Insights: Article

How to Secure Your People

By Mike Arvidson

January 20, 2017

When you think of your business’ security, what comes to mind?


Your password?

Your website restrictions?

Email filters?

Network firewall?

What about your human firewall?


Let’s face it, data breaches are fast becoming a probability rather than a mere possibility today. Gone are the days when business leaders could naively shake off the threat with an air of “it’ll never happen to us.”


But while developing a solid defense-in depth strategy is key, your tech is only one piece of your protection pie.


Having the right tools and policies in place is important, but you need to consider how your staff fits into the mix.


Social engineering tactics like email phishing still reign supreme. Today’s cyber-criminals know on a very basic level that your people are your business’s biggest weakness – and they’re looking to capitalize on it.


Security needs to be everyone’s responsibility. Your strongest defense is to build a solid human firewall. This requires looking beyond leading security tools or whitelisting tactics, and focusing on securing your people instead.


So, how do you secure your people against today’s modern cyber-threats?


Build your organization’s human firewall by focusing on the following three areas.


Hone & Adapt


Instead of a “one-and-done” approach to awareness training, break staff into smaller segments. Not only will this make the training more direct, but grouping team members by their roles or learning styles will allow you to target your message more effectively. A team of engineers, for example, will want a more technical style of training than, say, your marketing team.


Remain focused on the same high-risk areas in each training session – explaining policy and procedure in a What-Why-How model – but tailor to your audience. Not only will the smaller trainings be more interactive, but the message will be better received to actually improve participation.


Fresh Perspectives


Ever wonder why the more emails you send out to your team, the less they seem to know?


It’s likely because, despite your best efforts, they don’t find the information interesting or relevant to their day-to-day. You can’t repetitively distribute the same, tired security reminders and be surprised when engagement doesn’t improve.


Staying relevant to the latest cyber-crime news will keep your team informed and interested. Change up your communications with new impact drivers and “take homes” that they can apply to both their professional and personal lives.


It can also help to put a fun, competitive spin on your messages to drive staff engagement. Consider gamifying your security initiative with a gift card incentive for those “caught in the act” of doing good or a free lunch to the team that’s most policy compliant every quarter.


Build a Diverse Crew


It can also be helpful to form an internal “security squad” to reinforce your security practices on a more personal level.


Just as with other internal ops teams, it’s important to have a diverse group of members beyond just inherent “techies.” This group will serve as your front line. They’ll build excitement across your organization and will be the face of your security policies. They will also be your best bet to ensure training takeaways are actually being put to practice, and they can lead fun, protection-focused campaigns to increase participation.


Along with these tips, lean on industry best practice to define your business’ security policies and build out your awareness program. Sites like SANS Institute’s Tip of the Day and are great resources to get started.

Latest Insights

September 18, 2018
As the largest tax reform legislation in the past 30 years becomes reality, it is important to stay up-to-date on planning opportunities and how reform may impact you and your business. Our Tax Reform: Practical Insights examples aim to break down…
September 18, 2018
Get ahead of tax season with the Eide Bailly Tax Planning Guide. A supplemental strategy guide to help guide year-end and make the tax laws work for you.
September 18, 2018
The SCOTUS Wayfair decision has prompted a new focus on state and local tax compliance. The decision to register, report, and comply is important.
September 17, 2018
When an IRS Letter 226J is received, it is important to respond timely and with accurate information to eliminate, abate or reduce IRS calculated penalties
September 17, 2018
Firm News
Tom Goekeler, partner at Eide Bailly LLP, has been named chief practice officer of the South Central region, which currently covers our Oklahoma and Texas offices.
September 17, 2018
The recent US Supreme Court decision that overturned Quill in the South Dakota v Wayfair case has many states making or considering law changes related to sales tax compliance for out-of-state sellers.
September 12, 2018
The Tax Cuts and Jobs Act, signed December 22, 2017, significantly impacted inbound tax planning. Non-U.S. taxpayers doing business in the U.S. will need to consider the new tax laws.
September 12, 2018
Applications have made a huge impact on our lives, allowing us to keep track of the complexities of our day-to-day and save for our futures. But it’s important to understand where we are laying our trust.
September 12, 2018
The following steps outline key considerations for businesses as they work to comply with the new sales and use tax rules.