Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
Table of content
Companies around the world strive to have that perfect corporate culture in which employees are not only friendly and relaxed, but also efficient and productive. This type of environment makes employees happy, which consequently makes their customers happy. However, this idyllic corporate culture creates a false sense of security because it’s built on trust rather than security and provides cyber-criminals with the perfect opportunity to strike.
An organization can have secure firewalls, servers, and workstations, but if their corporate culture is too lax, their entire network is at risk. Considering the effect that a security breach can have on an organization’s reputation, employees, and customers, a company’s corporate culture should be built with security at the forefront so it becomes second nature.
Security culture is a collection of practices, processes, and procedures designed to minimize security risk and create a shared mindset among the workforce that effortlessly embeds security into all aspects of the organization. Everyone from the CEO to the first rung of the proverbial corporate ladder plays an equally important role in cyber security, and all employees must understand their responsibility in preventing security incidents.
Every corporate culture is different, so we provide four tips that allow you think about your own culture to determine if it puts you at greater risk of a security incident.
In many companies, there is a stigma around being “patient zero” with regard to security incidents. Companies with a poor security culture may either ostracize or take disciplinary action against employees who cause security incidents, which makes them less likely to report incidents for fear of embarrassment. If employees don’t report security incidents, it takes much longer to detect, isolate, and ultimately resolve the problem.
Although nobody wants to be the employee that caused their entire infrastructure to be crippled by WannaCry ransomware, a company with a well-established security culture is at a reduced risk of significant impact because people aren’t afraid to report incidents. If an incident does occur, employees know who to contact and what actions to take to halt the spread of infection.
“My company is only 50 people. What cyber-criminal would want to attack us?”
Cyber-criminals don’t care about the size of a company; they seek out the most vulnerable area of a company – its staff. Whether a company is 50 people or 5,000 people, the staff is always the largest attack surface in any organization, and it is critical that they play their role as the “human firewall” to protect against security incidents.
Employee security training arms them with the knowledge they need to be able to identify suspicious activity, and teaches them how to respond appropriately if an attack is successful.
We’re not saying don’t trust your coworkers. You should trust them, but only with the right things. Trust that they’re not going to eat your sandwich when you leave it in the break room refrigerator. Trust that they won’t repeatedly press the door close button as you sprint toward the elevator at quitting time. However, do not trust them with your personal data. If in doubt, here are some things to remember:
Role-creep is the continuity of access rights and permissions that an employee has as they change positions within a company; in many smaller companies, role-creep runs rampant. Here is an example of role-creep:
Joe Everyguy starts at a company as a senior account manager and receives all access rights associated with the role. Later, he accepts a new position as a marketing analyst, but maintains all the rights associated with the senior account manager. He has far more access now than is needed for his new role.
Keeping accurate privileges is not only good housekeeping, it also maintains alignment with the industry-recognized best practice of the principle of least privilege, which ensures that users operate at privilege levels no higher than necessary to complete their job functions.
To ensure that security is embedded in all aspects of the corporate environment, corporate and security culture must be intertwined. Doing so promotes all the benefits of a friendly, productive, and most importantly, secure workplace.
This type of environment is attainable, but it does not appear overnight and takes effort from the entire organization. Going from a lax environment to one with stricter security policies and controls could have a negative impact on your staff, so it’s important to take the time to explain the reasons thoroughly to ensure the staff not only understands the benefits, but also supports the new initiatives.
A great first step is providing employee security training. Training provides real-world examples so your staff knows how to identify suspicious behavior. It also provides the following benefits:
As an experienced Managed Security Service Provider, Dataprise can help integrate security best practices in to your workplace to help make your data and your customers’ data more secure. To learn more about how Dataprise can help you, visit our Security Services page here.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.