In today’s highly-digitalized environment, if you work within IT or cybersecurity, you know that you are facing increased scrutiny from your executive leadership team and Board of Directors to protect sensitive corporate data from employee negligence, malicious actors, and leaks — especially in our climate of tightening legislation on a regional, national, and international scale. It may be time to turn those resolutions into decisive actions you can achieve in the workplace.
Here are some meaningful, realistic New Year’s resolutions for IT, InfoSec, and cybersecurity teams:
Improve Your Security Training Program
Employees remain the weak link in data security for all companies. Despite how thorough you think your cybersecurity training may be, there is always room for improvement. Consider executing on the following this year:
- Increase the frequency of mandatory employee trainings | Don’t cut employees loose after they’re onboarded and expect them to remember the full scope of your training materials. Repetition will breed safer online behavior. Try to hold semi-annual trainings at minimum and post reminders around the office.
- Share real-world employee negligence consequences | Unfortunately, these examples won’t take long to find. From workers falling for a phishing scam to thinking they can copy data to a portable storage drive to work from home, incidents occur everyday at organizations of all sizes. It’s important to share the fallout of not following protocol — which may include severely damaging the company’s reputation with clients, partners, and other critical groups resulting in lost revenue to even employee termination. As a result, you’ll help equip employees with the background and intelligence they need to safeguard sensitive information.
- Create processes that protect data | Educating employees about phishing and malware disguised as innocent email links isn’t enough to keep your data safe. Make sure your data security processes protect both the employee and the company. If a junior accountant receives an email from the CEO requesting confidential information, that employee should not be the one making the decision to send it. The entire accounting team should know the process requires them to obtain approval from the CFO before sending sensitive data to anyone, including the CEO. Each department should have a process related to the handling and sharing of information.
- Improve visibility through consistent communication | Many IT professionals work in a behind-the-scenes capacity. Be sure you’re subscribed to security-related posts and email alerts. Then, create a monthly company email covering the latest trends and threats to keep your teams aware of current cyberthreats and what proactive steps you’re taking to protect their data. It also becomes another meaningful opportunity to remind employees of their data security training and responsibilities.
Make Mobile Threat Defense a Priority
According to Cisco’s 2018 Cybersecurity Report, IT security professionals rank mobile devices as the #1-hardest enterprise asset to defend. Even still, many companies have not made a sufficient investment in defending their networks from the risks of BYOD. Consider these nine compelling mobile statistics from EZShield.
In 2019, whether you embrace mobile threat defense into your newly-improved training programs or invest in enterprise mobile security, it’s time that we treat this vulnerability with the reverence — and heightened protection — it deserves.
Protect Your Employees Beyond the Four Walls of the Workplace
Data breaches have exposed billions of personal records in the past several years. It’s safe to assume that everyone’s Personally Identifiable Information (PII) has been compromised to some extent. Fraudsters and cybercriminals use this stolen information to commit one of the world’s fastest-growing crimes — identity theft — and the numbers are staggering. Proofpoint’s 2018 User Risk Report found that 33 percent of U.S. adults have experienced identity theft. That’s more than twice the global average.
Whether or not it’s your organization that experiences a security breach, your employees are at risk. But, there’s something you can do to give them peace of mind.
Rolling out identity theft protection as an employee benefit is a cost-effective way to protect employees from the inevitability of a data breach or identity crime involving their personal information. And, when organizations offer IdentityForce to their employees, our child identity theft protection, ChildWatch, is free.