NCSAM – Week 2 – Cyber from the Break Room to the Board Room
Week 2: October 10-14, 2016 – Topic: Cyber from the Break Room to the Board Room
We are all part of protecting personal and organizational data in the workplace. From CEO to incoming entry-level employee, each organization’s cybersecurity posture is reliant on a shared level of vigilance and awareness. Week 2 looks at how every employee can promote a culture of cybersecurity at work.
Let’s start at the top. As a long standing board member of an organization, cybersecurity might seem like a topic in its infancy. “Why do we have to talk about this now… and here” was a common phrase spoken in the boardroom roughly five years ago. Today, board responsibility regarding security has never been greater. Risk acceptance lies with the board, which means that there has never been a more important time to understand cyber threats, cyber risk, and security awareness.
Executive and general management professionals have a responsibility of their own, related to cybersecurity. These are the individuals whose credentials are the most valuable. More of a curse than a blessing, these leaders are the ones the hackers will be targeting. Often times, Chief Financial Officers are attacked with, and fall for, common scams like CEO Wire Fraud. In some cases, when information security team members are performing a social engineering or phishing test, they will not target management out of fear of being reprimanded for fooling them. Unfortunately, if these individuals do not receive the training they need to identify red flags within a phishing message, they could be susceptible to falling for a scam and wiring a potentially detrimental amount of money.
Middle management and staff level employees are critical to an organization’s survival. This is the largest group of employees, which equates to massive sample size for an attacker. If one of these staff members happens to click on a malicious email, it could be game over for their company. It’s important that these individuals understand their role regarding information security and stay up-to-date and educated on emerging threats and security trends.
Every individual within an organization plays a crucial role in securing the technical infrastructure, whether they like it or not. From the break room to the board room, all employees must continue to ensure the confidentiality, integrity, and availability of sensitive data their company maintains. A company is only as secure as its weakest link – don’t let that be you!