9 Ways to Implement a Cyber Security Culture in Your Organization

Oct Tue, 2018

9 Ways to Implement a Cyber Security Culture in Your Organization Image

Promoting online safety at work is a critical step in enhancing your organization’s cyber security posture. As the cyber security landscape evolves, so should your employees, becoming best prepared to prevent, detect, and respond to a data breach or security incident. Every year, more and more employees take their work home with them, blurring the lines between work and personal life; making cyber security more important than ever.

Additionally, recent studies have reported that human error accounts for 90 percent of cyber-attacks by either clicking on links, opening unknown attachments, or releasing personal/confidential credentials. In 2017, the top threat actions were use of stolen credentials, phishing, misdelivery, or privilege abuse. Creating a culture of cyber security awareness in your organization can help prevent a data breach or security incident from occurring, but it begins from the top down.

Here are nine ways you can implement a cyber security culture in your organization and avoid becoming a hacker’s next victim.

  1. Implement Two factor Authentication (2FA): provides an extra layer of protection, enhancing your security across your devices.
  2. Practice Strong Password Management: A strong password should follow NIST guidelines containing an eight character minimum and 64 character maximum length.
  3. Host Anti-Phishing Training: As phishing becomes an increasing way for hackers to breach systems and steal information, educating employees on identifying phishing emails and reporting them to IT will help minimize IT risk from email and malware.
  4. Enforce Policies and Procedures for IT Risk: Activities such as Shadow IT are becoming problems in organizations, leaving them vulnerable to a hacker. Enforcing policies and procedures for purchasing authorities, as well as downloading, storing, and sharing data will help minimize IT risk.  
  5. Improve Third-Party Cyber Security: Having vendor risk management best practices in place, ensures your vendors are protecting the informationyou share with them.
  6. Consistently Update Software: Keeping your software up-to-date helps patch up security holes that creates vulnerabilities in your infrastructure.
  7. Lock Up Devices: Securing and locking up both business and personal devices when unattended will protect information from getting stolen.
  8. Avoid Public Wi-Fi: Connecting to an unsecure, public WiFi can position yourself as a target to a hacker, stealing business information that is easily attainable. Communicate to employees the use of solely using a secure, company WiFi connection for work purposes.
  9. Institute Cyber Security Awareness Training: Hosting an annual cyber security awareness training will keep employees at the forefront of developing hacks and tactics to infiltrate systems. It’s also a good idea to host training sessions with new hires as part of their onboarding training.

Every employee should be held accountable for practicing cyber security best practices and protecting the organization’s data and information. As organizations, especially SMBs continue to become targets for hackers, providing employees with regular training sessions on cyber security, as well as conducting a GAP risk assessment to analyze areas of weakness will help enhance your security posture.

The pace in the change of technologies is still going faster than we as people can keep up with. Utilizing two-factor authentication across all personal and business devices, especially email, as well as instituting risk management best practices will help safeguard the data and keep you in compliance with the regulatory environment, says Secuvant CISO, Matt Sorensen.

Implementing a cyber security culture is a shared responsibility and one that will safeguard your organization for the long-term.

If you have any questions about cyber security best practices or would like to learn more about Secuvant’s Cyber Security & Risk Program, email us at contactus@secuvant.com to speak to one of our security professionals.