As 2018 draws to a close, many people will make New Year’s resolutions. They’ll vary — we may promise ourselves to exercise regularly, travel to a new country, or read more books. Apart from personal resolutions, why not include some for your organization — especially those that involve better cybersecurity practices. Whether this means more timely or thorough compliance or a more cyber-aware organization, these resolutions could be the most important ones you make. And if you’re not exactly sure where to begin, here’s a suggestion for 3 smart security and compliance resolutions to help you become cyber risk-aware.
Compliance Resolutions ensure compliance with all relevant regulations
Most organizations are required to abide by certain regulations, for example:
- General Data Protection Regulation (GDPR) – sweeping mandates related to the handling and retention of the personal data of European citizens. Fines for violations can be considerable, and potentially crippling.
- Anti-harassment training – while many states require some form of anti-harassment training, preventing sexual harassment and other forms of workplace harassment is everyone’s responsibility.
- Payment Card Industry Data Security Standard (PCI DSS) – adherence to this standard is required for most organizations that process credit cards, either in-person or online.
- HIPAA – relevant for businesses or organizations that deal with any sensitive medical information.
Some compliance audits mandate that businesses provide proof of company-wide training, so your compliance training must be verifiable and complete. Once you understand your compliance requirements, the next step is to ensure proper education for employees and make them cyber risk aware. GLS offers a wide range of compliance training designed to target each of these regulations, including many of the state-specific mandates.
Equip employees to handle the highest-priority risks
Determining your top risks and implementing training accordingly is a sensible approach for your security awareness program for security and compliance. Start by asking these questions:
- What are our most common industry-specific threats?
- Based on previous breaches and security incidents, where do employees need the most training and reinforcement to help prevent them in the future?
- Are particular job roles susceptible to particular threats? For example, consider the unique challenges that developers are likely to encounter, and provide training on secure coding best practices.
Your answers will guide you to the security and compliance training courses and reinforcement materials that will prepare employees to handle the most likely, or most serious, security risks they might face.
Stay up-to-date with current cyber threats, and prepare accordingly
The threat landscape changes rapidly, and it can be difficult to keep up with advancements in common vectors like spear-phishing and ransomware. As a security professional, make it your goal to keep track of potential dangers that are on the rise and keep users informed.
- According to CSO Online, 2019 is likely to be a big year for “malware-as-a-service” (pre-packaged malware sold on the black market), AI-centric threats, and cloud attacks. If any of these threats apply to your employees, either in the workplace or at home, consider how you can begin taking precautions now.
- Organizational breaches in the news can provide important lessons about the techniques hackers are using, as well as which vulnerabilities organizations must address. Understanding these threats could prove indispensable as you focus and maintain your security efforts.
What Can You Do?
You’re not alone in making your training plans for 2019. Global Learning Systems offers compliance training for these regulations and concepts: