Log in
Log in

Creating a Cybersecurity Culture. Recommendations, 5 things to do and 5 not to do

By Fernando MateusIn Articles, Cyber Insider News, Cyberpsychology, Employee Cyber Risk, External articles, Strategic directionPosted
Cybersecurity Culture
Photo by Charles Deluvio on Unsplash

In these days we have seen how different experts point out aspects that we must take into account in order to expand the reach of cybersecurity and I don’t want to miss the opportunity to join that line of strategic awareness useful for the leaders of organizations of all sizes.

While reading the top security projects for 2020 2021 that, according to Gartner, all security and risk management leaders should focus on, I was looking the issues where Kymatio can best help our clients to improve (which by the way are many).

Suddenly a LinkedIn post catches my attention, it was from J. Eduardo Campos, (EMPA CISM CISA CISSP CPP)  who stated on LinkedIn:

“Make the human factor the “best” link by investing in people’s training, awareness, and well-being”.

The phrase, with which of course I completely agree, was part of a response to a post by Bret Arsenault, Corporate Vice President and Chief Information Security Officer at Microsoft who stated:

“Creating a cybersecurity culture at work becomes both more important and more challenging when employees work at home”, and continues… “Regardless of whether they’re in the office or working remotely, employees are your last line of defense against cyber bad actors. Adopting interactive training and frequently testing with realistic scenarios can help drive an effective cybersecurity culture”.

Mr Arsenault is a respected security leader across the industry and is recognized for his ability to navigate risk through innovative leadership and vision. He recommends reading Mark Soten´s article on Creating a Cybersecurity Culture Starts With Your Team.

Published on SecurityIntelligence, Mark recommends 5 do´s and 5 don´ts you must follow in order to improve your employees cybersecurity culture.

I want here to point out how Kymatio can help you meet these objectives:

From the Do´s

  • Do test your employees monthly. Work with your employees preferably in a monthly base and conduct monthly tests that can reap large security rewards:

Kymatio is designed to operate periodically with them with a monthly default basis.

  • Do allow for a simple process for employees to report suspicious emails:

Kymatio goes further and prepares people understanding  the different types of motivations behind the psychological manipulation techniques.

  • Do report program results to the C-suite (with easily digestible decks and graphs) as often as necessary:

Kymatio provides all the information necessary to understand the level of cyber risk, the strengthen requirements of the organization and the evolution of the metrics over time. Also facilitating at the personal level metrics for each person, also for the members of the C-level.

  • Do use constructive and collaborative criticism to deal with users or employees who don’t adhere to your prevention program.

Kymatio offers the best approach to quickly identify where they reside under the organization in order to start working with the cultural change.

  • Do use interactive training before testing your employees on anything.

Kymatio provides both, chat interactions to understand the employees needs and analysis of their evolution with situational cyber test sessions.

About the Don’ts (which are aligned with Kymatio’s philosophy)

  • Don’t be overly forceful or overbearing with the program.
  • Don’t forget to include managers, key stakeholders and relevant IT teams in the process.
  • Don’t use the same phishing test for each user or always send on the same day.
  • Don’t start your awareness program with complicated concepts.
  • Don’t forget to remind everyone in your organization that a robust security culture extends beyond the office to help employees keep safe at home as well.

At Kymatio we are completely aligned with the spirit of Mark’s words.
Remember that your employees are the last line of defense against threat actors.

Read the full article here:

https://securityintelligence.com/articles/creating-culture-cybersecurity-remote-work/

Contact now to learn how Kymatio allows you to manage the human cyber risk.

Contact us

Related information:

New Kymatio module prepares employees for social engineering techniques

Social Engineering Module

Related information:

Kymatio launches a module to manage the risks of employee’s digital exposure

El riesgo asociado a la explosión digital
Fernando Mateus

Fernando Mateus

https://www.linkedin.com/in/mateus/

Related Posts

Kymatio® qualified by the CCN (National Cryptologic Centre) for inclusion in the CPSTIC catalogue of products and services.
Redeia and Kymatio reinforce their commitment to protecting and raising awareness
Human cyber risk and the EU NIS2 Directive
Active cyber defense: Understanding and protecting ourselves from Spear Phishing