We live in the digital age, where information is shared at an astronomical rate. Since remote working has become the “new normal” in a very short space of time, many companies are entering uncharted territory when it comes to managing their information security risks.
Identifying potential cyber threats and creating policies to protect the business is the first step but these efforts will be futile unless staff are educated on these threats and comply with company policies.
The Importance of Information Security Awareness
“Since most employees are working from home, beyond the safety of the organisation’s firewalls, it only takes one wrong click to put the company’s sensitive information at risk,” says Yolandi Moodley, Senior Managing Consultant for Mobius Consulting. “When it comes to cyber security attacks, it is more often than not as a result of human error.”
How to Set up an Information Security Awareness Campaign in 3 Steps
The goal of an ad hoc information security awareness campaign (focusing on COVID-19 related cyber threats) is to make sure that employees and relevant stakeholders are informed about what must be done to protect a company’s valuable information. As a result of the recent surge in cyber threats due to the COVID-19 pandemic, companies must be prepared for remote working.
1. Identify Unsecured Entry Points
Remote users are an easy way for hackers to gain entry to an organisation’s information due to the use of unsecured devices or networks that sit outside of the company’s network firewalls.
The first step towards managing a company’s information security is to identify which entry points are not secure. Below are a few examples of entry points that need to remain secure:
Computers and servers
Employees mobile devices
Unsecured WiFi network
2.Create a Crisis Team and an ad hoc Awareness Strategy
Establish an ad hoc crisis team that can come together and update all of the necessary information security and acceptable usage policies. This team can also quickly create an ad hoc information and security awareness strategy. When an information security breach has been detected, this team needs to be able to identify what information should be shared with key stakeholders in order to swiftly secure the organisation.
An ad hoc information security awareness strategy should include detailed steps that explain to staff and end users:
How to ensure that your device is secure
How to identify risky emails
What security software to install to secure your device and network
In the wake of the COVID-19 pandemic, Mobius Consulting has created an easy to implement user readiness assessment that will allow you to establish how ready your employees are for remote working and how informed they are on information security.
3.Information Security Awareness for Staff
When educating employees on the critical aspects ofinformation security, impactful communication is key to getting the message across. An excellent way to communicate valuable information in a way that will resonate with employees is infographics or short educational videos.
It’s essential to set up platforms to securely and efficiently share information with your employees. Below is a list of platforms that can be used to spread the message:
KnowB4 platform is a preferred Mobius Consulting partner and an effective platform that includes many of the tools below under one platform
Video messaging and webinar platforms like Zoom or Microsoft Teams
Quizzes are a quick way of getting the information you might need in terms of understanding the level of staff knowledge and risk
“Most fear comes from a lack of knowledge. Once threats have been identified, the veil is lifted and an action plan can be established to gain control over the situation,” says Yolandi Moodley. “Having the proper security measures in place goes a long way in safeguarding an organisation against digital threats.”