information security

We’re all bombarded with emails. Some of my colleagues receive more than a thousand per day. It’s easy to delete the ones we consider spam, those that sell faulty products or have been advertising the same conference for the past six months. As an information security professional – someone whose entire world revolves around technology – I receive many articles from vendors selling their services, software and hardware. I was about to delete another email I recently received, but the title caught my eye.

Teaching Employees to Avoid Cybercrime

Like others in the cyber security field, I am constantly looking for new and better ways to educate my colleagues about protecting themselves, their assets and the company against cybercrime. I recently received an email from Kaspersky Labs that listed 10 easy rules to follow when educating your team about cyber security. I’ve included my understanding of their list below. It’s simple and will hopefully drive conversation around the importance of protecting your cyber footprint.

These 10 Cyber Security Best Practices Will Protect Your Information and Assets

  1. Communicate – Regularly talk to employees about cyber security.
  2. Include Everyone – Remember that top management and it staff are employees too.
  3. Explain – The company’s infrastructure is only as secure as the weakest link.
  4. Educate – Conduct quarterly sessions with employees to teach them about the different types of cyber attacks.
  5. Beware – Ensure employees know the various types of attacks.
  6. Train – Make sure employees know what to do if they’ve been hacked
  7. Be Kind – As tempting as it is to send a mass company email teasing someone about falling for a false email, don’t. This discourages others from coming forward if they fall into the same trap.
  8. Notify – As soon as an incident occurs, alert your company so everyone is on the same page.
  9. Test – Regularly test your employees’ cyber security knowledge.
  10. Listen – Create an online survey for employee feedback on where they want to receive more training. Invite, listen and respond to feedback.

Do You Have Any Points to Add to This List?

As I’ve mentioned in previous posts, there is no way to completely guarantee against cyber threats, but at the very least, this list provides key discussion points that remind each of us – even security professionals – to take responsibility to protect our clients’ and organization’s data from infringement or compromise. The entire organization bears the responsibility to protect against cyber attacks. Got any additional best practices you’d like to suggest? Go ahead and share them here.