Cyber crime was ranked as the number one risk in North America and number five globally in Aon’s 2017 Global Risk Management Survey. And it is likely to have the same prominence in 2019.
Typically, organizations focus their efforts around cyber security on minimizing external threats. They turn to their IT departments to provide technological solutions or to bolster security levels. But what about the internal threat?
McAfee research shows that the root cause of 43 per cent of data breaches are said to be triggered by human behaviour - and half of these are caused, intentionally, by insiders.
Are employees the weak link in the chain? If so, what can be done about it?
Part of the solution is recognizing that tightening up cyber security is more than the responsibility of the IT department. It needs to be a firm-wide issue and approached holistically. The article offers four actions to take – but we would like to add a fifth.
- Set up a multi-disciplinary team
Involve technical, legal, compliance, HR and other functions to assess risk and areas of vulnerability. As a team, priorities can be agreed, technical remediation actioned and training programmes rolled out.
- Train employees to understand the risk and impact of data breaches
There’s a strong need to build understanding and resilience across the workforce. Training and internal communication forms the core of this. Employees must understand how to identify fraudulent behavior – and what to do about it – and to recognize the risks to their own devices.
- Manage personal data effectively
Organizations need to prepare data and cyber breach policies which are routinely tested and updated as needed. Access to critical and personal data should be restricted and robust ways to dispose of personal information developed. Data encryption should be implemented where possible.
- Develop a culture of trust
A culture of trust is critical. ‘Whistleblowers’ need to feel protected and all employees must understand the action to take should they believe a data breach to have occurred or will occur. Security must be regarded as a shared responsibility and that everyone has a role to play to safeguard the organization’s data and ensure security.
We believe that a critical component could be the inclusion of assessments to gauge ‘cyber readiness’. Our fifth action would be to:
- Select – and develop – the right talent
Include a set of assessments in your hiring process that identify those with cyber security awareness and who show the behavioral characteristics needed in security relevant situations. Understand the integrity of candidates - and look for those with a higher impulse control and ethical awareness. Check for the key competencies of learnability, curiosity, integrity, and agility as this will support an understanding of cyber readiness within the organization and show behavioral gaps that need to be addressed.
Read the full article - http://theonebrief.com/people-humans-cyber-greatest-risks/
About the AuthorMore Content by Lena Justenhoven