What's the biggest mistake companies make about their security strategy?
Think about it for a second.
You probably guessed paying too little, not having a strategy, having the wrong technology, or something related to one of those three categories.
Those are good guesses – and they ARE causes of information insecurity for businesses in the United States and around the world.
For the sake of argument, let's say you have a strategy and have payed for the right amount of security infrastructure (network, consulting, staff). That's great.
If you aren't aren't training your users on security best practices, you increase your risk of a data breach.
Heck, even with the best training, users still will make mistakes.
After all, they're only human.
How can you cover all of your network and information security bases?
You probably guessed already: training.
Not taking the time to train employees is a huge mistake companies make. And that's companies of every size in every industry. I'm not talking about training about how to create a password, but regular, ONGOING training that reinforces how important employees are when it comes to network and information security.
I've mentioned before that employees are a network and security risk:
- Your Biggest Network and Data Security Challenge: Your Employees
- Your Employees COULD Be Your Biggest Data Security Headache
Insecurity From the Inside
A breach report from IBM reveals that 45% of breaches were from insiders – some malicious, while others were merely clueless.
Constructing a strategy that protects only against threats from the outside is essential, but only half the battle. You can't ignore the internal, employee side of security.
Here are a few suggestions for training. The most important suggestion is – train everyone in the company about information security!
I wrote about one key training tip last week. You can read about it here: Cybersecurity Training Tip – Why Explain Why.
Don't ignore technology. By now, you should understand the privacy, risk, and security implications of mobile devices. Companies lagged behind creating policies for including smart phones in their IT and security policies. Some new technology that will disrupt how we work is being developed right now. Keep your eyes open and don't think your security policy is ever “finished.”
Weed out bad actors from the start. Have HR vet potential employees against federal registries, especially for sensitive or important security positions. There's always a risk of an employee becoming disgruntled while working at your company, but you should do your best to avoid bringing in a bad apple from the beginning.
Review policies. Ensure everyone knows that a policy exists. Make them sign off on the policy and remind them frequently that it exists.
Trust, but verify. Have oversight so that no one person can throw your entire security plan off balance.
Training. Regularly (that means probably more than once/year) bring employees together to review security policy or alert them to the latest hacker tricks – like increasingly sophisticated social engineering fishing attacks.
We've put together 53 security tips for you to use. Download a copy for yourself by clicking on the image below.