How to promote
cyber security
within the company?
There are many different factors within a company or organization, and the strength of a work community often lies in the fact that people are different and everyone has their own strengths. However, it is a fact that the biggest cause of cyber security breaches and data breaches is human error. However, the underlying cause is usually not the intention to cause damage, but the errors are caused by haste, ignorance, and the fact that one does not understand the consequences of one's own actions and does not recognize, for example, phishing attempts.
A new study has revealed that while 86 percent of employees believe they can identify phishing emails reliably, almost half have fallen for scams. One in ten still hesitates to report a potential security problem due to fear or uncertainty. Information security company KnowBe4The study surveyed industry professionals and the report looked at the security behaviors of over 12,000 employees around the world. The report revealed that the relationship and trust between an employee and their employer greatly influences how an employee behaves when faced with a potential security risk.
Communicate about information security with practical examples
Often, a company's or organization's information security communication is formulated as tasks. In this case, the communication focuses on instructing employees by saying things like: "remember to update your software," "change your password," "don't click on links in emails," etc. The problem is that when this is done, no one develops a strong sense of why it is important to do those things and what the possible consequences of not doing them might be. Instead, communication should take place in a way that everyone working in the company understands the impact of their own actions.
When talking about information security, we need to discuss: why the practices exist, why someone might want to get their hands on company information and why It is important that everyone acts in the agreed manner. Things are usually best understood through concrete examples, so it is worth discussing cyber security breaches and data breaches that are reported in the public news together with the personnel when discussing information security issues. It would be desirable for the employees' mindset to shift to a more proactive direction and for risk observation to become a natural activity.
Information security doesn't have to be complicated
When advancing information security issues within a company, the same rules apply as in everything else. Leading by example is the most powerful message. Those in a higher position must show by their own example that these issues are important in the company and implement them themselves first. When implementing information security, clear and easy-to-follow messages are important, because information security and cyber security issues are usually complex. This means that easy-to-understand, practical information is needed, based on which everyone can act.
It’s important to remember that people often ignore best practices because they can create extra steps or slow down workflow. For example, strong passwords are hard to remember, two-factor authentication slows down logins, or software updates interrupt work. Security and convenience can often be at odds, but it’s essential to make sure everyone in your organization understands why it’s important to always choose security. Security policies and tools need to be easily accessible so they can be followed.
True cyber resilience improves with continuous training and testing. In addition to training, it is important that the workplace security culture is transparent and communication is clear to staff.
However, it is a fact that the biggest cause of cyber security breaches
and data breaches are caused by human error.
Information security professionals to help you
Small and medium-sized companies may not have a designated person responsible for information security or a large in-house IT department, so it is worth considering utilizing expert services. JMJping offers ICT services in a customer-oriented manner and at competitive prices. Our highly trained staff can provide comprehensive assistance in the entire ICT field. The certificates that demonstrate our expertise cover most software and hardware vendor products, from virtualization to firewalls.
JMJping´s services include, for example company information security assessment, on the basis of which actions and solutions are proposed to improve information security. In addition to information security surveys, we can also help, for example, to prepare the company's Information Security Policy and Data Protection Guidelines and train staff. The content of the training is always adjusted to the needs of the company so that the staff gets the best possible benefit from it. The content can focus on, for example, the following areas: information security and practices, cyber security (phishing and malware, as well as protection measures and procedures) or safe remote working. When employees understand why certain measures are in place, they are more likely to follow them. Training should not only explain the “how” but also the “why". If you need help improving information security and/or training your staff, contact us and we will design a package that suits you.
The aim of the information security assessment is to determine the level of information security of the company's current technical solutions. Information security is part of modern business and important information and its use must be secured in order for business to continue as normal.
Microsoft 365 The package includes, among other things, password policy, identity and email protection, information sharing, and third-party applications.
- Firewalls
- Remote work: SASE, Cato Network
- Data Center Services
- Surveillance systems
- Vulnerability assessments
- IT System Mapping
- Information security and practices
- Safe remote working
- Microsoft 365 environment
-
Cyber security: phishing and malware
as well as protection measures and operating instructions
