11 Ways to Develop a Cyber Risk MindsetKatherine Bodendorfer
In Order to Prevent, Mitigate, and Respond to Online Threats Embrace a holistic approach, that includes an optimized combination of technologies, methods, practices, and training.
How Can a Company Develop a Cyber Risk Mindset?
**-**Shift the focus away from the IT department: Cyber risk is not merely a technical problem. A 2018 Verizon Data Breach Investigations Report showed that 17% (one in five) of data breaches are the result of employee error. Cybersecurity is everyone's responsibility.
-Embrace transparent communication: What does it mean to be transparent? Broaden the conversation around cyber risks and encourage those involved in business operations to coordinate and act to prevent and respond to online crime and fraud. Outline your business objectives for your cybersecurity plan and discuss them with your employees. The combination of greater transparency, collaboration, and dialogue go a long way to fostering an understanding of cyber-related revenue and reputational risks.
-Report incidents without fear of consequences: If an employee sees something strange, there needs to be a platform in which they can report the incident without fear it will reflect negatively on them. According to Bob Noel, director of strategic relationships at cyber incident response company, Plixer, the reason why there is a failure to report incidents is a resistance in being transparent. "There is a culture and mindset that you keep security measures to yourself, because when you admit an incident, then you admit you screwed up,' Noel said in an April 16, 2018, Utility Dive article. 'As an industry and culture, we need to get beyond this."
-Shared Responsibility: It is important to hold everyone accountable for best practices. The 2018 Verizon Report illustrates that security breaches that occurred in-house were a result of careless users and poor password policies. The National Institute for Standards and Technology (NIST) Cybersecurity Framework created a global directive for cybersecurity and offers guidance on managing security risks and improving risk management policies. Read it here.
-Security Awareness Training: Each employee should have a solid understanding of the following security topics:
-Password Manager. RoboForm is a good place to start to manage a company's passwords and it's easy to install and use. Click here to view the product.
-How to properly back up data. Acronis offers a full system, a secure backup tool that Includes active protection from Ransomware. Click here to view the product.
-Overall best practices and policies of the company.
-Understanding the basics of phishing scams and ransomware attacks. KnowBe4 is a cybersecurity awareness and training platform that can help train employees to better manage the critical IT security problems of social engineering (this attack refers to the psychological manipulation of people to trick the users into making a security mistake or giving away sensitive information) and ransomware attacks (this is a type of malware that prevents or limits access to a system or network by encrypting files and withholding access until the victim pays a ransom to decrypt and/or release the files). Click
here to view the product.
-Do not just focus on familiar threats: Business leaders tend to focus on threats they are familiar with, like phishing attacks, but it is important to also be vigilant against future threats and concerns. Gaining an understanding of the key threats targeting your business sector today is the right step toward online crime and disruption prevention and it will only take a few minutes out of the day. Circulate stories and updates about cyber fraud and incidents across the team. During weekly briefs, mention an incident or attack method employees should be on the lookout for. KrebsOnSecurity.com covers the latest news on computer security and cybercrime.
- -Reward Successes: Reinstate a company's commitment by rewarding cyber risk awareness and action.
Need help protecting your company from online crime and fraud? Start here.