Enterprise teams would be wise to begin implementing an action plan that will help guide employees toward making better cybersecurity decisions in their day-to-day work.
This is the final article in a five-part series from TAG Cyber focused on how positive influences on employee behavior can improve cyber risk posture. Read the other articles here.
‍
Enterprise security teams will benefit from reviewing their existing approach to supporting, guiding, and training workforce teams on security decision-making. Most companies will find that they have implemented a security awareness program with phish testing, but often little more. While every organization has a different baseline posture, the following steps will generally apply to improving workforce security decisions:
‍
Any plan for improving the security of workforce decision-making must start with a posture assessment of existing strengths and weaknesses. The security team should review whether significant incidents have occurred (or been avoided) as a result of employee behavior. Existing awareness, training, and user testing should also be identified and documented.
‍
The security team is advised to identify reasonable improvement objectives for workforce security decision-making. This can be done informally as a series of stated goals, or it can be embedded into a more formal quantitative risk objective, usually expressed in a “from-to” statement where an existing level of unacceptable organization cyber risk is reduced to a more acceptable level.
‍
Since effective automated platforms now exist that can guide the workforce toward improved security decision-making, security teams are advised to spend time in commercial source selection to review platform options. As one would expect, the TAG Cyber team recommends that the Nudge Security solution be included in the source selection process since the solution includes many desirable attributes as described in this series.
‍
The final step is to begin planning the integration of the selected workforce security platform into suitable and applicable business workflow. This is likely best done with assistance from the vendor, especially since this capability is new, and few security teams will have experience applicable to this type of control. As always, TAG Cyber analysts are available to assist enterprise teams with this process.
‍
Once the Nudge Security platform is in place across the enterprise, the protection benefits to the organization should begin to emerge. The main objective, obviously, is not to just get the platform deployed, but rather to engage in using the automation and platform features to empower and guide employees toward proper security decision making. Once in place, cyber risks should begin to wane as employee-related incidents reduce in frequency and intensity.
‍
‍Start your free, full-featured 14-day trial of Nudge Security today.
