Recognize reliance on cyber | MIT Technology Review

The world has changed dramatically in a short period of time — and changing careers along with this. The remote and office space is equipped with state-of-the-art technology – especially computer security – and shows that it is time to embrace human and technological connections.

Creating a fast, cloud-enabled environment is critical to fast-growing companies, enabling them to innovate, perform better, and compete with their competitors. Achieving a digital digital age, however, comes with a rapid growth problem that is often overlooked or neglected: internal risk, while another member accidentally or not – shares data or files outside of trusted parties. Ignoring the link between employee productivity and internal risk can affect both corporate competition and its foundations.

You can’t treat employees the same way you treat thieves

Internal risks include any user-user experience – security, compliance or competition – that imposes on the financial assets, reputation or performance of the company and its employees, customers, and peers. Thousands of user-driven and destructive incidents occur on a daily basis, ranging from accidental user errors, negligence of employees, or malicious users seeking to destroy the organization. Many users are at risk of compromising by accident, simply making decisions based on time and rewards, sharing and agreeing with the goal of maximizing their productivity. Some users are at risk for negligence, and some have malicious intent, if an employee to steal company data bringing to competition.

From a security perspective, organizations need to address internal risks as opposed to external risks. With threats such as hackers, criminal programs, and terrorists in countries, the intent is obvious – it is deceptive. But the intent of the workers at risk of trauma is sometimes unclear – although the results are the same. Employees may release data accidentally or as a result of negligence. Fully accepting this fact requires a change of mind for the security forces who have been working with the mind-blown bunker-riddled outsiders, holding their cards close to the garment so that the enemy does not realize how to defend. Employees are not enemies of the security forces or the company — in particular, they should be seen as allies in the fight against internal threats.

Transparency feeds trust: Laying the groundwork for education

All companies want to keep gemstones – source material, product design, customer lists – so they don’t fall into the wrong hands. Just think of the financial, historical, and operational risks that may arise as a result of the disclosure before an IPO, acquisition, or fundraising. Employees play an important role in preventing data leaks, and there are two things that need to be done turning employees into partners at risk: observation and teaching.

Transparency can be heard as opposed to cybersecurity. For security teams that use inconsistent assumptions about external threats, it can be difficult to define internal threats differently. Transparency is just about making sure both sides are reliable. Employees want to feel that their organization trusts them to make better use of data. Security forces should start from a reliable position, assuming that what many employees are doing is well-intentioned. But, as the proverb says about security, it is important to “trust, but prove.”

Monitoring is an important part of managing internal risks, and organizations need to be transparent about this. CCTV cameras are not hidden in all areas. Instead, they are often accompanied by placards announcing their presence in the area. Management should tell employees that their work is being maintained — but that their privacy is still respected. There are significant differences between data analysis traffic and read all employee emails.

Transparency creates interdependence — and with that foundation, the organization is able to focus on risk reduction by changing the way users teach. Meanwhile, security training and awareness programs are on the way. Fraudulent training is the first thing that comes to mind because of the success that has moved the needle and made the staff think before jumping. Outside of cheating, there is no additional training for users to understand, what they should and should not do.

At first, many employees do not know where their organizations are located. What programs are allowed to use? What are the rules for participating in these programs if they want to use them to share files? What data can they use? Do they have the right to the same? Does the organization really care? Cyber ​​security teams have a lot of noise made by employees doing things they should not be doing. What can you do if you just don’t make yourself available to answer such questions?

Teaching staff must be diligent and obedient. Urgently, in order to change staff practices, organizations need to provide short and concise training modules to educate and remind users of best practices. In addition, organizations need to respond with a small learning approach using less biting videos to meet other challenges. The security team should take a page from the advertisement, looking for repetitive messages that are delivered to the right people at the right time.

Business leaders once understand the internal risk not only is it a matter of security, but it is more closely linked to the culture of the organization and affects the business, they can have the opportunity to improve their skills, cope and succeed, and surpass their competitors. These days Combination of home and office workFor this reason transparency and education are essential to keep data out of the organization.

This was created by Code42. It was not written by the authors of the MIT Technology Review.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *