Security Consulting: Service Providers

How to create a positive and effective cybersecurity environment instead of a shameful culture

You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game.

I once worked in an environment where adding users to Active Directory privileged groups was forbidden except via an official request approved by the individuals' managers. This was carefully monitored, and on one occasion an email went out to a massive group of people stating the policy had been violated and someone who was named directly in the email had updated a group without permission.

Several managers admonished the sender for calling out the alleged perpetrator, and one produced the very request that authorized the change, exonerating the individual and causing embarrassment for the accuser, who did apologize. However, that entire email thread should have been a face-to-face, private discussion with the employee and their manager.

This episode shows the wrong way to go about cybersecurity. Another is testing, like sending company-originated phishing emails to internal recipients to see if they can be tricked into clicking links which then take them to a page scolding them for falling for the content. That simply builds a wall between the end-users and the IT/security departments making users less likely to respect these groups. Positive reinforcement is the key to encouraging employees to want to comply for their good and that of the company, rather than fear of retribution or embarrassment. Even simple recognition from management for reporting phishing emails or completing training can suffice to build a positive environment promoting cybersecurity principles across the organization.

Information Security Consulting Services:

Shame is always a bad way to motivate an individual or the masses. It doesn't work for your kids (we've all tried), and it doesn't translate well to any other population. It might trigger some short-term responses, but fosters long-term resentment and a pent-up stockpile of ill will.

The approach should be to increase overall learning and the individual threat intelligence of every user. It's hard, it requires significant patience, but is way more effective than setting a trap and full-scale mockery of the transgressor. No one wants to publish their internal cybersecurity test results.

The general security intelligence of the average user and executives is fairly low so it's rare to see anyone airing their dirty laundry.

Openly discussing security initiatives, assisting your team in internalizing the global impact, and promoting wide-scale security evangelism as an organizational imperative, rather than an IT mandate, goes a very long way to securing the organization—certainly much further than the fired employee who was the poster child for the failed shame game phishing test.

Comments

Post a Comment

Popular posts from this blog

Abbott has a head start in the booming industry

Image
The latest report from the Kentucky Council on Postsecondary Education and the work market investigation firm Emsi projects that engineering employments are expected to increment by 11 percent throughout the next decade, creating around 3,000 occupations. Positions in manufacturing, engineering technology, industrial engineering, and civil engineering will drive growth in the job market. What is the civil engineering job market ? Morehead State offers a wide assortment of engineering technology projects to permit students to shape their education to suit their particular interests. The School of Engineering and Computer Science (SECS) is offering new four-year college education in systems integration engineering, as well as five new and modified programs in computer science (data science, cybersecurity, PC gaming, computer engineering, and advanced subjects). We also offer bachelors and postgraduate degrees in space systems engineering that put students on the modern edge of aviation t
Read more

Organizations are employing the most remote freelancer employees at present

Image
Unemployment has taken off in the United States because of the ongoing coronavirus pandemic, with almost 37 million individuals filing unemployment claims since March, as indicated by the Department of Labor. The Federal Reserve predicts that up to 47 million Americans will be unemployed a continuous quarter of 2020. computer programming freelance However, the same number of organizations ponder a lessening in business and unavoidable layoffs, others are as yet looking for employees. There was a 24% expansion in remote freelance employments accessible from March to April, as indicated by FlexJobs, the employment-search site that works in remote, part-time, and freelance positions. Collabera Collabera is a staffing firm that works with Fortune 500 organizations to provide types of services including consulting, application development, product engineering, and that are only the tip of the iceberg. Available remote freelance positions: Clinical director E
Read more

Instructions to update from Linux Mint 19.3 to the most recent version Mint 20

Image
Linux Mint is the best current Linux desktop. Its Cinnamon interface is simple to learn and utilize. It runs fast on PCs that would stifle on Windows 10. What's more, it's quick, secure, and functions well. In any case, updating with one significant release then onto the next? That is not all that simple. Be that as it may, you can do it if you follow to this bit-by-bit guide: Preparing YOUR MINT SYSTEM TO UPGRADE. That done. It's the time to get your present Mint 19.3 PC upgrade. You do this with the following steps: ·        Launch the Update Manager with "Menu - > Administration - > Update Manager." ·        Press the "Refresh" button to refresh the cache. ·        Click the "Select All" button to select all updates. ·        Press the "Install Updates" button. ·        Adhere to the directions from the Update Manager and install all updates until the manager lets you know "Your system is up-to-date." ·        R
Read more