Promoting a Cyber Security Conscious Work Culture
Employees play a vital role in helping to protect a business from cyber security threats. Yet, almost half of the worlds population with work smartphones, iPads or tablets don't protect them with a password! Absurd, right?!
Many people within a business who use computers and mobile devices are unfortunately not aware of security risks and their personal responsibility in helping to protect a company's cyber security.
Connect Smart research from April 2014 found 48% of Kiwis don't have passwords on their work smartphones and 56% of Kiwis don't have passwords on their work iPad or tablet. Recent research from Vodafone also found that 83% of smartphones lost have compromised business data, and that 50% of mobile device users don't set passwords or make back-ups.
It is critical then that all staff of an organisation understand at least the basics.
Promoting a Cyber Security-Conscious Work Culture
- Organise regular updates on your business' cyber security policies and practices. (Don't have a cyber security policy? - Then check out our article on how to create one).
- Make sure your staff understand the incident management processes - and the importance of reporting unusual activity or events (see How to establish an incident management plan)
- Ensure that new staff receive one-on-one or induction training on cyber security policies and practices
- Invite external experts to provide specialist support in key areas such as:
- Understanding the basics: knowing your malware and securing your Wi-Fi
- Security on the move: Smart home and mobile working practices (also look at Keeping portable devices secure)
- Understanding password security on PC and mobile devices
- Simple steps for safer emailing and browsing online (also look at Can you identify a Secure Webpage)
- Raise awareness of 'social engineering', the practice whereby cyber criminals target individuals within a company in an attempt to obtain confidential information that my be used to compromise a business' cyber security. This is also known as 'spear phishing'. (Also look at Can you recognise a phishing email or text).