Security is Everyone’s Responsibility in the Organization

The days when security was only the IT department’s headache are long gone. Today, everyone in an organization has to take personal responsibility for security and network safety.

A big reason is the transformation in the modern workplace. In the past, IT departments had strict control over gateways, firewalls, and networks. With the advent of bring-your-own-device (BYOD) and 24/7 access to company networks, the perimeters are blurred. Employees are becoming the biggest vulnerability in the infrastructure.

Security is Everyone's Responsibility

According to a recent report, 87% of companies rely on the use of personal employee devices or BYODs. At the same time, human error is the top contributor to security breaches. The combination of the use of personal devices and the probability of human error increases security risks. Employees falling for phishing, ransomware, and malicious click-bait websites amplify the risk to the whole organization––and the consequences can be dire.

 

Protecting Your Organization’s Network Infrastructure

The influx of personal devices in the workplace means that IT departments can’t guarantee total control. So the only solution is to create systems and processes to manage the chaos. Here are some practical steps every organization can take:

Train Employees on Cybersecurity Best Practices

The first line of defense is your employees, so proper education is key. Every company should have a training program to teach employees about security. Training can help employees in the following ways:

  • Practice proper password etiquette. Employees should understand the importance of creating complex passwords and changing them regularly. Also, sometimes they don’t realize the repercussions of simple decisions. Writing down a password on a sticky note is a security risk. Sharing passwords with coworkers or others is a security risk. Teaching employees about avoiding these high-risk behaviors can improve an organization’s safety.

  • Avoid phishing scams and suspicious emails. Phishing scams and malware are getting sophisticated. Employees can get emails from scammers that look like they originate from legitimate financial institutions, government entities or even from their superiors at work. When employees are taught to recognize these scams, the probability of successful attacks diminishes.

  • Learn through test runs. Companies can use practice runs and “live fire” training exercises to orchestrate real-life cyber attack scenarios. Organizations can run these tests for phishing and ransomware attacks, collect data and use postmortem techniques to further solidify preventive measures.

  • Create good security habits. Regular training and discussions can help employees stay ahead of the latest hacking and cybersecurity threats by keeping safety top-of-mind. Continuous learning is the only way to protect against possible future attacks, so organizations should promote these good habits.

Create BYOD Policies

Use of private devices in the workplace has become the norm. Companies can’t stop the change. So the practical solution is to create usable BYOD policies. IT departments need to implement systems that will enable employees to easily register their devices. The policies need to be convenient so they don’t create hurdles to productivity. If nobody abides by the policies, the whole endeavor will be counterproductive. On the other hand, the rules need to be comprehensive enough to cover a wide range of use cases. The systems need to strike a delicate balance between usability and security. Companies can require all mobile devices to connect to a separate network, rather than the internal network that houses private and sensitive information. This will mitigate any issues that may arise if a mobile device contains malware and eliminate the spreading across the entire organization.

Create Acceptable Use Policies

Even though modern organizations try to be as flexible as possible, the line has to be drawn somewhere. Companies should assess their threat levels, discuss the issues with their employees, and set up acceptable use policies. These policies will differ widely between organizations. A bank or financial institution might have totally different requirements than a company that builds with mobile games. Each organization has to come to terms with what the acceptable use policies are within the scope of its business expectations.

Help the Organization Move Forward

It’s the responsibility of the organization’s leadership to find solutions that will make it easier for everyone to secure the infrastructure of the company. Untangle offers solutions to help organizations identify and manage insider threats, as well as BYOD and open Wi-Fi solutions that can simplify security policy implementations. To learn more, contact us today.

References:
Link 1, Link 2, Link 3, Link 4, Link 5