Camila Navarro

Changing Employee Security Behavior Takes More Than Simple Awareness

December 30, 2020,

Blogs

Employee Security Behavior 

3 colleagues working around a table

It’s no secret that workplace security is critical. With cyber attacks on the increase, more companies are working harder than ever before to establish an environment of cybersecurity. Additionally, they’re detailing this information to their employees.

More Than Simple Awareness

However, they have to do more than discuss a cybersecurity culture. Though employees know about the company’s new policies against cyber attacks it doesn’t mean they perform their due diligence. They still use uncomplicated passwords, pass sensitive data to other co-workers, and leave material out in the open for anyone to take and maliciously use.

Something else needs to be done so employees have to adapt to a cybersecurity culture mindset.

Regular Training

Regular training is a must. One online class about cybersecurity over the worker’s lifetime doesn’t help. Yearly or biannual education is a necessity.

It has to be more than computer security. Training has to discuss anti-money laundering (AML) tactics and the CIA triad for confidentiality, integrity, and accessibility. Furthermore, it needs to highlight the negative circumstances for the company and the employee if these security steps aren’t followed.

Multifactor Authentication

Despite training, employees continue to use simple passwords to access internal programs and machines. To minimize the risk of cyber attacks, companies must implement a multifactor authentication (MFA) policy.

MFA adds a second layer of access approval. Normally, this is via a numeric code sent to a worker’s smart device. As a result, cybercriminals have a harder time getting into a user’s account because they don’t have the smartphone or tablet to acquire the code.

Segregation of Duties

Another method that establishes a cybersecurity culture is the segregation of duties. An employee that handles payroll should not have administration access to a software program. Someone who is a level one customer service agent can’t have root access to important servers.

Segregation of duties does two things. First, it minimizes the risk of someone removing critical files by accident. Second, it reduces the risk of cybercriminals accessing administrative rights. Thus, they can’t add a virus or ransomware.

Overall, going beyond simple awareness will be painful at first. Those used to ease of access may get frustrated at the added limits. However, this is only temporary.

The more employees get used to the procedures and understand why, the more their security behavior will increase. Eventually, they will get used to these enhancements and any others added in the future to increase your company’s cybersecurity footprint

Leave a Reply