Page 40 - Cyber Defense eMagazine December 2022 Edition
P. 40
teams. With new employees entering the organization at every level, the extent of cultural dissonance
increases, creating instability. Security professionals need to act quickly in response to security concerns
caused by this instability to protect their organizations during these volatile times.
Issues that commonly arise as employees transition out and enter the organization include the following:
● Potential data leaks - When employees leave, there's a high risk of sensitive data leaks. Poor
off-boarding processes and lurking emails may lead to data loss.
● Need for educational leveling - When new employees join the organization, even if security
training is well conducted, they are usually not on par with their peers. Unknown security habits
may put the organization at risk, requiring the need for supplemental training.
● Security oversight by employees - With fewer staff, employees are overburdened and
pressured. Security may be "forgotten" or neglected in the process.
● Lack of support for remote work –To support rapid employee recruitment, working at home is
a must. Remote work flexibility helps to attract and retain new employees.
● Training mobility – Remote work requires securing remote devices and dealing with new
employee behavior for inherent distractions - on the go and at home.
With these challenges confronting organizations, security teams should consider deploying the following
strategies:
1. Continuous Training – All employees are needed to protect against sophisticated phishing
threats and this has become even more complicated in light of The Great Resignation. Because
of the fractured and less-trained employee base, companies are at much greater risk. To mitigate
that risk, training needs to be frequent - at least once a month and short – to not add additional
burden to already burned-out employees. The training must also be positive so employees are
motivated to get actively involved in the cybersecurity effort.
2. Prioritize New Employees - Security depends on employee help and cooperation. Therefore, it
is important to establish best practices in the workplace. New employees with unknown
cybersecurity habits pose a high risk for the organization and need to level up their awareness
fast. Start with low difficulty, create a foundation, then continually promote learning to the next
level.
3. Implement data-driven Training - For a cyber awareness training program to be successful,
security teams must plan, operate, evaluate and adapt the training continuously. With data-driven
platforms, security teams can monitor campaign performance to fine-tune employee defenses
and build custom high-intensity training campaigns for high-risk groups, while also adapting the
training per employee locale - to optimize learning results.
4. Maintain Vigilance - Security itself is a full-time job. Keeping the training unpredictable to
maintain employee vigilance is an essential part of the process, such as surprising simulation
campaigns in a continuous cycle with the idea of catching employees off-guard – which deliver
Cyber Defense eMagazine – December 2022 Edition 40
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.