If staff members are not taught to be safe online, they are not going to know how to be safe online.
It’s a simple reality but an important one for all businesses to understand, explained Robyn Bartlett, security awareness co-ordinator for DRS, at the Cape Town leg of ITWeb Security Summit 2019.
Speaking to staff about phishing often elicits the common response: “IT will protect us.”
Stress the value of having secure/unique passwords and they will say it’s a hassle. Try to educate them about how their use of social media in the office could put the organisation at risk and they will moan that social networks are “personal” and have “nothing to do with business”.
Employees also do not know about social engineering or cookies.
“The reality is that users are not being educated. They’re not learning about these things at school and their limited understanding is having an impact on global business environments.”
Bartlett advised organisations to approach training users carefully because no one likes change. For starters, be sure to tailor the training strategy to the people it needs to teach. This can be complex in a multi-generational workforce but it is important, she explained.
For example, Gen X likes to learn at their own pace. Generation Y is curious and wants everything on demand. Gen Z has a very short attention span and prefers interactive/exciting content to big chunks of information.
Similarly, there are different learning styles; some of us are visual and some are aural, some social and others logical.
“Having said all this, it doesn’t matter who you are training, your training needs to be more exciting and engaging.”
The IT team is usually known as the “bad guys” because they are the ones blocking people and restricting users, she continued, noting this is a perception that needs to change. IT should be seen as superheroes, not policemen, she said.
Similarly, they should be approachable. Often, users feel they will get into trouble if they do something wrong.
Security awareness needs to become part of the company culture, not just an endless list of do’s and don’ts, she stressed.
“Building a secure environment starts on the inside.”
Share