security protocols – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР

How, and when, to divvy consequences to employees for breaching security policy

riskacademy — Sat, 29 Aug 2020 01:35:40 +0000

A recent study out of the U.K. suggests that organizations, fueled in part by security challenges during the pandemic, are beginning to impose harsher consequences on employees who breach security policy.

Nearly 40 percent of respondents said they had dismissed employees for such transgressions, according to the report from Centrify.

While security leaders often pay with their jobs for lapses that lead to breaches at their companies (think Target and Uber), organizations long have struggled with how to handle everyday employees who step outside the bounds of security protocols either deliberately or inadvertently.

“Handling employees that run afoul of company security policies requires walking the line between promoting accountability and enforcing standards on one hand, while also cultivating honesty and openness about activities that may present risk,” said Tim Wade, technical director, CTO team, at Vectra. Clear ramifications also “incentivizes timely self-reporting to give the security team the lead time they may need to take action before any resulting damage may be done.”

Companies typically have been hesitant to impose more severe punishment,…

How to Use Risk Management Techniques to Improve Remote Work

riskacademy — Sat, 30 May 2020 17:08:01 +0000

Companies around the world quickly transitioned into remote work after coronavirus started spreading. Thanks to advanced technology, it’s possible to work from home and connect with colleagues. However, the use of technology comes with its set of challenges, especially in cybersecurity. For companies that adjusted suddenly without formal planning, performing thorough risk assessments, and identifying risk management techniques is now more critical than ever. By understanding the security risks associated with remote work, you can choose to either avoid, mitigate, transfer, or accept the risks.

Performing a Risk Assessment

A risk assessment helps you identify all company devices, data, threats, and impacts of risks. The assessment includes identifying, analyzing, and prioritizing the cyber risks of remote working.

Conduct an IT Audit

The purpose of an IT audit is to help you gather information about your network, your security protocols, and your vulnerabilities. The audit should target all aspects of your IT environment, including the staff. You can either perform the audit with your internal IT team or outsource it.

Even if everyone is home, confirm the…