The National Institute of Standards and Technology, NIST, recently released a draft guide entitled, "Cybersecurity is Everyone's Job." The first sentence states, "The human is the the greatest vulnerability in every organization." This is so true.
"...the largest “attack surface” of the organization is you and me—the people who perform common functions: Leadership, Planning, and Governance; Sales, Marketing, and Communications; Facilities, Physical Systems, and Operations; Finance and Administration; Human Resources; Legal and Compliance; and routine Information Technology operations. Therefore, cybersecurity is everyone’s job."
Many organizations put the responsibility of cybersecurity solely on the shoulders of the IT department, but effective security must be company-wide. All of the security policies in the world won't help if employees are not actively doing their part. Only when everyone is working together to minimize risks can the people become the greatest asset, instead of the greatest vulnerability.
This NIST guide focuses on the importance of building a cyber secure culture, and goes into detail with guidelines for several business functions, including:
- Leadership, Planning & Governance
- Sales, Marketing & Communications
- Facilities, Physical Systems & Operations
- Finance & Administration
- Human Resources
- Legal & Compliance
- Information Technology
Common cybersecurity guidelines, regardless of job function:
- Exercise caution when using information systems; if you are unsure or sense you may be doing something risky, seek guidance from responsible individuals.
- Fully understand your role and take personal responsibility for knowing how your organization addresses cybersecurity risks.
- Know how to handle, control, store, transfer and dispose of information in your organization.
- Protect your assets by safeguarding your computer and mobile devices.
- Follow your organization’s security procedures for facilities and prevent unauthorized access via social engineering tricks (i.e. phishing).
- Use the best authentication capabilities your organization offers for controlling access to computers, mobile devices and the information services and applications you use
- Use encryption for information in transit and at rest.
- If you work from home, secure your home devices and connections.
- If you travel, know how your organization wants you to secure your connections back to the organization through public networks.
- Know your organization’s policies and practices for using personal devices for work.
- Know your organization’s security incident reporting policy and contacts.
Not sure if your organization is cyber secure? BizTech can help!