In today's tech savvy world, companies need to be proactive in their approach when preparing staff for a cyber security attack. Changing the attitude towards security and the culture of a company will help build one extra layer of protection against cyber criminals.
At the recent Cyber Security seminars held by Robert Walters across the UK it was highlighted that companies need to focus their efforts on preparing staff for a potential attacks so they understand the important of security and treat it like more of a priority.
Here we look at several key methods that can help contribute towards changing your employees' attitudes and behaviours towards cyber security risks.
Training & information source is key
Communicating critical IT updates across the business is not the responsibility of those who sit in the IT department. Rather, this information should be managed by individuals at a much higher level within the business who can echo IT concerns and emphasise the importance of security.
This is also the case for training. Many times companies have very old training programmes, not up to date for the latest security issues, or they treat it like it's just a big tick box exercise.
Businesses need to mould staff behaviours from the offset and training can be a real valuable source in helping to achieve this goal. Changing behaviours can be key in helping to identify areas of suspicion or irregularity within the business.
Where cyber security has worked well, is where it has been tailored. PAs, HR and software developers would also require similar training, yet when it's tailored it works much better. Communicating critical IT updates should be managed by individuals at high levels within the business who can echo IT concerns and emphasise the importance of security
One area we are seeing this work more and more is in the legal sector. Commonly in a law firm, administrators, solicitors and risk partners all have different levels of training. Today people are more tech savvy than ever before but not security savvy.
Appealing to the emotions of employees can be very powerful. Simulating a breach to get an emotional reaction can help members of staff realise the devastating impact a cyber attack can have on the company and as individuals.
Companies could do this by mocking up news stories about what could happen if they were to experience an attack.
Cyber attack drills
Nothing is more powerful than performing quarterly stunts within an organisation. Many companies have information security risk policies but don't do anything with it. Running drills on a regular basis can help prepare staff for what to expect and how to react in the quickest way possible. It would also be wise to include people from all departments of the organisation to let them know what you are doing and let them help you by telling you what you need to know.
BT is a business renowned for its controls and measures they have in place to manage their data. BT runs very complex drills. Frequently, they go beyond "table-top" to actually running an incident and will self-shut down a portion of their network to see how everybody responds.
They have a very aware employee culture and a key part of this was the development of the professionals in the industry.
Read more information on cyber security and the other topics discussed at the seminars here.
Contact us for more information about future technology seminars, or to have a confidential discussion about any of your recruitment needs please contact: