Organizations look to IT professionals for tools and services to protect them from cyberthreats. But IT can only get them so far. Two-thirds of the way, in fact, according to the CIA (Confidentiality, Integrity, Availability) Triad. NIST (National Institute of Standards and Technology) calls the CIA Triad “the fundamental guiding principle of cybersecurity.”
According to Gartner 69% of end-users violated their organizations’ cybersecurity practices the past year1. So how do we counter this trend? Eric Sokolowski president of Bryley education partner Knowledgewave2 advocates a “drip-drip” method of Security Awareness Training. Maybe you’ve seen it yourself: corporate training is often piling on a lot with enthusiasm at the start and then the subject fades away till it no longer seems important and maybe just a dim memory. Cybersecurity training cannot be thought of or treated like that. The threats are continuous and continually evolving. Cybersecurity training is more akin to the ‘last one out lock the door,’ only these door locks have to keep changing as the burglary tactics change.
What Is Meant by Confidentiality?
In Knowledgewave’s course on end-user responsibility in cybersecurity, presenter Dan St Hillaire offers the following guidelines of responsibility for each employee:
Understanding of organization’s data-handling policies, including acceptable-use policy, Incident Response Policy and remote-work policies
Don’t take data off-site or beyond organization’s network
Protecting user IDs and passwords
Protecting physical workspace and devices
Identifying potential risks
Don’t snoop, that is, do not access information that’s not germane to your job
In the security triad there are two legs that are largely IT’s responsibility: data integrity (like through an encryption scheme) and availability (like disaster recovery). The third leg is data confidentiality (for example using strong passwords) and its viability depends on end users’ behaviors.
IT departments and providers can help supply your organization with the tools and strategies for a healthy cybersecurity posture. But it can all fall down if employees fail to follow sound practices.
One of the best methods to gain employee cooperation is through regular “drip-drip” training, so they are continually reminded, continually refreshed about the importance of:
not photographing login credentials with their phones
checking emailed links before they click
not getting fooled by a familiar email account that’s been hijacked
and, unfortunately, many more.
It is only with your employees’ cooperation that the cybersecurity thing really works. Have you seen the numbers on how often breaches occur due to employee behavior? (82% of all breaches, per Verizon 2022 Data Breach Report3).
Bryley has helped train employees about their role in securing their businesses since 1987. For more information about Bryley Security Awareness Training for your organization, please complete the form, below, call 978.562.6077 or email ITExperts@Bryley.com.