No Phishing
|

Linked – How to create a security-focused work culture

ByMike McBride Reading Time: 2 minutes

So the problem is laid out pretty well in this statement:

In a press release about the report, Monu Kalsi, vice-president of Shred-it, is quoted as saying, “The study’s findings clearly show that seemingly small habits [of employees] can pose great security risk and add up to large financial, reputational and legal risks.”

And the suggested fix for this, naturally, is to do more and better training. Now, as a long-time trainer, obviously I will advocate for that as well. Far too many places put a network security tool in place and hope for the best instead of actively involving their users as part of that defense. The article below lays out some good basics for that type of training.

But, I’m waiting for the organizations who take that one step further. After you’ve trained them, will you actually hold them accountable for their actions? When will we see corporate policies that spell out how many of these “small habits” can create actual security problems before you either don’t get to work there any longer, or it starts to impact performance reviews and raises.

Right now, we are starting to see more organizations hold people accountable for sitting through the training. This is good, but how many of them are measuring, in a meaningful and personal way, whether the users are following the procedures they are being trained on? Isn’t it time to consider the possibility that the user who continues to click on fraudulent links and use cloud services and personal devices to access or store confidential information with no regard for security, regardless of what training they’ve received, is more of a risk to the company than a benefit? Even if they are in management.

Or a partner in a law firm.

Truthfully, when we measure the members of our organization, this isn’t one the measurements we use to evaluate them. You get more of what you measure, and less of what you don’t.

Network and data security shouldn’t be something we want less of.

https://www.techrepublic.com/article/how-to-create-a-security-focused-work-culture/

Similar Posts

Security a Top Priority

ByMike McBride Reading Time: 1 minute

I haven’t had any word from my hosting provider about what the real server path to the site is, so no testing for now. Still keeping my fingers crossed that using it will speed things up a bit. In the meantime: Via Scripting News, I see that Dan Gillmor puts into more elequent words the…

Linked – Large law firms’ secret information from big-money clients entice cyberthieves
|

Linked – Large law firms’ secret information from big-money clients entice cyberthieves

ByMike McBride Reading Time: 1 minute

This isn’t new. It’s the reason things like the Panama Papers exist, because law firms have a whole lot of data about their clients, information that those clients usually do a really good job of protecting – “It’s an issue about the data, fundamentally,” says Jake Olcott, a vice president at BitSight Technologies, a cybersecurity…

Are The “Big Four” Coming For Your Firm?
|

Are The “Big Four” Coming For Your Firm?

ByMike McBride Reading Time: 2 minutes

Short answer, yes. This has been the big question this past week, after EY purchased a UK based Legal Service Provider, Riverview. There have been more than a few takes, in many different directions, but I found the last paragraph of Mark Cohen’s take to sync with my own experiences, which I’ll explain later.  …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.