Cybersecurity in the Workplace is Everyone’s Business
October is National Cybersecurity month and this week we are looking at how to create a culture of cybersecurity in the workplace. When employees share the responsibility for cybersecurity it adds a level of awareness and security to the organization. This is true for small- and large-businesses, nonprofit agencies, academic institutions, and government agencies. We will take a look at how organizations can protect against common cyber threats.
Establish Security Policies for BYOD
Bring Your Own Device (BYOD) is when employees are allowed to use their own computers, smartphones, or other electronic devices for work purposes. It is vital that there are security policies in place for BYODs. In conjunction with the IT and security departments, there must be written policies in place to address cybersecurity. This starts with identifying what types of BYODs will be allowed on the network. Then those devices need to be protected against cyber intrusion. The company must have adequate detection software in case malware or ransomware tries to get through. How the company responds to a cyber incident needs to be written out, tested, and ready to go for the day it is needed. No plan is fool-proofed so a recovery strategy needs to be vetted as well.
These are the outlined steps to safeguard your organization against cyber threats:
- Identify: Conduct a full inventory of your most valuable assets, including what cybercriminals would want access if they were able to hack into your system.
- Protect: Assess your existing practices and what protective measures you will need to implement in order to defend against a cyber attack.
- Detect: Have security systems set up and in place that alert your team if an incident occurs, including the ability for employees to report problems.
- Respond: Have an Incidence Response Plan in place to contain an attack and maintain business operations in the short term.
- Recover: Make sure your Recovery Plan is ready to go to get your organization back to normal business operations as quickly as possible after an incident or breach, including assessing any legal obligations.
National Cyber Security Awareness Month (NCSAM) is an education initiative co-founded by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS). Check out the NCSA for tips and suggestions all month long on how to keep your family and business safe when online. The NCSA announced the launch of a new initiative, CyberSecure My Business. This project is a comprehensive program based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They will use interactive training, webinars, and online resources to help businesses be resistant to, and resilient from, cyberattacks.