Embeddedadvisor
US
APAC
EUROPE
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Go to...
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
  • Categories

  • IP Design
  • Telecom
  • Wearables and Sensor
  • Consumer Electronics
  • IoT
  • Industrial Computing
Go to...
  • Categories

  • IP Design
  • Telecom
  • Wearables/Sensor
  • Consumer Electronics
  • IoT
  • Industrial Computing
×
#

Embedded Advisor Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Embedded Advisor

Subscribe

loading

THANK YOU FOR SUBSCRIBING

  • Home
  • Insights
  • Aerospace
Editor's Pick(1 - 4 of 8)
left
Will Artificial Intelligence Destroy Humanity?

David Tamayo, CIO, DCS Corporation

For Aerospace CIOs, I is For Information and A Whole Lot More!

Tammy Choy, Vice President and CIO, The Aerospace Corporation

Aircraft: Another End Point in a Complicated Network

Ken Green, CIO, NetJets

Airlifting the Aerospace Arena with Technology and People

Willie Krenz, CIO, The Aerospace Corporation

Aerospace Innovations

Kevin Larson, CIO, AAR CORP

Good UAS Policy and Innovation Comes Out of a Collaboration between Government and Commercial Stakeholders

Mike Trout, Executive Administrator of the Michigan Department of Transportation Office of Aeronautics and Director of the Michigan Aeronautics Commission, State of Michigan

Artificial Intelligence and Robotics: Challenges, Implications, and Opportunities for Autonomous Systems in Aerospace and Defense

Ravi Ravichandran, Ph.D., Director, BAE Systems Technology Solutions [LSE:BA]

Standard Solutions in the Aerospace Industry

Mark Keilholz, VP IT, Greenpoint Technologies

right

Information Security: Your People, Your First Line of Defense

By Eddie Borrero, CISO, Robert Half [NYSE:RHI]

Tweet

Eddie Borrero, CISO, Robert Half [NYSE:RHI]

A company can put together as many technology solutions or policies as it likes, but, in the end, its people are the most important element in information security. If the employees in your organization don’t feel personally invested in improving your organization’s security, your defenses will always be lacking.

"To turn your workforce into a team of information security advocates, you need to make security personal to them"

Firms that inspire in their employees a security mindset and personal sense of responsibility for keeping the business secure are definitely on the right track. According to research by Ponemon Institute, the average total cost of a data breach is more than US $3.6 million, and one in four organizations can expect to experience a breach. Also, cybersecurity breaches are only getting larger in terms of the number of files and accounts—and people—affected.

Your business may need to experiment a bit before discovering the secret recipe for turning your team members into information security advocates, but the effort is well worth it. At Robert Half, we’re taking steps to motivate our global employee base to view information security as a priority. We’re continually looking for new ways to engage our staff, so they want to get involved in helping the business adopt and apply best practices.

To turn your workforce into a team of information security advocates, you need to make security personal to them. This means helping them understand that lax security practices don’t just impact the mat work, they also hit the mat home.

One strategy we use to do this in our organization is our “Data Defenders” program. It gamifies security, and is designed to help employees feel more personally invested in protecting our company and its data and systems. Here are a few things we’ve learned so far from our work on this initiative that you might find useful as you create your own programs:

1. Build your Security Messages into your Culture

Our campaign focuses on educating people using every communication channel in our company—newsletters, posters, intranet sites, town-hall meetings, videos, annual trainings, and more. A multipronged approach to communication helps ensure we reach every employee in the format that speaks personally to them. They need to plainly see that the program you’re promoting isn’t just a mandate from IT or compliance, but a company wide effort supported by business leadership. When professionals observe their leaders and coworkers all striving toward a common goal, they often want to join in. And today, with so much news about data breaches in the spotlight, they can easily see the relevance and value in shoring up security efforts.

2. Forget a ‘One-Size-Fits-All’ Approach

Generic education about security doesn’t work. You need to tailor it, personalize it. That’s why we’re now experimenting with “personas” that represent different types of people in our company. The personas tie back to how people work, and what their roles are. We’ve identified the security risks for each persona—for example, the kinds of phishing an employee in accounting might encounter—and what people who fit those personas can do to help protect the company.

We’re just starting to introduce personas as part of our annual security awareness training. But we think they’re going to go a long way toward helping our employees make a strong connection between security risks and their day-to-day work experience.

3. Create Master Data Defenders

We’re now developing a “master” version of our Data Defenders program where employees volunteer to take formal, specialized training to understand the security gaps and risks in their specific areas of the business. I would help them set goals, and once they achieve them, they would earn the designation of a “Master Data Defender.” The company would recognize their success and provide them with a financial reward.

The whole idea of this master program is to encourage employees who are already passionate about information security to learn even more, and then take that knowledge back to their department. They become our experts “on the ground,” helping other employees become more security-minded.

4. Get Buy-In at the Top

I am convinced that no information security program will succeed unless a company’s leadership also feels passionate about the cause of improving security, and views it as a critical part of business strategy.

The good news is that top leadership, busy as they are, will likely be receptive. That includes the board of directors. The ‘National Association of Corporate Directors’ (NACD) 2016– 2017 Public Company Governance Survey found that almost one-quarter of boards are dissatisfied with the reporting that management provides on cybersecurity. So, there is clearly an opportunity to reach out, and I encourage you to do so sooner than later. You also might want to consider enlisting help from internal audit leadership, given that they already have the ear of senior management and the board.

Information security risks are always changing, so your program must keep changing, too. Most breaches can be prevented if a human does something differently—not clicking on a link, not opening a suspicious attachment, keeping passwords secure, the list goes on. Our job is to equip our employees with relevant knowledge they can use to keep our business secure. Front line defense is ultimately the best offense in keeping your data secure.

Read Also

Aerospace Innovations

Aerospace Innovations

Kevin Larson, CIO, AAR CORP
Good UAS Policy and Innovation Comes Out of a Collaboration between Government and Commercial Stakeholders

Good UAS Policy and Innovation Comes Out of a Collaboration between Government and Commercial Stakeholders

Mike Trout, Executive Administrator of the Michigan Department of Transportation Office of Aeronautics and Director of the Michigan Aeronautics Commission, State of Michigan
Artificial Intelligence and Robotics: Challenges, Implications, and Opportunities for Autonomous Systems in Aerospace and Defense

Artificial Intelligence and Robotics: Challenges, Implications, and Opportunities for Autonomous Systems in Aerospace and Defense

Ravi Ravichandran, Ph.D., Director, BAE Systems Technology Solutions [LSE:BA]
Standard Solutions in the Aerospace Industry

Standard Solutions in the Aerospace Industry

Mark Keilholz, VP IT, Greenpoint Technologies

Weekly Brief

loading
Top 10 Aerospace Solution Companies - 2018

Aerospace Special

Featured Vendors

  • V-Cubed Solutions: the New Paradigm for Software Testing
    V-Cubed Solutions: the New Paradigm for Software Testing
  • Alpha-Numero Technology Solutions: A Testimony of Trust and Excellence
    Alpha-Numero Technology Solutions: A Testimony of Trust and Excellence
  • Octo Telematics: Empowering Auto Insurance with Intelligent Telematics
    Octo Telematics: Empowering Auto Insurance with Intelligent Telematics
  • MRS Electronic: Providing End-End Connectivity
    MRS Electronic: Providing End-End Connectivity

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

Copyright © 2021 Embedded Advisor. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.
follow on linkedin follow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

aerospace.embeddedadvisor.com/cxoinsights/information-security-your-people-your-first-line-of-defense-nid-262.html