Insights: Article

How to Secure Your People

By   Mike Arvidson

January 20, 2017

When you think of your business’ security, what comes to mind?


Your password?

Your website restrictions?

Email filters?

Network firewall?

What about your human firewall?


Let’s face it, data breaches are fast becoming a probability rather than a mere possibility today. Gone are the days when business leaders could naively shake off the threat with an air of “it’ll never happen to us.”


But while developing a solid defense-in depth strategy is key, your tech is only one piece of your protection pie.


Having the right tools and policies in place is important, but you need to consider how your staff fits into the mix.


Social engineering tactics like email phishing still reign supreme. Today’s cyber-criminals know on a very basic level that your people are your business’s biggest weakness – and they’re looking to capitalize on it.


Security needs to be everyone’s responsibility. Your strongest defense is to build a solid human firewall. This requires looking beyond leading security tools or whitelisting tactics, and focusing on securing your people instead.


So, how do you secure your people against today’s modern cyber-threats?


Build your organization’s human firewall by focusing on the following three areas.


Hone & Adapt


Instead of a “one-and-done” approach to awareness training, break staff into smaller segments. Not only will this make the training more direct, but grouping team members by their roles or learning styles will allow you to target your message more effectively. A team of engineers, for example, will want a more technical style of training than, say, your marketing team.


Remain focused on the same high-risk areas in each training session – explaining policy and procedure in a What-Why-How model – but tailor to your audience. Not only will the smaller trainings be more interactive, but the message will be better received to actually improve participation.


Fresh Perspectives


Ever wonder why the more emails you send out to your team, the less they seem to know?


It’s likely because, despite your best efforts, they don’t find the information interesting or relevant to their day-to-day. You can’t repetitively distribute the same, tired security reminders and be surprised when engagement doesn’t improve.


Staying relevant to the latest cyber-crime news will keep your team informed and interested. Change up your communications with new impact drivers and “take homes” that they can apply to both their professional and personal lives.


It can also help to put a fun, competitive spin on your messages to drive staff engagement. Consider gamifying your security initiative with a gift card incentive for those “caught in the act” of doing good or a free lunch to the team that’s most policy compliant every quarter.


Build a Diverse Crew


It can also be helpful to form an internal “security squad” to reinforce your security practices on a more personal level.


Just as with other internal ops teams, it’s important to have a diverse group of members beyond just inherent “techies.” This group will serve as your front line. They’ll build excitement across your organization and will be the face of your security policies. They will also be your best bet to ensure training takeaways are actually being put to practice, and they can lead fun, protection-focused campaigns to increase participation.


Along with these tips, lean on industry best practice to define your business’ security policies and build out your awareness program. Sites like SANS Institute’s Tip of the Day and are great resources to get started.

Latest Insights

July 19, 2018
While it’s great to watch your team grow, hiring new employees can be a frustrating and grueling process.
July 19, 2018
Often, human resources (HR) is over looked, but we’re here to tell you it’s an essential component of any organization and critically important to get right.
July 13, 2018
Here are some idea for giving your new hire a smooth start into your business and alleviating stress for you.
July 13, 2018
The impact of the recent SCOTUS Wayfair decision will continue to have a ripple effect on businesses and state sales tax compliance.
July 9, 2018
The revenue cycle is a complex system and we have historically given much attention to the front-end and back-end while oftentimes leaving the middle functions of the cycle neglected.
July 3, 2018
FASB Accounting Standards Codification Topic 606, Revenue from Contracts with Customers, provides a 5-step framework for determining revenue recognition.
July 2, 2018
As part of the Tax Reform Act of 1986, the “Kiddie tax,” a taxing regime designed to make the transfer of income items by wealthy parents to lower tax paying children less attractive, was implemented.
July 2, 2018
When it comes to your employees, you likely conducted interviews on them when you first hired them.
July 2, 2018
Nearly ten years after the release of the initial exposure draft, FASB issued ASU 2016-02, Leases - The standard may have been issued, but the conversation about this re-write of legacy guidance has not slowed.