Motherboard CVI Edited I6.9
Cybersecurity

Cybersecurity 101

​The world is changing​

​Organizations today are faced with seri​ous IT security challenges in the face of an alarming rise in cyber threats. In response, organizations mostly rely on cybersecurity procedures and technology to protect their organization and systems. There is surprisingly little focus on how to enhance this protection through employees’ behavior.

As Todd Thibodeaux, president and CEO, CompTIA (Computing Technology Industry Association) points out, “We can’t expect employees to act securely without providing them with the knowledge and resources to do so. Employees are the first line of defense, so it's imperative that organizations make it a priority to train all employees on cybersecurity best practices.”​​​ (source).

Interior Of Office Building 325229

Why is cybersecurity awareness so important?

Of all factors within our organisations and systems, our people are most likely to expose us to risk. We need to change the way we approach the human security risk factor, to protect our people in order to protect our organisation, through cybersecurity awareness. But what exactly is ‘cybersecurity awareness’ and why is it so important?

Cybersecurity awareness is essential to creating a long-lasting security culture, where employees not only understand, but also act according to good security practices and where security conscious behaviour is a natural and integrated part of the working day.

Building a security culture within an organisation is a long term, sustained effort which requires ‘Reminding’, ‘Repeating’ and ‘Rewarding’ employees. The effort must be clearly supported and led by management. According to Todd Thibodeaux, “Companies cannot treat cybersecurity training as a one and done activity. It needs to be an ongoing initiative that stretches to all employees across the organization.”

The employees

Only by being ‘reminded’, practicing through ‘repeating’ and being ‘rewarded’ will employees learn to understand the cybersecurity challenges faced by the business and the important role they themselves play in protecting their organization from potential threats. Employees must gain specific (relevant to their role in the organization) awareness of what may seem to be an innocent action, may in fact open the door to the very real threat of becoming the victim of a cybercriminal. Seemingly innocent actions could include clicking on links, opening email attachments from an unknown sender, sending confidential information in plain email text instead of using encryption, sharing a password with a colleague over the phone, or charging a non-company mobile phone via an USB plug in a company PC.

This caution must become a standard mode of operation for employees without impacting customer friendliness or their collaborative attitude towards partners or colleagues. Rather, this cautious attitude should enhance the organizational image as a trustworthy partner for electronic communication and safe haven for the sensitive data of its business partners.​

 

Internet Screen Security Protection 60504

Benefits of applying awareness to your security initiative​

By understanding the importance of, and investing in, cybersecurity awareness as part of your security initiative, your employees become an active part of the journey and solution. The awareness will:

  • make security tangible and r​elevant to employees in their daily work
  • ensure that the security maturity level is gradually increased
  • ​ensure that leadership on all levels understand the important role they play in showing clear support, involvement in – and adherence to the initiative
  • ​​lay the foundation for a lasting security culture, anchored in the core values and strategy of your organization.​

 

What can you do to lay the foundation for a security mind-set?

Changing the mind-set to establish an IT security culture is a long term effort and can be difficult to execute - hence it is often not prioritised in the company strategy. However, some concrete actions you can take to ensure success in your cybersecurity awareness initiative are:

  • ​identify and engage relevant stakeholders early in security initiatives
  • conduct impact assessments to address all angles that the IT security initiative affects in your organization
  • define KPIs on short and long term for security maturity and baseline current level
  • design and implement a security awareness campaign, containing a:
  • specific Communication, Engagement and Training approach
  • training execution targeting relevant audience groups
  • ​measurement approach for long term sustainment to support the KPIs.

 

In NNIT we believe that employee behavior and actions are strong elements of a successful security initiative.​

 


Follow this link to get insights on current and future cybersecurity challenges


Are you prepared to protect your business-critical IT?

The global efforts to control and contain the COVID-19 pandemic is a blunt and brutal reminder of the necessity of solid Business Continuity Management. The widespread quarantine has suddenly made digital workspaces vital and cybercriminals are keen to take advantage. Do you have a plan in place to protect or recover the IT systems that are vital to keep your business running?

Read the full article here


We're a Managed Security Service Provider helping you manage your ​cyber-security strategy, processes, certifications, controls and compliance measures.​

Based on strong partnerships with solution providers, we can build a ​full-scale Cyber Defense Center. We can establish solid identity and ​access management solutions, assess your threat posture in real-time ​and respond to any threat fast.

See more here



New to cybersecurity? Educate yourself on the new digital realities and why cybersecurity awareness is essential to any business today. 

Click here to learn more 


How quickly can your employees spot potential security breaches? 

NNIT Cybersecurity Training in Virtual Reality is a new way of providing awareness to employees.

See more here




We are ready to assist you

NNIT has a large number of information security specialists ready to assist you. Together they have an enormous range and depth of competencies. We also have our own Cyber Defense Center, and if lightning strikes, we respond and assist you. Fast.

Read on to learn how our cybersecurity services can help your business stay compliant, secure, and future-ready.
Contact
ESKU

Esben Kaufmann

Head of Cybersecurity Consulting - Associate Vice President