Each October, security professionals kick off Cybersecurity Awareness Month. First launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security in October 2004, Cybersecurity Awareness Month is helping internet users all over the world stay safe and secure through awareness and training.
In 2020, cybersecurity awareness has taken on a new meaning. While in the past, IT and security teams have carried the main burden of securing their organization’s network, data, and resources, the last six months have proven that this is not enough. Now that home is the new office and entire organizations have shifted to remote work, each employee shares equal responsibility for the safety and security of their company’s network.
Before the transition to working from home, it may have been enough to require employees to lock their computers when leaving their desks, or enforce frequent password updates. Now, each employee has become the CISO of their home office, and most of them lack the proper training, opening the door to security hacks and breaches with simple mistakes.
Cybersecurity awareness and training for employees has always been important, but with the work from home model here to stay, CISOs and IT managers have been adjusting their business continuity plans and cybersecurity strategies accordingly. Whether working from home, from the office, a combination of both, or on the go, employee awareness should always be at the top of the security team’s mind.
In honor of Cybersecurity Awareness Month, we’ve compiled our top 5 tips for protecting your organization’s network and employee data, whether your workforce is remote or back in the office.
1. Increase employee awareness
“Only amateurs attack machines; professionals target people.” This quote by famous cryptographer Bruce Schneier in 2000 is still true 20 years later. Hackers seek out vulnerabilities in human beings – phishing attacks, social engineering, weak passwords, etc. Making employees aware of the different types of attacks and explaining their significance will put employees on alert to questionable links and downloads. Instilling the idea of shared responsibility among all workers is paramount to protecting everyone’s sensitive information.
2. Train employees on an ongoing basis
The Aberdeen Group found that security awareness training for employees can reduce the risk of socially engineered cyberthreats by up to 70%. However, they emphasized the importance of ongoing training to counter the different methods of cyberattacks that are constantly evolving. It is important to not only make your employees aware of the various risks, but to have ongoing training that is both engaging and interactive.
3. Implement a Zero Trust solution
Even the most security-aware employees might occasionally drop the ball. The Zero Trust model means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. While we want to believe that everyone in our organization is trustworthy, we can’t make this assumption. Limiting access to resources to only those who are authorized can significantly lower the risk of attacks and data breaches.
4. Audit and monitor your network
Log management plays a key role in your digital security strategy. Collecting logs and monitoring your network is important in order to respond to a security incident in real-time. Complete network visibility is pertinent in order to focus on network events of interest and react accordingly to potential threats. Additionally, collecting logs and monitoring your network will help you to learn employees’ behavior and to adjust your training and awareness plan accordingly.
5. Ensure that your security strategy is user-friendly
End-users should not be preoccupied with security issues yet must be able to adhere to the guidelines laid out by the security team. Adopting user-friendly solutions presented clearly and effectively (and not highly-technical documentation that will be lost on the average layperson) is paramount in having employees cooperate with the security strategy.
While your organization may rely on the security and IT teams to create and implement a strategy, employees share responsibility to adhere to the guidelines set out by security professionals. Above all, educating employees and increasing awareness will help your team manage cybersecurity risks and vulnerabilities. If everyone does their part, we decrease the risk of data hacks and breaches, creating a safer world for everyone.