Page 223 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 223

Crucially, employees should not be named and shamed, nor should their failure to recognize a phishing
            email lead to any disciplinary action.

            Demotivated  employees  will  understandably  be  much  less  interested  in  taking  their  company’s
            cybersecurity procedures seriously, or making any improvements. In a world where artificial intelligence
            is going to make nefarious online activity much harder to spot, obtaining buy-in from employees for
            activities like this is more essential than ever.

            Along with training, it is also important that employees understand the threats facing the business they
            work for, so providing time during work hours to complete cybersecurity training courses and access
            educational resources is essential. The quickest way to ensuring they treat it like a priority is to make it
            one yourself.

            A similarly human approach must be applied to most procedures and standards. For instance, while
            enforcing routine, company-wide password resets is a good thing, doing so too frequently can lead to
            password fatigue and weaker credentials overall.

            Making it as easy as possible for employees to report incidents or suspicious correspondence  - and
            continuously assessing its efficacy - will give your IT the clearest picture of the types and frequency of
            threats posed to your company and the ability to respond quickly.

            Of course, the foundational organizational principles that govern most well-oiled work processes - such
            as having clearly defined chains of responsibility and accountability - must be applied to your company’s
            cybersecurity strategy.

            In summary, successfully reducing human error is only possible by first thinking about what makes your
            employees tick. While it continues to have a big hand in the majority of data breaches, it should remain
            a key focus for all businesses and their respective IT teams.





            About the Author

            Aaron Drapkin is a lead writer at technology news and reviews site Tech.co who
            mainly covers cybersecurity, artificial intelligence, and productivity software. He
            has written articles that have appeared in ProPrivacy, The Week, Vice, Wired,
            Metro, and politics.co.uk covering a wide range of topics, and has been quoted
            in several major US and UK outlets discussing digital privacy, online scams,
            and AI.















                                                                                                            223
   218   219   220   221   222   223   224   225   226   227   228