infosec

Mind The Gap: Cybersecurity In Corporate Training

Cybersecurity In Corporate Training

Over the years, I have had the opportunity to travel often for my career. Of all the cities I’ve visited, London is one of my favorites. On a recent visit, one thing became overwhelmingly clear; The city aims to build awareness in its citizens and visitors and to change their behaviorsHow so? You have probably seen a version of the famous London Underground sign: MIND THE GAP.

If you aren’t familiar with it, this insignia is displayed at the edge of train platforms to remind passengers of the gap between the walkway and the train car. The purpose of the message is to boost awareness and ultimately, alter passenger behavior. Similarly, this is also the purpose of training in corporations – to increase the awareness of employees, to change their behaviors and increase their safety.

Over the last few decades, companies have reacted to legal and financial threats, as well as safety threats, by building a collection of mandatory training for their personnel. Following the founding of OSHA in the 70’s, we saw a rise in training around safety-related behaviors, both in the field and in the office. In the 80’s, sexual harassment was a hot topic, and even lawyers joined the business of training clients on both the law itself, and the behaviors that were and were not acceptable. Following major ethical lapses and the Enron failure in 2001, corporations set their sights on ethics training. Today, those training topics are the norm, and new topics continue to be added in, such as cultural sensitivity, and improving diversity in the workplace.

These surges in training topics usually follow months or even years of accidents, injuries, lawsuits, and/or bad press. After years of data breaches, data privacy concerns, and the next wave of internet connected devices, cybersecurity has now reached that threshold. Given current risks to data privacy and work product, here is the question:

Why hasn’t cybersecurity awareness training been added to every corporate training program?

If we are aware of the gap, why aren’t we using training to lessen our risk? Look at the list of required training in your own company – you will likely find the classics, but is there anything focused specifically on cybersecurity?  Should you care? The answer is yes because, of course, the gap presents a risk to any business, especially considering following factors.

  • Unawareness
    Awareness is the first step to change. Unfortunately, the majority of people are largely unaware of the cyber risks they face every day at work. Ask the next 10 people you see, “Do you use the cloud at work?” Most will say no. Then ask if they’ve checked Facebook. The answer will be “of course”, but they are missing the fact that Facebook is cloud. What would happen if you called 10 users in your organization and asked for their passwords while masquerading as the Helpdesk? Research shows that a high percentage of people will willingly give you their password without asking for any verification.
  • The Rise of BYOD
    Gartner predicts that in 2017, 90% of organizations will support some aspect of a BYOD (Bring Your Own Device) strategy. As BYOD programs grow and users have more and more company data on their personal devices, employers are losing visibility over data and where it is stored. Additionally, in many countries, privacy laws make it difficult for a company to delete or recover data from an employee’s phone, so companies are losing access and control, as well.

Once aware, employees understand the risks and can adopt behaviors to better protect themselves and their organization’s data. They must limit exposure to risk by knowing what to, and what NOT to do.

Training can enlighten and empower employees, but safe cyber behaviors must be integrated into the culture, “baked in – not bolted on”, as they say. Phishing campaigns and other security initiatives can be included, in order to strengthen the overall training effectiveness. Train your employees from day one – Include cybersecurity training in onboarding, remind them in meetings, re-enforce the positive behaviors and track the risky ones. Build the cultural awareness, and reinforce it with annual refresher training. The cyber train is coming – Mind the gap!

By Ann Steel, Manager –  Enaxis Consulting

Cloud Syndicate

The 'Cloud Syndicate' is a mix of short term guest contributors, curated resources and syndication partners covering a variety of interesting technology related topics.

Contact us for syndication details on how to connect your technology article or news feed to our syndication network.

Using Cloud Analytics To Improve Customer Experience

Using Cloud Analytics To Improve Customer Experience

Evolution of Cloud Analytics Moving data to the cloud, once considered a strenuous task, has now become commonplace in most ...
Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords Simple passwords are no longer safe to use online. John Barco, vice president of Global ...
6 Blockchain Applications That Any Small Business Owner Can Use

6 Blockchain Applications That Any Small Business Owner Can Use

6 Blockchain Applications Although associated with the virtual currency bitcoin, blockchain technology can be applied across multiple industries, and it ...
Avoiding the IOT ‘Twister’ Business Strategy

Avoiding the IOT ‘Twister’ Business Strategy

IOT ‘Twister’ Most organizations’ ‪ IOT Strategy look like a game of ‪ ‘Twister’ with progress across important IOT capabilities such as architecture, technology, ...
Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies ...
Will 2018 Be the Year Augmented Reality Moves Outside ‘Pokémon Go’?

Will 2018 Be the Year Augmented Reality Moves Outside ‘Pokémon Go’?

2018 Augmented Reality If you’ve never heard of “Pokémon Go” — or at least never had the concept explained to ...
Tainted, crypto-mining containers pulled from Docker Hub

Tainted, crypto-mining containers pulled from Docker Hub

Security companies Fortinet and Kromtech found seventeen tainted Docker containers that were essentially downloadable images containing programs that had been designed to mine cryptocurrencies. Further investigation found that they had been downloaded 5 million times, suggesting that hackers were ...
Teradata Board of Directors Strengthens Cloud Expertise

Teradata Board of Directors Strengthens Cloud Expertise

Joanne Olsen brings significant cloud experience, including a mix of sales, support and product management Teradata (NYSE: TDC), the leading cloud-based data and analytics company, today announced the election of Joanne Olsen to its board of directors, ...
New Oracle Autonomous Cloud Services Ease Mobile Development, Data Integration

New Oracle Autonomous Cloud Services Ease Mobile Development, Data Integration

AI-based PaaS services cut costs and speed development of chatbots, data integration, and API management Oracle (NYSE: ORCL) today announced the availability of its next-generation Oracle Cloud Platform services featuring built-in autonomous capabilities, including Oracle Mobile ...