Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 部落格

訂閱

Cybersecurity Awareness: Six Tips to Help Your Employees Be Cybersmart

We believe it's time for a new approach to cyber awareness, one that borrows on the concept of the shared responsibility model common in cloud computing. Here's how we get there.

How much consideration does the average employee give to cybersecurity in your organization? If you're like most, you'll see human behavior running the gamut from the zealous guardian, who reports suspicious activity on a regular basis, to the security scofflaw, who does everything in their power to circumvent safeguards in the interest of "productivity." 

In the 18 years since the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) first launched Cybersecurity Awareness Month, much has changed about the way we all live and work. Even before the COVID-19 pandemic, organizations in all sectors were undergoing digital transformation and migrating infrastructure and service to the cloud. The widespread move to remote work in 2020 only served to accelerate the pace of change already well underway.

Yet, a new global study commissioned by Tenable and conducted by Forrester Consulting reveals that many employees continue to view cybersecurity as a hindrance rather than a benefit. The study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, surveyed 479 full-time employees working from home three or more days a week. While the vast majority (81%) consider protecting customer data to be somewhat or very important, more than half admit to using a personal device to access it. Equally concerning, the study reveals that:

  • More than four in 10 remote workers (44%) feel cybersecurity restrictions and policies make them less productive;
  • A third (36%) delay applying updates to their devices; and
  • Over a quarter (27%) admit to sometimes ignoring or going around cybersecurity policies. 

What do these findings mean for security leaders? It's safe to assume that, on any given day, a significant number of workers are avoiding basic cyber hygiene best practices, such as using only company-provided devices to access sensitive data, only accessing company systems and data via Virtual Private Network (VPN) and not connecting via public Wi-Fi.

So, what can be done about it? We believe it's time for a new approach, one that borrows on the concept of the shared responsibility model common in cloud computing. In this model, cybersecurity would be considered a corporate strategic objective from the top down. Every employee, regardless of position or rank, would have a "security scorecard" baked into their annual performance review metrics, given as much weight as the other measures of their success. Security leaders, in return, would commit to making it as easy as possible for employees to practice sound cybersecurity throughout their workday. 

6 tips for teaching employees how to be cybersmart

Moving to such a shared responsibility model is far more complex than it sounds. Creating a security scorecard for each employee would require robust asset management across business units so security leaders could have visibility into who owns each device or application and who they report to, and a centralized dashboard into which the findings could be continuously tracked. It would require careful attention to legal and regulatory concerns to ensure any measures put in place would respect the privacy of employees. And it would require significant resources to manage.

Yet, organizations can begin laying the foundations for such a model today. The following six tips offer ideas for how cybersecurity leaders can teach employees to be cybersmart:

  1. Start small. Identify one department or team within your organization and spend time with them. Learn how they work and ask them to identify any security practices and policies they feel are working well and provide honest feedback about the ones they feel are holding them back. 
  2. Make it seamless. Look for processes and solutions that reduce friction in the employee's workflow. Remember, the builders of consumer apps and devices prioritize engagement and ease of use; security tools and processes need to be engaging and easy to use, too, otherwise employees will avoid them.
  3. Ask for help. Consider working with your organization's human resources, internal communications or marketing team to find new ways to engage employees. You're the security experts, they're the communications experts. Joining forces could lead to fresh ideas on how to educate employees and implement a cybersmart culture.
  4. Explain the "why" behind your measures. Don't just tell employees what they need to do; help them understand why it matters to them. Show them how they can be part of the solution, not part of the problem. 
  5. Be available. Push your executives to include time for cybersecurity discussions during every companywide meeting so you can constantly reinforce the messaging and keep people up to date on new efforts. Schedule regular "ask me anything" sessions with employees so you can address any misinformation and encourage continuous learning.
  6. Make it worth their while. Understand what motivates employees and then build your program around that. For example, do employees at your organization respond primarily to financial incentives? Or do they prefer public recognition for their efforts? Does motivation vary by team or department? Take the time to learn what matters to everyone — ask what motivates the most zealous guardians and why the security scofflaws are avoiding your policies. 

While security leaders bear the greatest responsibility for keeping the organization safe, it's not something they can do in a vacuum. Building a cybersmart culture requires everyone in the organization, from the top down, to understand their roles and responsibilities. Finding the right mix of technologies, people and processes will help you increase the number of zealous guardians and reduce the number of security scofflaws in your organization. 

深入瞭解:

相關文章

您是否容易受到最新攻擊程式危害?

輸入您的電子郵件地址,以便收到最新 cyber exposure 警示。

tenable.io

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。

您的 Tenable.io Vulnerability Management 試用版也包含 Tenable Lumin、Tenable.io Web Application Scanning 和 Tenable.cs Cloud Security。

tenable.io 購買

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 項資產

選取您的訂閱選項:

立即購買

免費試用 Nessus Professional

免費試用 7 天

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買 Nessus Professional

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買多年期授權,節省更多。新增 365 天全年無休 24 小時全天候可使用電話、社群及對談的進階支援。

選擇您的授權

購買多年期授權,節省更多。

增加支援與訓練

Tenable.io

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。

您的 Tenable.io Vulnerability Management 試用版也包含 Tenable Lumin、Tenable.io Web Application Scanning 和 Tenable.cs Cloud Security。

Tenable.io 購買

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 項資產

選取您的訂閱選項:

立即購買

試用 Tenable.io Web Application Scanning

享受我們專為現代應用程式而設計,屬於 Tenable.io 平台一部分的最新 Web 應用程式掃描產品的所有功能。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

您的 Tenable Web Application Scanning 試用版也包含 Tenable.io Vulnerability Management、Tenable Lumin 和 Tenable.cs Cloud Security。

購買 Tenable.io Web Application Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

5 個 FQDN

$3,578

立即購買

試用 Tenable.io Container Security

享受整合至弱點管理平台中的唯一容器安全產品的完整功能。監控容器映像中是否有弱點、惡意軟體及政策違規的情形。與持續整合和持續部署 (CI/CD) 系統整合,以支援 DevOps 作法、加強安全性並支援企業政策合規性。

購買 Tenable.io Container Security

Tenable.io Container Security 整合了建置程序,能提供包含弱點、惡意軟體和政策違規等容器映像安全性的能見度,讓您無縫並安全地啟用 DevOps 流程。

試用 Tenable Lumin

透過 Tenable Lumin,能夠以視覺方式呈現 Cyber Exposure 並加以探索,長期追蹤風險降低狀況,以及對照同業進行指標分析。

您的 Tenable Lumin 試用版也包含 Tenable.io Vulnerability Management、Tenable.io Web Application Scanning 和 Tenable.cs Cloud Security。

購買 Tenable Lumin

聯絡業務代表,瞭解 Lumin 如何協助您獲得整個企業的深入洞見,並管理網路風險。

試用 Tenable.cs

享受完全存取偵測與修復雲端基礎架構錯誤設定及檢視執行階段弱點的功能。立即登入取得您的免費試用軟體。

您的 Tenable.cs Cloud Security 試用版也包含 Tenable.io Vulnerability Management、Tenable Lumin 和 Tenable.io Web Application Scanning。

聯絡業務代表購買 Tenable.cs

聯絡業務代表,以深入瞭解 Tenable.cs Cloud Security 如何輕鬆讓您的雲端帳戶上線,以及如何在數分鐘內輕鬆取得雲端錯誤設定與弱點的能見度。

免費試用 Nessus Expert

免費試用 7 天

Nessus Expert 是專為現代攻擊破綻所打造,它能讓您從 IT 到雲端洞察更多資訊,並保護貴公司免於弱點危害。

您已擁有 Nessus Professional 嗎?
升級至 Nessus Expert,免費試用 7 天。

購買 Nessus Expert

Nessus Expert 是專為現代攻擊破綻所打造,它能讓您從 IT 到雲端洞察更多資訊,並保護貴公司免於弱點危害。

選擇您的授權

促銷價格將至 9 月 30 日截止。
購買多年期授權省更多!

增加支援與訓練