Security is the responsibility of all employees, from the top down. Theo Zafirakos joined the eChannelNews Security Podcast to discuss how to best implement security awareness programs and the effective strategies for building a security-aware culture.
Originally published in ECN Security Podcast.
Excerpt:
“Awareness tackles the people aspect of cybersecurity. Typically, we talk about the triad of people, processes, and technology. People are expected to follow processes and use technology. So, we can't ignore them. We should begin with executives, understand these concepts, and talk to different business units. When putting processes and technology in place, be conscious of the user experience. If you make security too complicated, users may bypass certain controls because they are trying to be productive, not malicious. Also, system development and IT architecture teams should design systems that keep users' behaviors in mind. Today, we tend to think about business and systems and put all the onus on the user. So, keep the user top of mind from the beginning of designing systems, technology, and business processes.”
Watch the full interview here.