Intelligent CISO Issue 35 | Page 39

FEATURE the ramifications their actions can have should lead to improvements in how these individuals respond when confronted with a suspicious email or website , even while working from home .
When employees know what is expected and feel like they are a part of the team , they are more encouraged to follow best practices and help chip away at the behaviours that cause accidental insider issues , such as forgetting to change default passwords or neglecting to use strong passwords . And as more employees follow suit , the human firewall acting as the first line of defence to the organisation will only grow stronger .
3 . Establish straightforward best practices
Even once employees are made aware of what to look for in the case of a social engineering attack , they may still need some guidance when it comes to next steps . While it is easy to ignore or delete a suspicious-looking email , what about those that appear normal that the receiver is still unsure about ? In this scenario , CISOs should encourage employees to ask themselves certain questions to help make the right judgment call : do I know the sender ? Was I expecting this email ? Is this email invoking a strong emotion like excitement or fear ? Am I being told to act with urgency ?
While these questions should help clear up any confusion in regards to whether the email is malicious , the receiver should still take extra steps to protect themselves and their organisation . This includes hovering over links to see if they are legitimate before clicking , not opening unexpected attachments , calling the sender to verify they actually sent the email , and reporting all suspicious emails to the IT or security team . By explaining these steps to their employees from the beginning , CISOs can avoid negative repercussions down the line .
The ability to be cyber-aware is a critical piece of the puzzle when it comes to keeping organisations secure . Whether employees realise it or not , their actions could open the door for cybercriminals to access sensitive information , meaning passivity towards security is no longer acceptable . By prioritising training and collaboration between departments and the security team , CISOs can lay the groundwork for a strong culture of security . Identifying suspicious behaviours , keeping devices up to date and practicing safe cyber behaviour should be built into the fabric of all job roles to ensure that the human firewall continues to stand firm . u www . intelligentciso . com
39