Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Rechercher Ressource - BlogRessource - WebinaireRessource - RapportRessource - Événementicons_066 icons_067icons_068icons_069icons_070

Blog Tenable

S'abonner
  • Twitter
  • Facebook
  • LinkedIn

Cybersecurity Awareness: Six Tips to Help Your Employees Be Cybersmart

Cybersecurity Awareness: Six Tips to Help Your Employees Be Cybersmart

We believe it's time for a new approach to cyber awareness, one that borrows on the concept of the shared responsibility model common in cloud computing. Here's how we get there.

How much consideration does the average employee give to cybersecurity in your organization? If you're like most, you'll see human behavior running the gamut from the zealous guardian, who reports suspicious activity on a regular basis, to the security scofflaw, who does everything in their power to circumvent safeguards in the interest of "productivity." 

In the 18 years since the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) first launched Cybersecurity Awareness Month, much has changed about the way we all live and work. Even before the COVID-19 pandemic, organizations in all sectors were undergoing digital transformation and migrating infrastructure and service to the cloud. The widespread move to remote work in 2020 only served to accelerate the pace of change already well underway.

Yet, a new global study commissioned by Tenable and conducted by Forrester Consulting reveals that many employees continue to view cybersecurity as a hindrance rather than a benefit. L'étude Au-delà des frontières : The Future of Cybersecurity in the New World of Work, surveyed 479 full-time employees working from home three or more days a week. While the vast majority (81%) consider protecting customer data to be somewhat or very important, more than half admit to using a personal device to access it. Equally concerning, the study reveals that:

  • More than four in 10 remote workers (44%) feel cybersecurity restrictions and policies make them less productive;
  • A third (36%) delay applying updates to their devices; and
  • Over a quarter (27%) admit to sometimes ignoring or going around cybersecurity policies. 

What do these findings mean for security leaders? It's safe to assume that, on any given day, a significant number of workers are avoiding basic cyber hygiene best practices, such as using only company-provided devices to access sensitive data, only accessing company systems and data via Virtual Private Network (VPN) and not connecting via public Wi-Fi.

So, what can be done about it? We believe it's time for a new approach, one that borrows on the concept of the shared responsibility model common in cloud computing. In this model, cybersecurity would be considered a corporate strategic objective from the top down. Every employee, regardless of position or rank, would have a "security scorecard" baked into their annual performance review metrics, given as much weight as the other measures of their success. Security leaders, in return, would commit to making it as easy as possible for employees to practice sound cybersecurity throughout their workday. 

6 tips for teaching employees how to be cybersmart

Moving to such a shared responsibility model is far more complex than it sounds. Creating a security scorecard for each employee would require robust asset management across business units so security leaders could have visibility into who owns each device or application and who they report to, and a centralized dashboard into which the findings could be continuously tracked. It would require careful attention to legal and regulatory concerns to ensure any measures put in place would respect the privacy of employees. And it would require significant resources to manage.

Yet, organizations can begin laying the foundations for such a model today. The following six tips offer ideas for how cybersecurity leaders can teach employees to be cybersmart:

  1. Start small. Identify one department or team within your organization and spend time with them. Learn how they work and ask them to identify any security practices and policies they feel are working well and provide honest feedback about the ones they feel are holding them back. 
  2. Make it seamless. Look for processes and solutions that reduce friction in the employee's workflow. Remember, the builders of consumer apps and devices prioritize engagement and ease of use; security tools and processes need to be engaging and easy to use, too, otherwise employees will avoid them.
  3. Ask for help. Consider working with your organization's human resources, internal communications or marketing team to find new ways to engage employees. You're the security experts, they're the communications experts. Joining forces could lead to fresh ideas on how to educate employees and implement a cybersmart culture.
  4. Explain the "why" behind your measures. Don't just tell employees what they need to do; help them understand why it matters to them. Show them how they can be part of the solution, not part of the problem. 
  5. Be available. Push your executives to include time for cybersecurity discussions during every companywide meeting so you can constantly reinforce the messaging and keep people up to date on new efforts. Schedule regular "ask me anything" sessions with employees so you can address any misinformation and encourage continuous learning.
  6. Make it worth their while. Understand what motivates employees and then build your program around that. For example, do employees at your organization respond primarily to financial incentives? Or do they prefer public recognition for their efforts? Does motivation vary by team or department? Take the time to learn what matters to everyone — ask what motivates the most zealous guardians and why the security scofflaws are avoiding your policies. 

While security leaders bear the greatest responsibility for keeping the organization safe, it's not something they can do in a vacuum. Building a cybersmart culture requires everyone in the organization, from the top down, to understand their roles and responsibilities. Finding the right mix of technologies, people and processes will help you increase the number of zealous guardians and reduce the number of security scofflaws in your organization. 

En savoir plus

Articles connexes

Êtes-vous à la merci des derniers exploits ?

Indiquez votre adresse e-mail pour recevoir les dernières alertes de Cyber Exposure.

Essayer gratuitement Acheter dès maintenant
Tenable.io ESSAI GRATUIT PENDANT 30 JOURS

Bénéficiez d'un accès complet à une plateforme de gestion des vulnérabilités moderne hébergée dans le cloud qui vous permet de consulter l'ensemble de vos assets et d'en assurer le suivi, tout en bénéficiant d'une précision inégalée. Abonnez-vous dès maintenant.

Tenable.io ACHETER

Bénéficiez d'un accès complet à une plateforme de gestion des vulnérabilités moderne hébergée dans le cloud qui vous permet de consulter l'ensemble de vos assets et d'en assurer le suivi, tout en bénéficiant d'une précision inégalée. Souscrivez votre abonnement annuel dès aujourd'hui.

65 assets

Sélectionnez votre option d'abonnement :

Acheter maintenant
Essayer gratuitement Acheter dès maintenant

Essayer Nessus Professional gratuitement

GRATUIT PENDANT 7 JOURS

Nessus® est aujourd'hui le scanner de vulnérabilités le plus complet du marché. Nessus Professional vous donne les moyens d'automatiser le processus de scan des vulnérabilités, d'écourter vos cycles de mise en conformité et d'impliquer votre équipe IT.

Acheter Nessus Professional

Nessus® est aujourd'hui le scanner de vulnérabilités le plus complet du marché. Nessus Professional vous donne les moyens d'automatiser le processus de scan des vulnérabilités, d'écourter vos cycles de mise en conformité et d'impliquer votre équipe IT.

Achetez une licence pluriannuelle et faites des économies. Ajoutez l'assistance avancée pour bénéficier de l'accès 24 h/24, 7 j/7 à une assistance par téléphone, via la communauté et via le chat. Cliquez ici pour plus d'informations.

Essayer gratuitement Acheter dès maintenant

Essayer Tenable.io Web Application Scanning

GRATUIT PENDANT 30 JOURS

Profitez d'un accès complet à notre nouvelle offre Web Application Scanning conçue pour les applications modernes et s'intégrant à la plateforme Tenable.io. Scannez l'ensemble de votre portefeuille en toute sécurité et avec une grande précision, sans effort manuel important ni interruption des applications web stratégiques. Abonnez-vous dès maintenant.

Acheter Tenable.io Web Application Scanning

Bénéficiez d'un accès complet à une plateforme de gestion des vulnérabilités moderne hébergée dans le cloud qui vous permet de consulter l'ensemble de vos assets et d'en assurer le suivi, tout en bénéficiant d'une précision inégalée. Souscrivez votre abonnement annuel dès aujourd'hui.

5 FQDN

3 578,00 $

Acheter maintenant

Essayer gratuitement Contacter le service commercial

Essayer Tenable.io Container Security

GRATUIT PENDANT 30 JOURS

Profitez d'un accès complet à la seule offre de sécurité des conteneurs intégrée dans une plateforme de gestion des vulnérabilités. Surveillez les images de conteneur pour détecter d'éventuelles vulnérabilités, malwares ou violations des politiques. Intégrez la solution aux systèmes d'intégration et de déploiement continus (CI/CD) pour soutenir votre démarche DevOps, renforcer la sécurité et assurer la conformité aux politiques de l'entreprise.

Acheter Tenable.io Container Security

Tenable.io Container Security permet la mise en œuvre sécurisée et fluide de processus DevOps en fournissant une visibilité sur l'état de sécurité des images de conteneur, notamment en ce qui concerne les vulnérabilités, malwares et violations des politiques, par le biais d'une intégration au processus de compilation.

Essayer gratuitement Contacter le service commercial

Essayer Tenable Lumin

GRATUIT PENDANT 30 JOURS

Visualisez et explorez votre Cyber Exposure, suivez la réduction des risques au fil du temps et comparez-vous à vos pairs grâce à Tenable Lumin.

Acheter Tenable Lumin

Contactez un commercial pour découvrir comment Lumin peut vous aider à obtenir une visibilité sur l'ensemble de votre entreprise et à gérer votre cyber-risque.