When it comes to cybersecurity, organizations can’t afford to have a Superman complex – aka, believing they’ll never suffer from a cyberbreach. You’re not invincible, and whether you work for federal, state, or local government or a small or large corporation, you can fall victim to a cyberattack. And with cyberattacks occurring with great frequency in 2015, cybersecurity should be a top priority for every organization as they approach the New Year.
But for a lot of people, it’s easier said than done. Many organizations are struggling to protect their data, while also providing innovative services for their citizens.
Fortunately, in GovLoop’s recent online training, How Government Can Stay Safe and Innovative, cyber experts Elayne Starkey, Chief Security Officer for the State of Delaware, and Vaughn Stewart, Vice President of Enterprise Architecture at Pure Storage, shared how organizations can be innovative while also protecting their sensitive data.
“People, process, and technology is the centerpiece for our strategic cybersecurity planning effort,” said Starkey.
Our cyber experts discussed how these three centerpieces can strengthen your organization’s cybersecurity.
People. An organization’s employees are critical to the safety of its data and important information. It’s imperative that employees understand the importance of cybersecurity and know the organization’s security standards. “Phishing and social engineering is one of the most common cyberattacks,” said Stewart. These kinds of attacks can be prevented if an organization’s employees are trained to avoid them.
When employees are hired they should be required to complete security awareness trainings. This will provide them with information about the most common cyber risks so they know what to look out for and can protect themselves. Employees should be required to take the test every year to ensure the information stays fresh in their minds.
Process. Bring cybersecurity awareness to your organization. Being hacked is as easy as one employee clicking a bad link in a phishing email because he or she wasn’t paying attention. If you actively remind employees about cybersecurity then they’re more likely to think twice before opening a suspicious email.
Send out monthly newsletters, put up posters around the office — even in the bathroom — and create brochures, all containing information about cybersecurity. Any little reminder to help your workforce stay secure will be beneficial to your organization’s safety.
Technology. Organizations need to realize that cloud is a credible alternative to the traditional way that IT is delivered. This doesn’t mean you need to put all of your data in the cloud, but your organization can decide what data you want and don’t want to store there.
Cloud reduces your control of the information you have, but it can save your organization money. Be assertive with your provider to ensure security is a top priority. Your organization’s goal should be mitigate risks and maximize the benefits of cloud computing.
For more information on keeping your organization’s data secure, view the training on-demand here.