Dave in Accounts might be your biggest security risk. It’s an unsettling fact, but employees (or system users) are central to the vast majority of successful cyber attacks on organisations – either through deliberate actions, inadvertent coercion, or pure human error.
Your staff are therefore crucial in helping keep your organisation secure – turning them from potential risks into super-effective threat detection tools – but only if they’re educated on it.
If you read our blog before Christmas, you’ll know how important it is to put together a robust cyber management regime. In doing this, it’s highly likely you will light upon the risks presented by the very people manning your business – people emailing hundreds of times a day, transporting laptops, plugging in their own devices, setting their own passwords, clicking links, using social media and cloud storage, downloading documents – or even rogue staff members who deliberately steal data or sabotage systems.
From phishing to sensitive data leaks, the most effective way of countering these risks is to make your users aware of them, educate and empower them to look out for cyber security threats, know how to identify one, and what action to take. Without impacting on their ability to do their job.
As the National Cyber Security Centre put it:
“Users have a critical role to play in helping to keep the organisation secure, but they must also be able to effectively do their jobs. Organisations that do not effectively support employees with the right tools and awareness may be vulnerable”.
NCSC
So what are the best ways to do this, instilling a security-conscious culture that works, without obstructing work?
And don’t be shy about seeking advice yourself – bodies like the National Cyber Security Centre offer excellent guidance, whilst at Hexegic we provide training at Board, management and leadership level on identifying and acting on cyber risks and how to spot them.
Educate and engage your users in a positive incident-reporting culture, and turn Dave from Accounts from your biggest security risk to your biggest security asset.