You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Nyheder & Media
Industrier & Services
Outsourcing af applikationer
Outsourcing af infrastruktur
NNIT Digital Together
Kunder & Cases
IT for life sciences
Om Life Sciences
Valiance – an NNIT Group Company
Your career at NNIT
Make your mark
Your future workplace
Start your career
Beware of the RATs (Remote Administration Tool)
A 4-step approach to protecting your sensitive data with Data Access Governance
How to Keep Industrial Computer Systems (ICS/SCADA) Running in an Age of Cybercrime?
Control Your Security & Privacy in the Cloud
Identity and Access Management becomes a top priority due to the EU GDPR
What to watch out for in IT Security for 2017
Steps to protect you and your organization from Phishing - yes, we need protection, all of us!
10 Steps to Successful Patch Management Framework
On Cyber Warfare
Cybersecurity Awareness – The First Line of Defense
The security risks of black box technology
The Fine Art of Aligning Business Strategy and Information Security Strategy
Privacy – why it is worth fighting for
The C.I.A. of application security!
Building a sustainable defence: How to secure your operational technology (OT) environment
Migrate to Cloud Services without Jeopardizing Security and Compliance
The Devil is (often) in the Software
Cybersecurity Awareness – The First Line of Defense
By Charlotte Gjellerup Rydicher, Principal Consultant at NNITOf all factors within our organisations and systems, our people are most likely to expose us to risk. We need to change the way we approach the human security risk factor, to protect our people in order to protect our organisation, through cybersecurity awareness. But what exactly is ‘cybersecurity awareness’ and why is it so important?The world is changingOrganizations today are faced with serious IT security challenges in the face of an alarming rise in cyber threats. In response, organizations mostly rely on cybersecurity procedures and technology to protect their organization and systems. There is surprisingly little focus on how to enhance this protection through employees’ behavior.As Todd Thibodeaux, president and CEO, CompTIA (1) points out, “We can’t expect employees to act securely without providing them with the knowledge and resources to do so. Employees are the first line of defense, so it's imperative that organizations make it a priority to train all employees on cybersecurity best practices.”(Source: http://www.infosecurity-magazine.com/news/social-experiment-abysmal-security)Why is cybersecurity awareness so important?Security awareness is essential to creating a long-lasting security culture, where employees not only understand, but also act according to good security practices and where security conscious behaviour is a natural and integrated part of the working day.Building a security culture within an organisation is a long term, sustained effort which requires ‘Reminding’, ‘Repeating’ and ‘Rewarding’ employees. The effort must be clearly supported and led by management. According to Todd Thibodeaux, “Companies cannot treat cybersecurity training as a one and done activity. It needs to be an ongoing initiative that stretches to all employees across the organization.”Only by being ‘reminded’, practicing through ‘repeating’ and being ‘rewarded’ will employees learn to understand the cybersecurity challenges faced by the business and the important role they themselves play in protecting their organization from potential threats. Employees must gain specific (relevant to their role in the organization) awareness of what may seem to be an innocent action, may in fact open the door to the very real threat of becoming the victim of a cybercriminal. Seemingly innocent actions could include clicking on links, opening email attachments from an unknown sender, sending confidential information in plain email text instead of using encryption, sharing a password with a colleague over the phone, or charging a non-company mobile phone via an USB plug in a company PC.This caution must become a standard mode of operation for employees without impacting customer friendliness or their collaborative attitude towards partners or colleagues. Rather, this cautious attitude should enhance the organizational image as a trustworthy partner for electronic communication and safe haven for the sensitive data of its business partners.Benefits of applying awareness to your security initiativeBy understanding the importance of, and investing in, cybersecurity awareness as part of your security initiative, your employees become an active part of the journey and solution. The awareness will:make security tangible and relevant to employees in their daily workensure that the security maturity level is gradually increasedensure that leadership on all levels understand the important role they play in showing clear support, involvement in – and adherence to the initiativelay the foundation for a lasting security culture, anchored in the core values and strategy of your organization.What can you do to lay the foundation for a security mind-set?Changing the mind-set to establish an IT security culture is a long term effort and can be difficult to execute - hence it is often not prioritised in the company strategy. However, some concrete actions you can take to ensure success in your cybersecurity awareness initiative are:identify and engage relevant stakeholders early in security initiativesconduct impact assessments to address all angles that the IT security initiative affects in your organizationdefine KPIs on short and long term for security maturity and baseline current leveldesign and implement a security awareness campaign, containing a:specific Communication, Engagement and Training approachtraining execution targeting relevant audience groupsmeasurement approach for long term sustainment to support the KPIs.In NNIT we believe that employee behavior and actions are strong elements of a successful security initiative.---------------------------------------------------------------------------------------------------------------------------1: CompTIA (Computing Technology Industry Association) is non-profit trade association and policy advocacy group for the IT industry.About NNIT Security InsightsThis is an article from NNIT Security Insights, a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.NNIT has its own Cyber Defense Center (CDC). If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage. You are welcome to contact us at firstname.lastname@example.org if you want to know more about how NNIT can help your business increase its information security level.