Peopleware: a business riskdownload.microsoft.com/documents/CEEHQ/rethink-IT...can be your biggest...

Date post:	10-Aug-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Download Report this document

Share this document with a friend

Embed Size (px):

© 2016 Microsoft Corporation. All rights reserved. 8 tips for educating your employees about IT security Technology can help you protect your business but it isn’t enough. A malicious employee can bypass the best software security protection and never underestimate the ability of ignorant or incompetent people to break things. In other words, your people can be your biggest security weakness. Here are some tips to turn them into your greatest strength. 1. Make it part of onboarding new staff. Develop a simple course that everybody in the company has to take when they start working for you. Use an exam or test to make sure that they pay attention. People are highly motivated to learn during the honeymoon of their employment so this is a good time to teach them about security. 2. Give regular refresher courses. Give everyone in the company an annual update about security. Share the latest security news and threats and make sure that everybody is up to date. 3. Use stories and examples. The language of IT security can be dry, technical and rather dull. Use stories and real-world examples to make it more personal and immediate. 4. Make it a CEO priority. Senior management should show that they take security seriously. For example, they should join other staff for the annual refresher course and they should include security news in their regular communications with staff. 5. Offer a rogue IT amnesty. Employees that set up their own IT systems, such as wireless access points or unau- thorised online applications, can create serious security vulnerabilities. It’s better to know about them and so you can periodically offer an amnesty and ask people to register any ‘rogue IT’ from time to time. 6. Share a security tip of the week. Send a weekly email to everyone with a short IT security tip, such as an example of a fake, phishing email or a suggestion about how to choose better passwords. Keep the email short, useful and link to authoritative websites for more information. 7. Promote strong passwords. Hackers can use software to guess simple passwords so it is important that everyone uses strong passwords, especially for critical company systems. Make sure everyone understands the company password policy and help people pick strong passwords. 8. Learn from your mistakes. Create a culture that encourages people to report problems, ask questions and be open about security issues. This will allow the company to improve its security posture and share best practice. Peopleware: a business risk

Transcript

Page 1: Peopleware: a business riskdownload.microsoft.com/documents/CEEHQ/rethink-IT...can be your biggest security weakness. Here are some tips to turn them into your greatest strength. 1.

8 tips for educating your employees about IT security Technology can help you protect your business but it isn’t enough. A malicious employee can bypass the best software security protection and never underestimate the ability of ignorant or incompetent people to break things. In other words, your people can be your biggest security weakness. Here are some tips to turn them into your greatest strength.

1. Make it part of onboarding new staff. Develop a simple course that everybody in the company has to take when they start working for you. Use an exam or test to make sure that they pay attention. People are highly motivated to learn during the honeymoon of their employment so this is a good time to teach them about security.

2. Give regular refresher courses. Give everyone in the company an annual update about security. Share the latest security news and threats and make sure that everybody is up to date.

3. Use stories and examples. The language of IT security can be dry, technical and rather dull. Use stories and real-world examples to make it more personal and immediate.

4. Make it a CEO priority. Senior management should show that they take security seriously. For example, they should join other staff for the annual refresher course and they should include security news in their regular communications with staff.

5. Offer a rogue IT amnesty. Employees that set up their own IT systems, such as wireless access points or unau-thorised online applications, can create serious security vulnerabilities. It’s better to know about them and so you can periodically offer an amnesty and ask people to register any ‘rogue IT’ from time to time.

6. Share a security tip of the week. Send a weekly email to everyone with a short IT security tip, such as an example of a fake, phishing email or a suggestion about how to choose better passwords. Keep the email short, useful and link to authoritative websites for more information.

7. Promote strong passwords. Hackers can use software to guess simple passwords so it is important that everyone uses strong passwords, especially for critical company systems. Make sure everyone understands the company password policy and help people pick strong passwords.

8. Learn from your mistakes. Create a culture that encourages people to report problems, ask questions and be open about security issues. This will allow the company to improve its security posture and share best practice.

Peopleware:a business risk