In case you are a CEO there is a set of preventive measures you can take to ensure company’s security and employee trust.
1. Create a culture of information management. The employer needs to explain to the staff that the equipment, software, and information are the property of the company. As practice shows, employees often don't understand it, so the attitude to the safety of these resources is extremely negligent. The company must make clear that information is a serious issue, the growth of employee awareness will convert them into becoming more attentive ones, which reduces the number of incidents due to carelessness.
2. Regular training. According to statistics, advanced users open 30% of phishing emails, and 12% of these targeted users click on the malicious link or attachment.
That is, even those who are aware of phishing attacks fell prey to the threat. The reason is not only users being inattentive. Hackers are constantly mastering their attacks, for example, phishing emails and sites are increasingly difficult to distinguish from real ones. It is useful to conduct regular cyber training events that will keep employees updated and show the employer the real state of affairs of the company's vulnerability.
3. The control of information security. There are too many channels through which information can leak from the company. Along with external attacks become more complex. The company needs to gradually increase the arsenal of protective equipment. At the first stage, it is often enough to use antivirus programs, Windows administration tools, and employee productivity monitoring programs. Then companies start to feel the necessity to use Firewall, Proxy, IDS/IPS, DLP, and SIEM systems.
As regards employee monitoring, specialists access the reports automatically created by the system only in case of an incident or abnormal behavior – the irregularity or deviance is regulated in accordance with the needs of a company, i.e. can be tweaked in the security policy settings of a monitoring system.
The system isn’t focused on identifying a person and creating a register where all the user deeds are being logged – the solution’s concern is to identify a computer from which personal data or confidential information is being leaked or sensitive data is being poorly stored and to bring a specialist’s attention to an issue.
And if earlier professional info-security tools were a necessity only for large enterprises, now they are in demand for the SME segment.
4. The introduction of the responsibility. Signing the responsibility papers is a very important step towards improving the company's information management culture. At the same time, people should be aware of the consequences of non-compliance with internal regulations. For example, the Criminal Code of the Russian Federation, Article 183, presupposes a fine of 1.5 million rubles or 7 years of imprisonment for data theft, which discourages employees from stealing company's secrets.
5. Use monitoring systems to control suspicious activity within the corporate perimeter, scan and classify all the stored information in order to know what data is located on the company’s servers, whether it is sorted. File auditing systems help control and manage access rights so that you could be aware of who can and can’t process particular data, facilitate keeping track of user operations with documents tagged as a trade secret, personal data, etc., making it much easier to comply with such regulations as GDPR.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!