By Ni?o Valmonte
In any battle, a platoon or company is only as good as its soldiers. In the case of enterprises in a battle against cyberattacks, a company?s soldiers are its employees. It doesn?t matter how big or small your organization is. Each member is a crucial link in the cybersecurity chain and enlisting their support is a critical mission.
We?ve always said that information is power and this is exactly why cyber criminals scramble to get a hold of it. It?s vital to make your employees aware of this as well. If they aren?t yet, employees should be informed that their online activities pose potential risks on the company if not managed properly. Something as simple as downloading free software comes with the danger of malware infection, which can steal pertinent data like customer records, credit or debit card information, financial information, and business correspondence. Now that?s a real threat.
And so, regardless of size, enterprises must create a documented remediation plan. Have comprehensive but easy-to-digest IT policies so everyone joining your organization is on board with your cybersecurity measures. You have to find the balance between what is necessary and what is easy to use for them. If your IT policies are too difficult or restricting, chances are employees will find a way to circumvent them, exposing you to even greater risk.
Hold regular training sessions that explain the obligations of employees and the potential impact of cyber incidents on your operations. Mind you, these trainings don?t have to be expensive nor time-consuming. A half-hour to one-hour focused session over lunch can keep employees conscious about new cybersecurity threats lurking around.
Always include top management and IT staff in your trainings. They?re hot targets for cyber terrorists due to their high level access to critical information. This is because hackers will have a bigger financial payoff when they successfully take over such accounts.
Remind employees to not divulge information to cold callers or social media contacts pretending to be old employees. Warn them against responding to phishing emails and encourage them to use strong passwords. Every so often, seek feedback and adjust your training curriculum as appropriate. But most importantly, train employees to recognize attacks and encourage them to report back to your IT team or provider for proper action.
When an incident happens, notify everyone to mitigate its impact. Immediately issue instructions on how to speak to the public or press about it. At this point, everybody has an obligation to protect the company?s reputation and speaking recklessly, especially online, won?t help.
Cybersecurity should be treated the same way epidemics or health scares of the recent past have been. Individual employees must do their share to lessen vulnerabilities and avoid irreparable damage to operations. This begins with proper education.
The author is the director for marketing and digital innovation at IPC
