It’s a common adage that employees are the weak link in corporate cybersecurity. But I believe they are also the best defense, if they are given policies that are easy to follow and not too numerous and complex. Employee security training and best practices need to be user friendly and simple to be effective.
The Key to Better Cybersecurity: Keep Employee Rules Simple
Employees are the main gateway into the organization for cyberattacks. As a result, they are also the first line of defense. So arming these “sentry” employees with information they need to identity attacks is a critical part of a company’s overall security program — and yet most companies fail at this. One of the big reasons security rules often don’t work is because they are so complex they drive people to take shortcuts that defeat their purpose. The single most important thing companies can do to shore up this first line of defense is to improve the relationship between IT and employees. Getting to know the employees, what their roles are, and how they work with technology, will increase the chance that they will report security issues and be more conscientious in their security practices. It also can help provide IT the information they need to tailor their security education and testing efforts to individuals. It will take collaboration like this within the organization to really change peoples’ habits and make a difference in keeping organizations safe.