Security Consulting: Service Providers

How to create a positive and effective cybersecurity environment instead of a shameful culture

You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game.

I once worked in an environment where adding users to Active Directory privileged groups was forbidden except via an official request approved by the individuals' managers. This was carefully monitored, and on one occasion an email went out to a massive group of people stating the policy had been violated and someone who was named directly in the email had updated a group without permission.

Several managers admonished the sender for calling out the alleged perpetrator, and one produced the very request that authorized the change, exonerating the individual and causing embarrassment for the accuser, who did apologize. However, that entire email thread should have been a face-to-face, private discussion with the employee and their manager.

This episode shows the wrong way to go about cybersecurity. Another is testing, like sending company-originated phishing emails to internal recipients to see if they can be tricked into clicking links which then take them to a page scolding them for falling for the content. That simply builds a wall between the end-users and the IT/security departments making users less likely to respect these groups. Positive reinforcement is the key to encouraging employees to want to comply for their good and that of the company, rather than fear of retribution or embarrassment. Even simple recognition from management for reporting phishing emails or completing training can suffice to build a positive environment promoting cybersecurity principles across the organization.

Information Security Consulting Services:

Shame is always a bad way to motivate an individual or the masses. It doesn't work for your kids (we've all tried), and it doesn't translate well to any other population. It might trigger some short-term responses, but fosters long-term resentment and a pent-up stockpile of ill will.

The approach should be to increase overall learning and the individual threat intelligence of every user. It's hard, it requires significant patience, but is way more effective than setting a trap and full-scale mockery of the transgressor. No one wants to publish their internal cybersecurity test results.

The general security intelligence of the average user and executives is fairly low so it's rare to see anyone airing their dirty laundry.

Openly discussing security initiatives, assisting your team in internalizing the global impact, and promoting wide-scale security evangelism as an organizational imperative, rather than an IT mandate, goes a very long way to securing the organization—certainly much further than the fired employee who was the poster child for the failed shame game phishing test.

Comments

Post a Comment

Popular posts from this blog

A profession in mechanical engineering

Image
Mechanical Engineering is perhaps the widest field of Engineering; the experts can without simply discover their work in its expansive workplace. Are mechanical engineers in demand ? Mechanical Engineering jobs are not only profitable but also in high demand. Mechanical engineers are required to design, test, build, install, operate, and keep up a wide arrangement of machines that are utilized in multiple enterprises all through the nation. These experts can discover their services both in the government as well as private sector enterprises. There is always an extraordinary demand for master mechanical engineers in various sectors of the business. Cars and vehicle part manufacturers, Power plants, Space research, Aeronautical, energy and utilities, Air conditioning, Bio-mechanical industry are the significant areas that the mechanical experts have the openings for jobs. Other significant bosses incorporate different manufacturing plants, shipping industry, refrigeration indust...
Read more

Abbott has a head start in the booming industry

Image
The latest report from the Kentucky Council on Postsecondary Education and the work market investigation firm Emsi projects that engineering employments are expected to increment by 11 percent throughout the next decade, creating around 3,000 occupations. Positions in manufacturing, engineering technology, industrial engineering, and civil engineering will drive growth in the job market. What is the civil engineering job market ? Morehead State offers a wide assortment of engineering technology projects to permit students to shape their education to suit their particular interests. The School of Engineering and Computer Science (SECS) is offering new four-year college education in systems integration engineering, as well as five new and modified programs in computer science (data science, cybersecurity, PC gaming, computer engineering, and advanced subjects). We also offer bachelors and postgraduate degrees in space systems engineering that put students on the modern edge of aviation t...
Read more

Instructions to update from Linux Mint 19.3 to the most recent version Mint 20

Image
Linux Mint is the best current Linux desktop. Its Cinnamon interface is simple to learn and utilize. It runs fast on PCs that would stifle on Windows 10. What's more, it's quick, secure, and functions well. In any case, updating with one significant release then onto the next? That is not all that simple. Be that as it may, you can do it if you follow to this bit-by-bit guide: Preparing YOUR MINT SYSTEM TO UPGRADE. That done. It's the time to get your present Mint 19.3 PC upgrade. You do this with the following steps: ·        Launch the Update Manager with "Menu - > Administration - > Update Manager." ·        Press the "Refresh" button to refresh the cache. ·        Click the "Select All" button to select all updates. ·        Press the "Install Updates" button. ·        Adhere to the directions from the Update Manager and inst...
Read more