Gaming
January 13, 2023

Employee Safety Awareness

playing big brother

No one wants to play the bad guy by monitoring every action a user takes. However, the unfortunate reality is that a good portion of security breaches are caused by staff members, either unintentionally or intentionally.

Incidents of both types come in a variety of forms:

•Theft of credit cards or other financial information by unethical employees.

•Opening infected email attachments from unknown or untrusted senders.

•Forget to disconnect from workstations at the end of the day.

• Reveal passwords to co-workers, family or friends.

•Install unauthorized software on workstations.

Act first, think later

It’s one thing to foster a corporate culture that embraces security as a core value, but quite another to sacrifice actual investments in security technology. Gartner recommends that before companies start thinking about implementing a security awareness program, they should:

• Solidify and strengthen all business security systems and technologies.

•Establish formal practices and support for workers who use these systems.

• Invest in security awareness only when the previous two steps have been completed.

Action plan

A successful security awareness program is one that forces all employees to take a fair share of responsibility for the security of company assets. Keep in mind, however, that awareness alone can never replace comprehensive security policies.

1. Define your expectations for users. Raising awareness ultimately means changing people’s behaviour. In addition to your existing technology non-disclosure and acceptable use policies, talk to Human Resources about making employee information security responsibilities a condition of employment (strictly on a case-by-case basis, of course). Too:

-Give accurate descriptions of what actually constitutes a security incident.

-Establish concise instructions for reporting security breaches, events or incidents.

-Conduct basic “lunch and learn” sessions on safety for staff members.

-Be sure to clearly post all security-related documents on the company intranet.

2. Make employees the center of attention. Emphasize partnerships and people, not technology and surveillance. Empower them by declaring their critical role in information security. For example, avoid statements that say “Do this” or “Don’t do that.” Instead, use proactive and collaborative wording such as “Your role is […]”, or “You can make a difference […].” Try to use disciplinary action only as a last resort.

3. Measure the effectiveness of the program. Periodic security questionnaires or tests are a good way to promote and measure the success of the program among the employee base. Another method is to put a counter on the number of accesses to the security documents section of the intranet. Whenever possible, employ power users within various departments to help spread the word and perform progress checks.

4. Communicate successes. Keep the lines of communication open with employees. Send updates on existing and upcoming security initiatives, as well as the background or rationale behind such decisions. If possible, set up a graphical security “barometer” on the corporate intranet to show the current security state of the organization.

5. Keep the schedule flexible. What is considered a security best practice today could be obsolete tomorrow. Allow some elasticity in your program, taking into account factors such as: changes in business models and/or objectives; the introduction of new technologies; emerging security threats and/or new viruses; and growth of the network and user base (ie, resulting in a greater number of points of vulnerability).

6. Expect realistic results, not miracles. Malicious insiders in particular will continue to be difficult to stop by implementing a security awareness program, especially if they are determined to hack and burn. It’s like the federal government enacting a law that restricts the number of bullets allowed in a gun and then expecting bank robbers to obey it. Still, simply conveying the repercussions of security breaches to employees will go a long way toward preventing them.

In summary

Security is a challenge, made even more difficult by human error. Institute an awareness program to strengthen the security chain and emphasize user responsibility.

admin
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Recent Comments

    Archives

    Categories

    TOGEL
    Slot gacor hari ini
    Slot gacor hari ini

    Meta