In the knock down drag out battle between cyber security experts and the hackers tying to get around them, there remains one persistent weakness – the end user. Despite rapidly improving technologies, large scale automation capabilities, and an ever greater investment in cyber security, simple human error continues to be one of the most common causes of breaches. With that troubling fact in mind, we have put together a list of tips to help you quickly and effectively educate your staff about the best practices of cyber security in 2015.
Make Security Testing Simple and Ongoing
Cyber security is a broad and dynamic topic. Training regimens are effective, but the simple volume of information is difficult for many to retain. That is why many companies supplement their training programs with a testing program. Daily, weekly, or monthly, users are asked to answer simple questions about cyber security through an online interface. These tests help to reinforce concepts, and by studying the grades cyber security officers can identify users who may require additional training.
Focus on Behaviors
Understanding cyber security best practices in one thing. Operating according to those same practices is something different entirely. Testing is a great start, but companies should also verify compliance by having IT teams create simulated security scenarios, and deploying those scenarios without the knowledge of staff. Studying the results of these simulations clearly indicates whether the cyber security message has been internalized by users.
Make Cyber Security Personal
Part of the challenge in cyber security education is that users have less of a clear stake in corporate data security. But they do have a stake in the protection of their personal financial and medical information. Focusing on cyber security in the home is an effective way to develop a broader awareness of cyber security that travels back into the workplace.
Create Consequences
Considering the urgency of cyber security, there has to be consequences for users that continually exhibit risky behaviors. By studying testing and simulation results, companies can identify these users, issue them some kind of warning, and then track their progress moving forward. The issue can be revisited as part of the regular performance review, and repeat offenders can be blocked from the network until they complete retraining.
Supplement Training with Technology
Training can only take you so far. End users will always make mistakes, and sophisticated hackers are getting ever better at disguising their true intentions. Educating users is a first crucial step, but just as important is investing in the technology of cyber security. This serves as an essential second line of defense.
If you need to bring a cyber security expert into your ranks, work with the specialized staffing experts at The Squires Group.
