FINAL WORD
They don ’ t stop having errors , but the company might well stop finding out about them until it ’ s too late to fix them .
How can human risk management help to create a strong security culture ?
1 . Encourage people to slow down : One of the times when mistakes are most likely to occur is when people are in a hurry . It doesn ’ t matter how much training they ’ ve had , if they are rushing to meet a deadline , it ’ s easy to cut corners or not be fully focused on security . So , encourage people to slow down and double-check , even if that delays things a little . It ’ s better in most cases to do something safely , rather than swiftly . 2 . Prompt rather than train : Most people must take mandatory security training each year , but there ’ s very little evidence that this has any impact on their behaviour . Instead , why not prompt people when they ’ re doing something particularly risky , using nudges or other interventions to get them to think about what they ’ re doing ? 3 . Raise awareness , but don ’ t scare people : When informing colleagues about a new risk or threat , ensure they are very clear on how they can effectively manage that threat . There ’ s no point in telling people to avoid a no-click zero-day text message – they might not even know what that is , and even if they do , they can ’ t avoid having messages sent to them . The important thing is that they know what to do if they see something suspicious . 4 . Watch for mistakes , and help colleagues fix them : Tired and stressed people make mistakes – and just telling them not to or shouting at them if they do doesn ’ t fix anything . An effective human risk management platform will integrate with the current technology stacks and flag any mistakes , such as sharing personal information in public chat channels or reusing passwords across SaaS applications – and automatically nudge the person carrying out that risky behaviour to help them fix it . 5 . Reward the positive : Monitor for good behaviours and use recognition and reward to call them out to others . Your company might have an internal reward platform to use or it might be possible to get the CISO to send a thank you email ( copying in the colleague ’ s manager , of course ).
People gossip and tell stories – wouldn ’ t it be great if one of those stories was how nice the security team was ?
To ensure robust data protection , a comprehensive , multi-layered approach to security should be adopted .
Proactively managing human risk in real time promotes secure behaviours , minimising the impact of human errors .
This is best achieved by working with human risk management providers , who understand human behaviour and have developed solutions to coach employees in the moment and automatically fix risks before they escalate into issues .
Through this process , employees gain insights into the evolving threat landscape and gain the necessary tools to respond adeptly when needed . p
84 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com