October is National Cyber Security Awareness Month, and Week Two focuses on the protection of data in the workplace. “We are all part of protecting personal and organizational data in the workplace. From CEO to incoming entry-level employee, each organization’s cybersecurity posture is reliant on a shared level of vigilance and awareness. Week 2 looks at how every employee can promote a culture of Cybersecurity at work.”[1]

In many cyber security breaches, it has been found that human error is to blame. People can be the weakest link in an organization because hackers use social engineering to capitalize on the weakness of the average man or woman. Hackers depend on humans’ fallibility to do something that they wouldn’t ordinarily do, like send personal information via email, click on a suspicious link, or initiate a wire transfer based on an email from the “CEO” or someone else in authority. This is the textbook definition of a phishing attack[2].

How can you train your employees and keep them from falling prey to one of these phishing attacks; or inserting a random flash drive into their computers that happens to be infected with malware; or protect their laptops and mobile devices that contain company files? Experts weighed in on the best ways to create a security culture in the workplace.[3]

  • Conduct simulations of phishing and spear phishing attacks;
  • Create a security campaign that is tailored to each type of employee, that creates a new company culture, not just scare tactics;
  • Utilize different departments to play a role in developing a culture of cyber-resilience, from the top down, and involve marketing, HR, legal, and finance departments;
  • Promotion, policies, awareness, and training;
  • Rewarding and recognizing good security behaviors; and
  • Keep it simple.[4]