pieces to securing your system. Empowering employees to be hyper-vigilant and engaged in preventing attacks, however, is the first line of defense in keeping systems secure and operational.
Creating an immersive, prevalent culture of awareness safeguards assets and is built through:
- Employee diligence
- Creating awareness (and accountability) at all levels of an organization
- Implementing new technology and continually revisiting technology already in place
- Being aware of current/future threats
- Frequent communications with employees
Staying ahead of the threat. While we try to minimize the occurrence and severity of such attacks, each threat is an opportunity to strengthen and reevaluate security at all levels. In addition to the standard protocols, such as requiring employees to use complex passwords that change frequently, installing antivirus software, creating an aggressive firewall, utilizing encryption software, and scheduling regular system backups, there are things a company must do to build a culture where employees think twice about opening emails from unknown sources, who look beyond what appears to be a standard email from a contact because something “just doesn’t look right,” and who put securing network resources top of mind.
RPS has a robust, multi-pronged program that reinforces compliance and keeps security at the forefront. We send regular emails alerting staff to impending threats and providing updates on trending issues. We introduced a series of comic strips that presented phishing schemes, malware/viruses, and hacking scenarios in a fun yet informative way to familiarize employees with the look and feel of these types of attacks. Our own IT department also plays the “bad actor” to test our system and employee awareness; we generate emails that could be malicious communication to evaluate the vigilance of our staff. The artificial malicious email contains an attachment that the receiver is instructed to open. Employees who recognize the threat and follow procedure by sending it to IT are thanked for their efforts and alerted that this was a test email. For employees who open the attachment, we use this as a learning experience to educate on what to look for. This has been an incredibly valuable exercise.
When disaster strikes. No matter how diligent and careful your IT team and employees are, there will no doubt be times when a break in your security occurs. Because these threats are ever-increasing and evolving, it is imperative to develop a playbook in advance for dealing with a breach after the fact. Our IT department works closely with our national and international staff to educate them on steps to take should they be compromised.
It is key to instill in your employees that a breach of any magnitude has the potential to jeopardize clients, harm the company and damage the company’s reputation long-term, and could cost employees their jobs if workload is negatively affected.
IT security is not glamorous, and if IT intrusions are minimal or not noticed by your staff, it means your IT department is doing a great job behind the scenes to keep systems safe and secure!
Adnan Yasin is IT director, North America at RPS. He can be reached at firstname.lastname@example.org.