Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Empowering Employees in the Age of Cyber Security

 Empowering Employees in the Age of Cyber SecurityCyber security has taken center stage among the issues employers must face head on, including developing policies and procedures to protect themselves against the risk of a data breach. This involves taking a more proactive approach including empowering employees to do more to beef up a firm’s cyber security.

In addition to implementing the latest firewalls, anti-virus software and data encryption, security awareness and training among employees are critical in helping defend an organization’s information assets and minimizing the exposures related to cyber risks. In fact, a trained and educated workforce is an organization’s best defense against increasingly sophisticated and persistent cybercriminals.

Employees (both new hires and for existing workers) should complete security awareness training on a range of topics, including but not limited to:

  • Importance of Security Policies: Present employee responsibilities regarding information security, the incident escalation process and how to protect data from malicious intrusion.
  • Cybersecurity Threat Landscape: Define the methods a cyber criminal may employ to access confidential data or systems and how employees can avoid being victims. Common social engineering threats targeted at employees include pre-texting, phishing via email or phone, and baiting.
  • Internet Use: Train your employees to recognize the signs of malicious activity, how it can spread and prevention strategies. Threats employees may encounter on the Internet include network spoofing, viruses, worms, password crackers and Trojan horses. Also, establish safe browsing rules and limits on employee Internet usage in the workplace.
  • Email: Identify what makes an email message suspicious, such as a strange subject line or unexpected sender, and how employees should handle the message. The best practice is to delete.
  • Mobile Devices: Communicate your mobile device policy to your employees for company-owned and personally owned devices used during the course of business.
  • Access Control Responsibilities: Train employees on how access controls and passwords are maintained and on expectations for employee behavior in both areas.
  • Preventing Identify Theft: Educate employees on how identify theft occurs, including shoulder surfing/eavesdropping and dumpster diving, how to prevent it, and what to do if they are a victim.
  • Reporting Insider Threats: Emphasize to your employees that if they see something suspicious, they need to say something. According to research at Carnegie Mellon University’s Computer Emergency Response Teams, most insider threats are first detected by other users who note something suspicious and report it. Users need training and awareness to know what to look out for and report it. And they must take responsibility for doing so.

Now is the time for people to take greater responsibility for the security of the information they work with every day and to be trained on how to do so. In addition, be sure your company has a strong Privacy & Network Security/Cyber Liability policy in place to step in the event of a data breach loss. There are many policies on the market today and choosing and crafting a policy that will address your firm’s specific risks is key in having a responsive insurance program. The professionals at Axis Insurance Services can help you secure the right Cyber policy for your firm. Just give us a call at (877) 787-5258 to discuss your specific needs.

 

 

Comments

comments

Blogged on: January 13, 2016 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions