sponsored

Two Keys to a Secure Workforce: Training and Strategy

How can IT leaders balance the enablers of worker empowerment—collaboration, remote work, 24/7 anywhere access—with the need to stay secure?

dell blog 4 shutterstock 379100755
Rawpixel.com

Too often, an organization’s own employees become data security vulnerabilities—either intentionally or through carelessness. The move toward digital transformation has made enterprises even more susceptible to internal risks, because there are so many more opportunities for breaches to occur.

The challenge for IT leaders is how to balance the enablers of worker empowerment in the age of transformation—collaboration, remote work, and continuous, anywhere access—with the need to stay secure. The goal is to unlock the speed, agility, and innovation of your workforce while providing critical protection for your data and systems.

The first step an organization needs to take is to create a comprehensive information security strategy that includes a mix of technology, policy, and employee training.

Certainly, there’s no shortage of security technologies to deploy. Companies can implement tools for intrusion detection, anti-malware, vulnerability scanning, authentication, automated patch management, and other security functions. And organizations should have in place some sort of security policy that governs behavior in the workplace.

The second component of the strategy must not be neglected, but at many organizations it is. Security technology alone is not enough. Workers must be trained how to conduct business in a way that’s secure and in compliance with regulations.

Developing a cyber security strategy has never been more important for companies. Massive data security breaches continue to make headlines as cyber criminals find ever-more sophisticated ways to break into systems. Ransomware and other malware attacks are causing untold financial damage, and distributed denial-of-service (DDoS) attacks are shutting down major Web sites and corporate systems.

And yet, recent research such as the Global State of Information Security Survey 2018, conducted by CSO and CIO in conjunction with consulting firm PwC, shows that many companies are not creating a security strategy. The report, based on a survey of 9,500 worldwide technology and business executives conducted online in April and May 2017, shows that 44% of the respondents do not have an overall information security strategy.[1]

More than half of the organizations (54%) say they do not have an incident response process in place and 48% don’t have an employee security awareness training program. [2]

The lack of cyber security awareness training is all the more alarming when you consider that current employees were cited as the top source of security incidents. In fact, 30% of the respondents mentioned employees as sources of incidents while only 23% cited unknown hackers.[3]

Many of the incidents caused by insiders were likely accidental, such as unintentionally clicking on links that then cause a security breach. But that’s all the more reason for investing money in a good awareness training program that will help reduce such behavior.

For example, employees can be trained in the secure use of mobile devices such as smartphones, and how to avoid being a victim of online or email scams. Nearly 30% of the incidents occurred due to mobile device exploitation, followed by employee exploitation, phishing, and consumer technology exploited, according to the report. Given that employees are the leading source of security incidents, it’s not surprising to see these as the top causes of breaches.

Security awareness training should include all levels of employees, including senior executives. IT and security leaders need to create a culture of security, making it clear that everyone in the organization is responsible for protecting information resources—even as they become more empowered by technology than ever.

[1] Global State of Information Security Survey 2018, CSO and PwC, https://www.idg.com/tools-for-marketers/2018-global-state-information-security-survey/

[2] Global State of Information Security Survey 2018, CSO and PwC, https://www.idg.com/tools-for-marketers/2018-global-state-information-security-survey/

[3] Global State of Information Security Survey 2018, CSO and PwC, https://www.idg.com/tools-for-marketers/2018-global-state-information-security-survey/

Copyright © 2018 IDG Communications, Inc.