Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Ways to get employees to buy-into security policies
This topic contains 4 replies, has 1 voice, and was last updated by 
-
Topic
-
Forbes posted this article discussing how security leaders from different companies get their employees to follow the policies that are in place to secure information. This article recognizes humans are mainly responsible for security breaches and many companies face an ongoing fight to keep their employees headed in the right direction when it comes to securing the companies assets. Some items to keep in mind that i pulled from the article is to make sure policies and procedures are easy to follows and leave no guessing for the employee and tailor access to areas on the computer specifically for each different position.
Jacob
-
Replies
-
Another good point this article is making is the importance of employee engagement in the company’s cybersecurity program, including sponsoring demos. I’ve seen a program also in which phishing email are sent unannounced to employees by the company’s security organization as part of a training and awareness program.
-
The Forbes article on eight ways to increase employee buy in an important read. Executive buy in of cybersecurity and leadership on the issue will elevate employee buy in. Making cybersecurity an organization goal, easy and consistent will lend to have employees take cybersecurity seriously.
In doing so, the organization will mitigate human element errors in its cybersecurity. -
With increasing mobility and bring your own devices (BYOD) this it’s more important than ever that staff buy into the security policies and awareness training is a key component. This article outlines 5
tips on educating employees on cybersecurity.https://www.sungardas.com/en/about/resources/articles/educating-employees-on-cyber-security/
-
“91% of successful cyber-attacks were enabled by users” – as shown in (https://www.csiac.org/podcast/phishing-for-solutions-are-cybersecurity-compliance-based-programs-working/)
I recall that one of the attributes of risk management approach is the role of governance & leadership in the organization.
And a somewhat related interesting webinar by CSIAC – “Phishing for Solutions: Are Cybersecurity Compliance Based Programs Working?” – and in the session will “explore psychological and contextual variables that influence users confronted with cybersecurity challenges and their propensity to comply with policies under those conditions.”
The PEOPLE factor is always key in any successful implementation; and yet this is the most difficult to achieve. It will have to be constant fight between convenience and security. One of the suggestions in for employee-managed initiatives, but this is something i dont see often in the organizations that i’ve worked with.
You must be logged in to reply to this topic.
