Top 10 Tips for Educating Employees About Cybersecurity

8/9/2019 Top 10 Tips for Educating Employees About Cybersecurity

1/15

TOP 10 TIPS FOR

EDUCATING EMPLOYEESABOUT CYBERSECURITY


2/15


3/15

• Explain the potential impact a cyberincident may have on your

organization’s operations and spell out employee obligations,

particularly with the use of mobile phones.

• It’s not enough to require an annual review and signing of

a “I have read and understand company IT policies.”

Tip #1: Regularly talk to employeesabout cybersecurity.

External Threats Experienced

In a recent survey conducted by B2B International and Kaspersky Lab, 94% of companiesreported some form of external threat. 1

Spam Viruses, worms,

spyware and other

malicious programs

Phishing attacks Network intrusion/hacking Theft of mobile

devices

6 0

5 5

6 5

6 0

5 4

5 1

5 8

6 0

3 4

3 5

3 6

4 0

1 4 2

1 2 1

2 5

2 5

2 3

2 6

2 9

Denial of Service (DoS),

Distributed Denial ofService Attacks (DDoS)

T he ft of larg er ha rdw are C or po rat e e spi on ag e Targ et ed attac ks

aimed specifically atour organizations/brand

Criminal damage

(including fire/arson)

1 8

1 7

1 5

9 4

1 9

1 4

1 3

9 4

2 0

1 7

1 4

1 0

4

2 2

1 9

1 8

1 5

7

% Of organizations experiencing each event

2011 (n=1,408) 2012 (n=2,376) 2013 (n=1,912) 2014 (n=2,119)

Significantly higher YOY

1 -B2B International and Kaspersky Lab, “IT Security Threats and Data Breaches,” October, 2014.


4/15

• Top managers are often targeted because:

– They have access to more information. The bad guys

recently targeted traveling executives using free hotel

Wi-Fi without encryption.

– IT bends the rules for them.

– The damage/financial payoff can be much bigger.

• With their unlimited power over the network, IT folks

are also vulnerable.

Tip #2: Remember that top managementand IT staff are employees, too!

https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/https://securelist.com/blog/research/66779/the-darkhotel-apt/


5/15

• Encourage cooperation, not just compliance.

• Create a policy sophisticated enough to cover all

possible attack vectors.

• Recognize that humans have weaknesses and make mistakes.

Tip #3: Explain to the employees that,while you make the best effort to securethe company’s infrastructure, a system isonly as secure as the weakest link.


6/15

• Since new employees start work all the time, cybersecurity

training should be part of your general onboarding activities.

• Consider different formats (e.g., Lunch & Learn).

• Make it useful.

– Most employees have PCs at home and relatives

who also need help.

• Make it relevant and responsive to real-world examples.

– Reference topical news stories.

– Use social media.

Tip #4: Have regular, focused sessionswith employees to explore different typesof cyberattacks.


7/15

• Beware of social media, blogs, and suspicious links from

unknown sources while at work or using corporate devices.

• Many cyberincidents begin with a phone call from someone

posing as a co-worker asking seemingly innocuous questions,

gathering information about the company and its operations.

• A cybercriminal exploiting social weaknesses almost never

looks like one.

Tip #5: Warn employees to pay specialattention to social engineering activities.


8/15

• Have policies in place that assume you’ll be infiltrated.

Don’t wait to react. Have a documented remediation planin place and update or review frequently

• Communicate step-by-step instructions about what to do

if an employee believes they’ve witnessed a cyberincident.

• Training needs to happen before there’s a problem.

Tip #6: Train employees to recognizean attack.

Don’t forget to include the basics:

• Physically unplug your machine from the network.

• Notify your administrator of any suspicious emails, unusual

activity, or if you lose your mobile device.

• If you can’t find your emergency IT number in 20 seconds or

less, start memorizing!

Trainings should include specific rules for email,

web browsing, mobile devices and social networks.


9/15

• Even if it’s a false alarm, it’s important not to discourage

employees for speaking up when a real cyberattack happens.

• If false alarms happen regularly, improve your training approach.

Tip #7: Never disapprove or make fun ofan employee who raises a red flag.


10/15

• A lack of transparency or improper handling of a cyberincident

may significant increase the impact of the event.

• Issue instructions about how to speak to the public and the

press about the incident.

• Have an internal communications plan and PR strategy in

place before anything happens.

• Consider insurance for cyberincidents.

Tip #8: If an incident happens, giveyour employees a heads-up as soonas possible.


11/15

• Make it relevant for their digital lives.

• Make it fun or rewarding (or fun and rewarding)

with incentives for prompt responses.

Tip #9: Regularly test employeescybersecurity knowledge


12/15

• If you force employees to change passwords every week, be

prepared that they will write them down and post them intheir workspaces.

• If it’s too difficult or complicated to access something they

need to do their jobs, they will find less secure work arounds

like personal email, USB sticks, and using colleagues to

bypass restrictions.

• Learn the root cause of unsafe behavior.

Tip #10: Invite, listen, and respondto feedback.


13/15

Systems Management & Actionable Patching

Create images

Store and update

Deploy

SYSTEM PROVISIONING

Track usage

Manage renewals

Manage licensecompliance

LICENCE MANAGEMENT

Install applications

Update applications

Troubleshoot

REMOTE TOOLS

HW and SW inventory

Multiple vulnerability

databases

VULNERABILITY

SCANNING

Automated prioritization

Reboot options

ADVANCED PATCHING

Guest policymanagement

Guest portal

NETWORK ADMISSIONCONTROL (NAC)

Kaspersky Security for Business

Vulnerability Scan

PatchManagement

Remote Tools

License Management

System Provisioning

(NAC) NetworkAdmission Control

Physical › Virtual › Mobile ›


14/15

Discover how Kaspersky Lab’s premium security can protect your

business from malware and cybercrime with a no-obligation trial.

Register today to download full product versions and evaluate

how successfully they protect your IT infrastructure, endpoints,

and confidential business data.

Get Started Now: FREE 30-Day Trial

GET YOUR FREE TRIAL NOW

Learn more at http://usa.kaspersky.com/business-security

Join the Conversation

#securebiz

Watch us on

YouTube

View us on

Slideshare

Like us on

Facebook

Read

our blog

Follow us

on Twitter

Join us on

LinkedIn

Visit our NEW

Knowledge Center

KASPERSKY

CYBERSECURITY

KNOWLEDGE

CENTER

http://usa.kaspersky.com/downloads/free-trials/business-security/http://localhost/var/www/apps/conversion/tmp/scratch_8/kaspersky.com/businesshttp://usa.kaspersky.com/business-securityhttp://usa.kaspersky.com/business-securityhttp://ow.ly/BQQfGhttp://www.youtube.com/user/Kasperskyhttp://www.youtube.com/user/Kasperskyhttp://www.slideshare.net/KasperskyLabGlobalhttp://www.slideshare.net/KasperskyLabGlobalhttps://www.facebook.com/Kaspersky.Businesshttps://www.facebook.com/Kaspersky.Businesshttp://business.kaspersky.com/http://business.kaspersky.com/https://twitter.com/kasperskyhttps://twitter.com/kasperskyhttp://www.slideshare.net/KasperskyLabGlobalhttp://www.slideshare.net/KasperskyLabGlobalhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://usa.kaspersky.com/business-security/cybersecurity-centerhttp://www.slideshare.net/KasperskyLabGlobalhttps://twitter.com/kasperskyhttp://business.kaspersky.com/https://www.facebook.com/Kaspersky.Businesshttp://www.slideshare.net/KasperskyLabGlobalhttp://www.youtube.com/user/Kasperskyhttp://ow.ly/BQQfGhttp://usa.kaspersky.com/business-securityhttp://localhost/var/www/apps/conversion/tmp/scratch_8/kaspersky.com/businesshttp://usa.kaspersky.com/downloads/free-trials/business-security/http://www.kaspersky.com/trials?cid=b2b_pdf_trial#tab=tab-3


15/15

About Kaspersky Lab Kaspersky Lab is the world’s largest privately held vendor of endpoint

protection solutions. The company is ranked among the world’s top

four vendors of security solutions for endpoint users2. Throughout its

more than 17- year history Kaspersky Lab has remained an innovatorin IT security and provides effective digital security solutions for large

enterprises, SMBs and consumers. With its holding company registered

in the United Kingdom, Kaspersky Lab operates in almost 200 countries

and territories, providing protection for over 400 million users worldwide.

Call Kaspersky today at 866-563-3099 or email us at

[email protected], to learn more about

Kaspersky Endpoint Security for Business.

www.kaspersky.com/business

SEE IT. CONTROL IT. PROTECT IT.

With Kaspersky, now you can.

2 The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published

in the IDC report “Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares” (August 2014, IDC #250210).

The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.

© 2015 Kaspersky Lab ZAO. All rights reserved. Registered trademarks and service marks are the property of their respective owners.

Top 10 Tips for Educating Employees About Cybersecurity

Documents

Transcript of Top 10 Tips for Educating Employees About Cybersecurity