Any recommendations for educating employees about insider risks? What are some best practices you've found effective / what resonates most?
CISO in Software, 10,001+ employees
Based on my experience, one of the best practices companies can perform is to create and (mandate) employee training based on real world scenarios and events that have occurred previously inside the company (with names and people anonymized). Information and Security Office & Enterprise Data Governance/AI in Finance (non-banking), 1,001 - 5,000 employees
Just to be clear: Not all Insider Risks materialize into Insider Threats, but all Insider Threats originate from an Insider Risk. Educate Users as part of the Cybersecurity Training and Awareness program (annual or bi-annual training). Ensure it is aligned with organizational risk appetite.
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Couple suggestions - 1. Continious employee training program
2. Incentivise the positing reporting
3. Provide sample use cases, if possible from past incident without disclosing the employee details
4. Create sense that security team is monitoring.
Strategic Banking IT advisor in Banking, 10,001+ employees
We have a pretty good training strategy that includes many different topics: insider risks, security, data protection, accountability, etc.It's always interactive with videos and some questions to answer (kind of an exam).
Some training are mandatory and dashboards are available to managers.
With this, everyone will not only see the training but need to succeed the final exam (5 or 6 questions).
All year long, new material is being produced on multiple subjects.
And it's all managed through Workday.
Finally, every employee could access its Security Dashboard where a gauge indicates his level of awareness. And mandatory trainings also show up on the dashboard.
Content you might like
Yes43%
No57%
347 PARTICIPANTS
Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
Using relevant examples to help underscore the importance of adhering to policies is key because it helps your messaging resonate. The MOVEit breach has impacted hundreds of companies and millions of individuals, so using ...read moreMore than adequate13%
Adequate75%
Less than adequate10%
Completely inadequate1%
223 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.VP of Engineering in Healthcare and Biotech, 11 - 50 employees
I read "vendor" here to mean someone primarily providing a SaaS or PaaS, or even a desktop, web or mobile application, or code library.If that is correct, then it can be extremely hard to price.
Most ...read more