Use of employer-owned cyber equipment is so ingrained in people that many workers might not realize they are breaking rules or breaching protocols when they stop work to surf the Internet.
What they also might not realize is that by visiting the World Wide Web they could be leaving their employer’s system open to various types of cyberattacks.
Speaking at the Nonprofit Risk Management Center 2016 Risk Summit, Jim Jackson, director of campus operations and IT at Momentous Institute, and Paul Henry, network administrator/engineer at Momentous Institute, said that an organization can protect itself by educating employees about the risks and maintaining an ongoing enculturation to ensure that old lessons stay learned and new ones can be learned quickly.
That means the following for training:
- Provide real world examples of the types of risks that exist.
- Define all terms that might be confusing to the less tech savvy.
- Teach employees how to recognize a potential cyber incursion.
- Underscore the fact that employees are an important part of the solution. It is not IT holding this risk alone.
Ongoing enculturation should include:
- When management learns of specific threats or new schemes, get an email alert out to users so they can be part of the defense.
- If the organization has an employee newsletter, consider adding an “IT Corner” that has useful tips and reminders about risks.
- Make time for discussion of IT issues at executive and board meetings.