Encourage safe behaviour
It is important to encourage safe behaviour in your company to become more resilient to digital threats. You can achieve this by making employees aware of risks, training them to deal with incidents, and making sure people feel safe enough to report anything that goes wrong. Technical solutions can help with this. Examples include spam filters to detect phishing, 2-step logins, and the use of password managers. By investing in your people, you make them a strong first link in your cybersecurity chain.
Why this basic principle?
In most cyber incidents, people play a role. This is not surprising: there are countless interactions between people and systems every day, and sometimes things go wrong. For example, a small mistake can cause a data breach. Cybercriminals also use clever techniques to provoke behaviour that compromises security. Examples include phishing emails, social engineering, and other forms of cybercrime.
What can you do?
Build your security culture
Admitting mistakes is never pleasant. But detecting a cyber incident early on is crucial if you want to limit its consequences. By actively encouraging your employees to report incidents, rewarding those who do, and making it easier to report incidents, you create a culture where people feel safe and empowered to do so.
Help employees with awareness and training
Most cyber incidents are caused by human error. Employees can unintentionally cause significant damage by using an infected thumb drive, being careless with (weak) passwords, or failing to recognise a phishing email. Cybercriminals cleverly exploit people's naivety and laziness. So, awareness of cyber risks is very important for preventing incidents. Help your employees learn about cyber incidents and how they arise.
Are your employees sufficiently aware of the dangers and possible consequences? Help them by offering cybersecurity training, or a quiz. Or roll out an awareness campaign (in Dutch). A cyber crisis exercise (in Dutch) helps your employees practise the best response to a crisis situation. Such an exercise can save you a lot of time and mistakes when a real cyber incident happens. Also, teach your employees what to do if things go wrong unexpectedly.
Support employees with technology
Security measures may seem safe, but they can still cause difficulties for your employees. For example, the enforcement of strong passwords. If someone has to first come up with strong passwords, then remember them, and also do so for many different accounts, you can expect them to choose an easy-to-remember (weak) password and reuse it for multiple accounts. The technology does not take human behaviour into account enough, resulting in less secure behaviour. There is another way. Consider, for example, user-friendly password managers or making it easier to report phishing by adding a “report button” in your email programme. Use technology to help people make safe choices.