Security Awareness Month Tips: Small rewards can go a long way

Cyber security awareness month winds up today, but before it ends we’ve got more advice from Symantec to pass on to infosec pros that hopefully will be useful in their work.

It comes from Jamie Manuel, information protection manager at Symantec, who reminds CISOs that employee awareness training is always worth it.

“A lot of companies focus on external threats, which are important,” he said in an interview, “but in terms of educating employees they’re really the front line and their actions can greatly increase your odds” of being more secure.

So it’s important to make sure everyone on staff understand the organization’s security posture and how how doing – or not doing certain things can put the firm at risk.

The trick, of course, is getting the message through.

As we’ve written this month through our interviews and coverage from the SecTor cyber security conference, many experienced in the industry say repeatedly that security awareness training has to done more than once a year. Many think it should be done monthly.

This can be as simple as a monthly rotation of posters, a regular email blast. But Manual insists the message has to be drummed in – and the message has to have two themes, he adds: Not only is cyber security important to the company but to you in your personal online activities such as online banking.

One way to re-enforce the message is to give a reward for those who take and/or score high on awareness tests – and the reward is something functional such as a year’s subscription to anti-virus software, Manuel said.

Still, there’s a lot that isn’t getting though. Manual said he was “shocked” at a survey showing 69 per cent of Canadians think free publicly-available Wi-Fi is safe.

“As Canadians we don’t seem to understand [cyber security awareness] as well as other countries,” he said.

“It’s like you’re always told to stay healthy and eat right, but until you have a bit of a scare that can affect your bottom line it comes out of the fog and see things with clarity… but you want people to think about this all the time.”

Also this month Norrie Johnston Recruitment (NJR), British-based global executive search firm, released some interesting statistics on poor security practices by employees.

Twenty-three per cent of staff use the same password for different work applications, the company said, 17 per cent write down their passwords, 16 per cent work while connected to public Wi-Fi networks and 15 per cent access social media sites on their work PCs.

CISOs need to emphasize these points to staff, NJR says:

1. Beware of open wireless access points for sensitive online work including accessing corporate resources and sensitive personal sites involving finances and social media;

2. Before downloading mobile apps read the fine print. Why would a parking app need to access your photos, contacts, text messages?

3. Practice safe passwords AND password recovery: Not only should have unique passwords for every site – and use a password manager to keep them under control – your password recovery answer should have nothing do to with your life or anything anybody could possibly know about you – particularly your mother’s maiden name.

4. Use common sense: Banks rarely communicate important account information via email, so if you receive an email from your bank that does, either logon directly to your application (without clicking through from the email) or call them by phone to verify. Getting into the habit of never clicking on links within an email or opening unsolicited files will save you a lot of hassle.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now