In a short time the world has changed dramatically – and so has the world of work. New hybrid remotes and technologies have an impact on the world of office work বিশেষ especially cybersecurity এবং and signal that it’s time to acknowledge how interconnected people and technology actually are.
Activating a culture of fast-paced, cloud-driven collaboration is important for fast-growing companies, their position to innovate, outperform and outperform their competitors. Achieving this level of digital speed, however, brings with it rapidly growing cyber security challenges that are often overlooked or overlooked: Internal risk, When a member of a group accidentally – or not – shares data or files outside of a trusted group. Ignoring the underlying connection between employee productivity and internal risk can affect both an organization’s competitive position and its bottom line.
You cannot treat employees the same way you treat country-state hackers
Internal risks include user-driven data exposure events নিরাপত্ত security, compliance, or competitive nature যা that endanger the financial, reputation, or operational well-being of a company and its employees, customers, and partners. Thousands of user-driven data exposures and exfoliation events occur daily, which are accidentally triggered by malicious users for the purpose of user error, employee negligence, or damage to the organization. Many users accidentally create internal risks, collaborating to share and increase their productivity, by simply making decisions based on time and rewards. Other users create risks due to negligence and some have malicious intentions, such as a Employees steal company information To bring to the competitor.
From a cybersecurity perspective, companies need to consider internal risks separately from external threats. With threats like hackers, malware and country-state threat actors, the motive is clear এটি it’s malicious. But the intentions of employees who pose internal risks are not always clear – even if the impact remains the same. Employees may leak information by accident or due to negligence. To fully accept this fact requires a change of mindset for the security forces that historians have historically operated with a bunker mentality – in the siege from the outside, holding their cards to the West so that enemies do not gain insight into their defenses to use against them. Employees are not opponents of any security team or company – in fact, they should be seen as allies in dealing with internal risks.
Transparency Feed Trust: Laying a foundation for training
All companies want to end up with their crown jewel-source code, product design, customer list in the wrong hands. Imagine the financial, reputable, and operational risk that material information may leak before calling an IPO, acquisition, or earnings call. Employees play an important role in preventing data leaks and there are two important components to this Turn employees into internal risk allies: Transparency and training.
Transparency can be contrasted with cyber security. For cyber security teams who work with a hostile mindset suitable for external threats, dealing with internal threats differently can be challenging. Transparency is about building trust between both parties. Employees want to feel that their organization trusts them to use data wisely. Security teams should always start from a place of trust, assuming that most employees have positive intentions in their actions. However, in cyber security, as the saying goes, “believe, but verify” is important.
Monitoring is an important part of internal risk management, and agencies should be transparent about this. CCTV cameras are not hidden in public spaces. In fact, they are often accompanied by surveillance signs in the area. Leadership should make it clear to employees that their data movement is being monitored – but their privacy is still respected. There is a big difference between data observation Movement And read all employee emails.
Transparency builds trust – and with that foundation, an organization can focus on risk reduction by changing user behavior through training. At the moment, safety education and awareness programs are special. Phishing training is probably the first thing that comes to mind because of the success of moving the sweetie and thinking of them before the staff clicks. Beyond phishing, users don’t have much training to understand what, exactly, should and shouldn’t be done.
For a start, many employees don’t even know where their companies stand. What applications are allowed to use them? What are the engagement rules for those apps if they want to use it to share files? What data can they use? Do they deserve that information? Does the company even care? The cybersecurity team deals with a lot of words made by employees that they shouldn’t do. Can you cut that noise by answering this question?
Training staff must be both active and responsive. To actively change employee behavior, organizations should provide both long- and short-form training modules to instruct and remind users of optimal behavior. In addition, companies should respond to micro-learning approaches using bite-sized videos designed to address highly specific situations. The security team needs to take a page from marketing, focusing on repetitive messages to the right people at the right time.
Once upon a time business leaders Understand that inner risk It’s not just a cyber security issue that is closely linked to an organization’s culture and has a significant impact on the business, they will be able to innovate, improve and better position their competitors. In today World of hybrid remote and office work, The human element that exists in technology has never been more significant. So transparency and training are essential to protect information from being leaked outside the organization.
This content was created by Code42. It was not written by the editorial staff of MIT Technology Review.