infosec

Mind The Gap: Cybersecurity In Corporate Training

Cybersecurity In Corporate Training

Over the years, I have had the opportunity to travel often for my career. Of all the cities I’ve visited, London is one of my favorites. On a recent visit, one thing became overwhelmingly clear; The city aims to build awareness in its citizens and visitors and to change their behaviorsHow so? You have probably seen a version of the famous London Underground sign: MIND THE GAP.

If you aren’t familiar with it, this insignia is displayed at the edge of train platforms to remind passengers of the gap between the walkway and the train car. The purpose of the message is to boost awareness and ultimately, alter passenger behavior. Similarly, this is also the purpose of training in corporations – to increase the awareness of employees, to change their behaviors and increase their safety.

Over the last few decades, companies have reacted to legal and financial threats, as well as safety threats, by building a collection of mandatory training for their personnel. Following the founding of OSHA in the 70’s, we saw a rise in training around safety-related behaviors, both in the field and in the office. In the 80’s, sexual harassment was a hot topic, and even lawyers joined the business of training clients on both the law itself, and the behaviors that were and were not acceptable. Following major ethical lapses and the Enron failure in 2001, corporations set their sights on ethics training. Today, those training topics are the norm, and new topics continue to be added in, such as cultural sensitivity, and improving diversity in the workplace.

These surges in training topics usually follow months or even years of accidents, injuries, lawsuits, and/or bad press. After years of data breaches, data privacy concerns, and the next wave of internet connected devices, cybersecurity has now reached that threshold. Given current risks to data privacy and work product, here is the question:

Why hasn’t cybersecurity awareness training been added to every corporate training program?

If we are aware of the gap, why aren’t we using training to lessen our risk? Look at the list of required training in your own company – you will likely find the classics, but is there anything focused specifically on cybersecurity?  Should you care? The answer is yes because, of course, the gap presents a risk to any business, especially considering following factors.

  • Unawareness
    Awareness is the first step to change. Unfortunately, the majority of people are largely unaware of the cyber risks they face every day at work. Ask the next 10 people you see, “Do you use the cloud at work?” Most will say no. Then ask if they’ve checked Facebook. The answer will be “of course”, but they are missing the fact that Facebook is cloud. What would happen if you called 10 users in your organization and asked for their passwords while masquerading as the Helpdesk? Research shows that a high percentage of people will willingly give you their password without asking for any verification.
  • The Rise of BYOD
    Gartner predicts that in 2017, 90% of organizations will support some aspect of a BYOD (Bring Your Own Device) strategy. As BYOD programs grow and users have more and more company data on their personal devices, employers are losing visibility over data and where it is stored. Additionally, in many countries, privacy laws make it difficult for a company to delete or recover data from an employee’s phone, so companies are losing access and control, as well.

Once aware, employees understand the risks and can adopt behaviors to better protect themselves and their organization’s data. They must limit exposure to risk by knowing what to, and what NOT to do.

Training can enlighten and empower employees, but safe cyber behaviors must be integrated into the culture, “baked in – not bolted on”, as they say. Phishing campaigns and other security initiatives can be included, in order to strengthen the overall training effectiveness. Train your employees from day one – Include cybersecurity training in onboarding, remind them in meetings, re-enforce the positive behaviors and track the risky ones. Build the cultural awareness, and reinforce it with annual refresher training. The cyber train is coming – Mind the gap!

By Ann Steel, Manager –  Enaxis Consulting

Cloud Syndicate

The 'Cloud Syndicate' is a mix of short term guest contributors, curated resources and syndication partners covering a variety of interesting technology related topics.

Contact us for syndication details on how to connect your technology article or news feed to our syndication network.

Finding and Implementing Startup Tools

Finding and Implementing The Right Tools For Your Startup

Implementing Startup Tools Many startups believe implementing cloud tools help reduce operation costs as well as the time taken to ...
Economic Arguments For Cloud-Based ERP

Economic Arguments For Cloud-Based ERP

Cloud-Based ERP If your business has reached the point where an ERP system is necessary and it’s time to decide ...
Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks New tools and technologies help companies in their drive to improve performance, cut costs and grow their businesses ...
Don’t Forget Networking In Your Travel Plans To The Cloud

Don’t Forget Networking In Your Travel Plans To The Cloud

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to ...
David

De-Archiving: What Is It and Who’s Doing It?

De-Archiving I first heard the term “De-Archiving” a few months ago on a visit to a few studios in Hollywood ...
Technology Certification Courses

Top Five Technology Certification Courses To Choose From In 2018

Technology Certification Courses Gartner predicts that the global public cloud services market is projected to grow by 55 percent in the ...
3 Challenges of Network Deployment in Hyperconverged Infrastructure

3 Challenges of Network Deployment in Hyperconverged Infrastructure

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, ...
20 Leading Cloud CMS Wordpress Alternatives

20 Leading Cloud CMS WordPress Alternatives

Cloud CMS Wordpress Alternatives Content management systems (CMS) have grown exponentially in recent years. Their number and features have exploded ...
Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? In a recent study, almost all the businesses surveyed stated that big data analytics were ...
ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone ...