The importance of board-level security awareness & training

Dec 07, 2018 | | Security
board-level security

Security awareness is in our bones.

One of the first things you learn as a child when you’re sent off to school by yourself is to look left, then look right, look left again, and then, and only then, can you cross the street. This level of precaution is drilled into you so carefully that it echoes throughout other actions in your life. It affects the products you buy, the way you travel, and even the people you surround yourself with. Being careful is part of your early training.  Yet somewhere down this road as technology has advanced, the perpetual race to keep up with those Pesky Joneses has gotten the better of us as a species. We’ve become so engrossed in technology that we’ve given ourselves a wider platform to take in risk, and most of the time, we don’t even know it.

Security awareness isn’t just relevant to people within the IT or technology industry. Everyone, throughout all walks of life, should have some level of security awareness because we are all consumers. Nearly everyone has a smart device. A lot of households have Alexa or GoogleHome. We order groceries online. We purchase clothing from various vendors. And don’t forget about Amazon- the largest retail vendor on the planet. What do these bits of technology have in common?

Every single one of them are hackable.

It’s important, as a consumer, to understand that everything that’s not on paper is susceptible to a cyber attack. This way of thinking can give you anxiety. The world is training you to live in constant fear. There are nearly 1400 vendors on the market claiming to give you peace of mind by securing your systems. How do you make smart choices and avoid living in fear and also employ the right company to keep your information safe? It comes down to having a strong sense of security awareness.  An employee or business owner can apply this mindset.

Says Global Sales Enablement Director, Emma Coker, “We are trying to help people be less afraid. We have an ethical responsibility to stand up for what security means for every age and for every era. With every age group comes specific challenges and we aim to help businesses tackle those challenges with our training sessions and consultancy.”

Within any company, this awareness shouldn’t only come from the top down.

You can’t expect the organization to have a granular understanding of important issues if your company’s board doesn’t.  Of course, a hugely important issue concerns who is communicating to the board – a CIO, a CISO, or (perhaps best of all) a CISO with a business background, able to effectively discuss cybersecurity in the context of the wider business narrative. This infographic explores the issue further.

We recently saw a headline that nearly all UK companies were hit by security incidents last year. Nearly all! 97% of the companies admitted they’d fallen victim to a significant security threat which means millions of dollars were spent in remediation. User error plays a huge role in these events. If the people in charge had taken appropriate precautions, could any of these incidents have been prevented?

Of course.

You’ve heard the term ‘phishing’ but things have gotten so bad in the security department, there’s been an upgrade in terminology called ‘whaling’.

Whaling is exactly as it sounds—the hunt for the bigger fish—the C-level person. This type of high-level attack can cause devastation to everyone. Think of the newly minted CFO from Mattel who found an email in her inbox from (whom she thought) was her new boss requesting a $3mm transfer. No one is immune to this type of attack, or even something much worse. Luckily the Mattel story has a happy ending, but that’s a rare circumstance.

It takes time to properly educate the C-suite and board of any company. You need to take action. You can’t wait for actions to be taken.

This is imperative when combating security threats within your organization. Your board should be setting an example to the business. Once they are properly trained (and we mean every member of the board), they can then align the rest of the business. Each department is held accountable for the well-being of the organization. They can bring back their knowledge to the wider organization. Here are 4 areas to focus on for the remainder of the year:

  1. Ensure all your employees know what social engineering is.
    They may know the term, but do they know that they’re usually the cause of most of these types of attacks? Do regular check-ins with your team to keep their awareness up.
  2. Adopt a zero-trust environment
    With the end of the year party invitations and holiday photos being sent around, you never know where a potential harmful link is lurking. Right now, a zero-trust environment is vital.
  3. Teach your colleagues about digital precautions
    Get another pair of eyes on an email before you click a link. Share suspicious looking items with your colleagues. “If you see something, say something.”
  4. Teach your organization to say “no”
    Your employees don’t have to answer any questions over the phone or email. Even if they seem innocuous, the simplest bits of information could potentially be the keys a hacker needs to unlock doors to your organization.

To learn more about the different aspects of creating a strong security culture, download the full eBook now.

Share this post

Share this post on your favourite social media platform.

Find this article useful?

If so please click here