top 10 tips for educating employees about cybersecurity
TRANSCRIPT
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
1/15
TOP 10 TIPS FOR
EDUCATING EMPLOYEESABOUT CYBERSECURITY
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
2/15
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
3/15
• Explain the potential impact a cyberincident may have on your
organization’s operations and spell out employee obligations,
particularly with the use of mobile phones.
• It’s not enough to require an annual review and signing of
a “I have read and understand company IT policies.”
Tip #1: Regularly talk to employeesabout cybersecurity.
External Threats Experienced
In a recent survey conducted by B2B International and Kaspersky Lab, 94% of companiesreported some form of external threat. 1
Spam Viruses, worms,
spyware and other
malicious programs
Phishing attacks Network intrusion/hacking Theft of mobile
devices
6 0
5 5
6 5
6 0
5 4
5 1
5 8
6 0
3 4
3 5
3 6
4 0
1 4 2
1 2 1
2 5
2 5
2 3
2 6
2 9
Denial of Service (DoS),
Distributed Denial ofService Attacks (DDoS)
T he ft of larg er ha rdw are C or po rat e e spi on ag e Targ et ed attac ks
aimed specifically atour organizations/brand
Criminal damage
(including fire/arson)
1 8
1 7
1 5
9 4
1 9
1 4
1 3
9 4
2 0
1 7
1 4
1 0
4
2 2
1 9
1 8
1 5
7
% Of organizations experiencing each event
2011 (n=1,408) 2012 (n=2,376) 2013 (n=1,912) 2014 (n=2,119)
Significantly higher YOY
1 -B2B International and Kaspersky Lab, “IT Security Threats and Data Breaches,” October, 2014.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
4/15
• Top managers are often targeted because:
– They have access to more information. The bad guys
recently targeted traveling executives using free hotel
Wi-Fi without encryption.
– IT bends the rules for them.
– The damage/financial payoff can be much bigger.
• With their unlimited power over the network, IT folks
are also vulnerable.
Tip #2: Remember that top managementand IT staff are employees, too!
https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
5/15
• Encourage cooperation, not just compliance.
• Create a policy sophisticated enough to cover all
possible attack vectors.
• Recognize that humans have weaknesses and make mistakes.
Tip #3: Explain to the employees that,while you make the best effort to securethe company’s infrastructure, a system isonly as secure as the weakest link.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
6/15
• Since new employees start work all the time, cybersecurity
training should be part of your general onboarding activities.
• Consider different formats (e.g., Lunch & Learn).
• Make it useful.
– Most employees have PCs at home and relatives
who also need help.
• Make it relevant and responsive to real-world examples.
– Reference topical news stories.
– Use social media.
Tip #4: Have regular, focused sessionswith employees to explore different typesof cyberattacks.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
7/15
• Beware of social media, blogs, and suspicious links from
unknown sources while at work or using corporate devices.
• Many cyberincidents begin with a phone call from someone
posing as a co-worker asking seemingly innocuous questions,
gathering information about the company and its operations.
• A cybercriminal exploiting social weaknesses almost never
looks like one.
Tip #5: Warn employees to pay specialattention to social engineering activities.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
8/15
• Have policies in place that assume you’ll be infiltrated.
Don’t wait to react. Have a documented remediation planin place and update or review frequently
• Communicate step-by-step instructions about what to do
if an employee believes they’ve witnessed a cyberincident.
• Training needs to happen before there’s a problem.
Tip #6: Train employees to recognizean attack.
Don’t forget to include the basics:
• Physically unplug your machine from the network.
• Notify your administrator of any suspicious emails, unusual
activity, or if you lose your mobile device.
• If you can’t find your emergency IT number in 20 seconds or
less, start memorizing!
Trainings should include specific rules for email,
web browsing, mobile devices and social networks.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
9/15
• Even if it’s a false alarm, it’s important not to discourage
employees for speaking up when a real cyberattack happens.
• If false alarms happen regularly, improve your training approach.
Tip #7: Never disapprove or make fun ofan employee who raises a red flag.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
10/15
• A lack of transparency or improper handling of a cyberincident
may significant increase the impact of the event.
• Issue instructions about how to speak to the public and the
press about the incident.
• Have an internal communications plan and PR strategy in
place before anything happens.
• Consider insurance for cyberincidents.
Tip #8: If an incident happens, giveyour employees a heads-up as soonas possible.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
11/15
• Make it relevant for their digital lives.
• Make it fun or rewarding (or fun and rewarding)
with incentives for prompt responses.
Tip #9: Regularly test employeescybersecurity knowledge
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
12/15
• If you force employees to change passwords every week, be
prepared that they will write them down and post them intheir workspaces.
• If it’s too difficult or complicated to access something they
need to do their jobs, they will find less secure work arounds
like personal email, USB sticks, and using colleagues to
bypass restrictions.
• Learn the root cause of unsafe behavior.
Tip #10: Invite, listen, and respondto feedback.
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
13/15
Systems Management & Actionable Patching
Create images
Store and update
Deploy
SYSTEM PROVISIONING
Track usage
Manage renewals
Manage licensecompliance
LICENCE MANAGEMENT
Install applications
Update applications
Troubleshoot
REMOTE TOOLS
HW and SW inventory
Multiple vulnerability
databases
VULNERABILITY
SCANNING
Automated prioritization
Reboot options
ADVANCED PATCHING
Guest policymanagement
Guest portal
NETWORK ADMISSIONCONTROL (NAC)
Kaspersky Security for Business
Vulnerability Scan
PatchManagement
Remote Tools
License Management
System Provisioning
(NAC) NetworkAdmission Control
Physical › Virtual › Mobile ›
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
14/15
Discover how Kaspersky Lab’s premium security can protect your
business from malware and cybercrime with a no-obligation trial.
Register today to download full product versions and evaluate
how successfully they protect your IT infrastructure, endpoints,
and confidential business data.
Get Started Now: FREE 30-Day Trial
GET YOUR FREE TRIAL NOW
Learn more at http://usa.kaspersky.com/business-security
Join the Conversation
#securebiz
Watch us on
YouTube
View us on
Slideshare
Like us on
Facebook
Read
our blog
Follow us
on Twitter
Join us on
LinkedIn
Visit our NEW
Knowledge Center
KASPERSKY
CYBERSECURITY
KNOWLEDGE
CENTER
http://usa.kaspersky.com/downloads/free-trials/business-security/http://localhost/var/www/apps/conversion/tmp/scratch_8/kaspersky.com/businesshttp://usa.kaspersky.com/business-securityhttp://usa.kaspersky.com/business-securityhttp://ow.ly/BQQfGhttp://www.youtube.com/user/Kasperskyhttp://www.youtube.com/user/Kasperskyhttp://www.slideshare.net/KasperskyLabGlobalhttp://www.slideshare.net/KasperskyLabGlobalhttps://www.facebook.com/Kaspersky.Businesshttps://www.facebook.com/Kaspersky.Businesshttp://business.kaspersky.com/http://business.kaspersky.com/https://twitter.com/kasperskyhttps://twitter.com/kasperskyhttp://www.slideshare.net/KasperskyLabGlobalhttp://www.slideshare.net/KasperskyLabGlobalhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://www.slideshare.net/KasperskyLabGlobalhttps://twitter.com/kasperskyhttp://business.kaspersky.com/https://www.facebook.com/Kaspersky.Businesshttp://www.slideshare.net/KasperskyLabGlobalhttp://www.youtube.com/user/Kasperskyhttp://ow.ly/BQQfGhttp://usa.kaspersky.com/business-securityhttp://localhost/var/www/apps/conversion/tmp/scratch_8/kaspersky.com/businesshttp://usa.kaspersky.com/downloads/free-trials/business-security/http://www.kaspersky.com/trials?cid=b2b_pdf_trial#tab=tab-3
-
8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity
15/15
About Kaspersky Lab Kaspersky Lab is the world’s largest privately held vendor of endpoint
protection solutions. The company is ranked among the world’s top
four vendors of security solutions for endpoint users2. Throughout its
more than 17- year history Kaspersky Lab has remained an innovatorin IT security and provides effective digital security solutions for large
enterprises, SMBs and consumers. With its holding company registered
in the United Kingdom, Kaspersky Lab operates in almost 200 countries
and territories, providing protection for over 400 million users worldwide.
Call Kaspersky today at 866-563-3099 or email us at
[email protected], to learn more about
Kaspersky Endpoint Security for Business.
www.kaspersky.com/business
SEE IT. CONTROL IT. PROTECT IT.
With Kaspersky, now you can.
2 The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published
in the IDC report “Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares” (August 2014, IDC #250210).
The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.
© 2015 Kaspersky Lab ZAO. All rights reserved. Registered trademarks and service marks are the property of their respective owners.