Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

The Human Factor: Increasing IT Security Awareness in Your Workplace

February 8, 2016 No Comments

Featured article by David Wray, certified TigerScheme SST and founder of SecTec

Most smart business people know the biggest threat to their IT security is their workers. Here are some ways to increase awareness and create a more secure workplace.

Show The Impact

To engage employees in IT security, they’re going to need to understand why it’s important. Simply telling them it’s important isn’t enough. Sure, everyone has a vague notion of what security is, and many – if pressed – would tell you it’s important.

But proper actions don’t always follow from what people say. Sometimes, something as simple as explain why a certain security practice exists is all it takes for employees to comply.

Have a Penetration Test Done

A penetration test is a special kind of test that assesses the vulnerabilities of a company. Service providers will test a company’s defences by exploiting vulnerabilities in the server and other systems. These exploits may be more than just technical, however.

Many security companies will use social engineering to try to defeat a company’s security systems. For example, a pen tester may pose as an IT worker (with your permission, of course), to try to trick employees into letting him have access to secured areas.

Because most people are kind and want to help others, especially strangers, penetration testers may be able to compromise your company’s security without having to use any external attacks or brute-force hacking.

Do Regular Training

Regular training is important. But, many companies put the onus of this task on the administrator. Big mistake.

You need to cultivate a culture of learning and security in your company. Companies that do this, and that are proactive, tend to have fewer breaches and security issues. Weekly or daily opportunities for personal and professional development can mean the difference between a secure and an unsecure network.

Recruit Other Departments To Help You

There’s no such thing as an unimportant department. Get all of your departments involved in security awareness. Go after your marketing, legal, and human resources departments especially – these tend to be the “forgotten departments” when it comes to security training.

Make sure all departments get the same memos, are attending the same meetings and training sessions, and encourage all employees to get to know one another. This will make security training more effective. They will be less likely to admit unauthorized personnel into a secured area by mistake.

Shift The Focus To the Employee

Get employees to focus on themselves – make it a selfish endeavour. Don’t harp on security issues that will negatively impact the company only. Some employees may not really care about that too much. Make workers understand that security breaches affect them – specifically their job.

If the company is harmed, this makes it difficult or impossible to keep staff at current levels. Why? Because a cyber attack costs money – money that decreases the employer’s ability to profit. And, without profit, the company can’t maintain its current employment levels.

When an employee’s paycheck is on the line, he or she will take a corporate concern and make it his own.

David Wray is a certified TigerScheme SST who founded SecTec Ltd in 2000 which specialises in penetration testing and technical assessment services. David is a guest expert on LBC radio, and can often be heard providing insight into information security news and current affairs.

Leave a Reply

(required)

(required)


ADVERTISEMENT

Gartner

WomeninTech