Create a security culture.
Of all the security risks in your organization, the biggest one is your users. I know that’s kind of a bummer to hear, but humans are imperfect creatures and the margin for error in cybersecurity is infinitesimally small.
But your users aren’t just the villains of this story—in true narrative fashion, they are also the heroes. But putting your users on this hero’s journey is up to you.
It is an incredibly effective investment of your time and energy to teach them about the latest threats and how to avoid them. Make the effort to educate your workforce about how to spot phishing attacks, how to avoid ransomware, and the importance of exercising caution before clicking suspicious links or opening problematic attachments.
In addition to training, make sure your organization is very comfortable contacting you with questions or asking for advice when they see something that seems wrong—or if they’re concerned they may have made a mistake.
The goal is to create what I like to call a “Culture of Security Awareness.” I know this all sounds very optimistic, but I believe it’s easier than it seems.
To help you get started, here are some free resources you can use:
To learn more and get a few more ideas for your trainings, check out the Cybersecurity Campaign Playbook developed by the faculty and IT team at Harvard. The Avanan 2019 Global Phish Report is a also great resource for learning about types of phishing attacks and the latest threats.
Creating a Security Culture