The Value of Strong Security Policy
One of the most often used, but still meaningful clichés in sports is “culture,” and its importance in building winning teams. Attitudes, knowledge, the dynamics and interactions between different levels of the organization—these are the essential elements to team culture. Teams with a positive, mature, open culture are generally the ones that have the most success.
Businesses, of course, also love referring to “corporate” culture, and it’s the same concept.
I mention all this for a specific reason, and that is its importance in information security. Yes, the holiday season is once again upon us, and, amid efforts to protect the Internet and Net Neutrality from rapacious, predatory entities and their stooges, we mustn’t forget that this also a favorite time of year for cyber criminals. According to the National Retail Federation, holiday sales this year are expected to reach $682 billion; or, as a hacker would call it, opportunity.
There are, of course, a number of steps companies can and should take to ensure they are not the next holiday breach headline. On top of the usual recommendations of perimeter security, advanced threat detection, and data encryption, however, one cannot fail to consider the value of, wait for it, culture. By which I mean educating employees on cybersecurity policies and best practices so that they don’t become a vulnerable access point. Less than half of over 2,000 U.S. respondents to a University of Phoenix College of Information Systems & Technology survey could tell you what their company’s cybersecurity policy entails specifically. Meanwhile, more than half of reported data breaches are caused precisely by human error. Without sufficient education or training, employees are at greater risk of clicking on spam/phishing links, or reusing passwords across business and personal devices. Social engineering is also frequently used, where hackers target an insider at an organization in order to steal their credentials, which can then be used to access the wider networks and databases.
After all, human error continues to be an increasing cause behind online data breaches. Companies these days can rapidly put out patches for any software affected by a security flaw; and yet, “you can’t patch a human,” states Proofpoint Senior Vice President and General Manager Darren Lee.
Falling victim to human error has led to some of the most monumental breaches on record, including the recent Equifax breach of over 100 million records. Financial and reputational losses will always follow.
So, what to do? Regarding employees, it can be summed up simply as, create a robust cybersecurity policy, and train them how to follow it to the letter. Regularly check with employees, as well, to make sure this is happening. Create rules optimized to minimize the potential for human error as much as possible, such as the use of long, frequently changed passwords.
Communicating your policy throughout the organization is key. Do that, and you’ll provide a solid framework that will put your organization near the top of the rankings for cybersecurity.