BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

SCNY: Companies should consider making IT security learning fun

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 22 Oct 2015 18:48:57 -0600
http://www.scmagazine.com/scny-death-to-social-engineering-long-live-your-employees/article/448295/

A panel of security professionals at the SC Congress in New York agreed
that instead of using phishing email "social engineering" tests to raise
security threat awareness among employees they should turn it into a game.

During the October 20 panel, its members said companies could benefit by
turning these tests, that are designed to increase employee awareness of
internet security issues like phishing, into competitions between different
offices or departments. Instead of secretly testing staffers.

Bruce McCulley, senior information security specialist, U.S. Senate –
Sergeant at Arms, said that companies should keep in mind that their
employees want to do the right thing. He pointed out that by turning social
engineering tests into a game and keeping score you can monitor progress
and give employees an incentive to practice safer habits that don't
interfere with their workflow as much.

McCulley added that companies should point out to employees that it's in
their best interest that they understand cybersecurity. And not just for
the safety of the business, but also on a personal level.

Michael Lamberg, vice president, CISO, at OpenLink Financial told the
audience that security officials should look to “find a hook” that helps
their employees put cybersecurity in to perspective that will help them
view internet safety similar to how they view their safety in the real
world.

James Gabberty, professor of computer science and information systems at
Pace University, said companies should also not be judgmental when helping
their employees understand cybersecurity.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: