Leveraging the human aspects of security is one of the impactful ways of ensuring security measures have a better chance of being embraced by employees and stay part of the culture within the organisation.
"Human factors and cyber security go hand-in-hand," says Shira Rubinoff, president of SecureMySocial, who will present on "How to create proper cyber hygiene within your organisation - and why doing so is critical across all industries", at ITWeb Security Summit 2019, to be held from 27 to 31 May, at the Sandton Convention Centre.
She says in order to be "cyber-secure", not only do the elements of security technology have to be addressed, but those of the human as well. "How humans are approached with security compliance will affect the level of security and/or lack of security within the organisation."
According to Rubinoff, making the human the solution to the security problem in an organisation will not only empower its employees, but will nurture a loyal, strong, cohesive workforce that is bound together in ensuring the business is secure from the inside out.
"Achieving proper cyber hygiene in an organisation is crucial for all organisations. Not only to curtail insider threats (from all four vectors: oblivious, negligent, malicious and professional) but also to create cohesive, dedicated and loyal employees who feel committed to the organisation and the security it is positioned to achieve.
She says implementing proper cyber hygiene in a business needs to have four steps addressed. Firstly, continuous training for all employees, from janitor to intern, to consultant to CEO, irrespective of the role they play in the organisation. Next, Rubinoff cites continuous global awareness throughout the company. Number three is updated security and patching on a regular basis, and finally, she says a zero-trust model needs to be implemented.
"When positioning security culture, dialogue and collaboration are key. Don't make your employees the problem, make them part of the solution. It is very easy to point fingers at someone and call them the problem," she explains.
Rubinoff says instead of negative conditioning of behaviour, empower employees to be part of the solution. "Continuous training and awareness will keep the protocols fresh, and their minds sharp, but make sure to gather feedback: collaboration is extremely effective."
She says it is also important that employees feel supported by the management team, knowing that if they report something it will be welcomed, not frowned upon for possibly "blowing a false whistle".
"In this case, the mindset of an employee may be that if I stay quiet and just do as I'm told, I will not be held responsible for a problem, or I don't want to look dumb if I say the wrong thing. Encouraging openness will also create a better work environment for your team," she concludes.