Three keys to cybersecurity
Cybersecurity encompasses the body of technologies, processes and practices that work in concert to protect networks, computers, programs and data from threats. Given today's rapidly changing technology climate, one very problematic element of cybersecurity is the relentless and evolving nature of security risks.
In order to combat these threats, online security training must be a priority for IT teams, but what's the most effective method for preparing employees for cybersecurity issues? During SearchCIO's recent cybersecurity-themed tweet jam, we asked our followers:
Before delving into training methods, many tweet jammers wanted to make clear that managing cybersecurity issues isn't solely the responsibility of the CIO or IT staff, but is rather an organization-wide undertaking:
A3 Cybersecurity is an org-wide effort. Training needs to be provided upon hire and updates provided often- possibly even quarterly #CIOChat— SearchCompliance.com (@ITCompliance) October 30, 2013
In addition to making online security training a company-wide effort, tweet jammers suggested it be incorporated into everyday culture. Employees must understand what common practices are causing security breaches and where significant threats lie:
A3: Security training needs to be part of the culture, not a skill. #CIOchat— Tim Crawford (@tcrawford) October 30, 2013
A3: Ex: CIO mandate use of VPN for email - employee send attachment via Yahoo mail instead of use VPN crap. #CIOChat— Cloud Borat (@cloud_borat) October 30, 2013
Is it enough to provide cybersecurity training upon hiring and again when certain security-related updates become relevant? Our #CIOChat partakers suggest a more effective way to train employees: gamification.
Offer incentives for employees that report suspicious cyber activity. Internal phishing tests work great as well. #CIOChat— Elliott Franklin (@elliottfranklin) October 30, 2013
Another suggestion, shared by our #CIOChat guest expert Elliott Franklin:
With more exciting and personalized training practices in place, who's the best person to lead employees towards adopting cybersecurity best practices? It may not be the CIO:
While our initial question suggested that many security breaches stem from employee gaffes, one participant instead pointed to IT leaders and their sometimes poorly thought-out technology investments:
A3: Most employee gaffe rootcause is often because CIO chose outdated technology. If too many gaffe, fire the CIO - it fix issue. #CIOChat— Cloud Borat (@cloud_borat) October 30, 2013
Who's to blame for the most common cybersecurity issues and breaches? Who's responsible for training employees on the latest online security threats? Let us know what you think in the comments section below, and stay tuned for more #CIOChat recaps from our cybersecurity discussion.
This was first published in November 2013