Engaging users in ensuring security

relemedf5w023 · Post by **relemedf5w023** » Thu Feb 06, 2025 4:02 am

For example, one feature automatically sends real-time notifications to Slack when a user violates a data policy. Another feature sends employees automatic reminders if data they've shared in one of these apps in the past could pose a potential risk.

Christopher Russell, CISO at tZERO, notes that this is a growing problem. Employees are under pressure to work quickly and often share sensitive data across common SaaS applications. They think, “I’ll just share it on Slack and then delete it, and everything will be fine.”

This is all well and good until someone hacks the app and leaks data. Metomic performs data discovery on SaaS apps, and when it finds at-risk data, it automatically sends a reminder to the user so they can fix the problem.

The core of KPMG and vendors' efforts to create a human firewall is to continually remind end users of their role in securing the enterprise and provide them with supporting information and tools. The challenge is to do this in a way that captures each user's attention without overwhelming them or disrupting their work.

Informa, for example, runs a Cyber cayman islands mobile database program. “The program’s goals are to move towards making security everyone’s responsibility, not just the IT department and security team, and to increase the awareness and education of colleagues in the field of cybersecurity,” says Richard Walker, Informa’s manager of information security culture and awareness.

The program consists of volunteer ambassadors undergoing special training and receiving information about new threats and other security issues affecting the company. They then convey the company's key ideas in the field of cybersecurity to colleagues in their departments.

In one case, they were told about a new method used by thieves to steal iPhones by knowing the user ID. In many cases, the thieves immediately change the user's iCloud, bank account, and online store credentials. Once the credentials are changed, the real owner of these accounts has no way to regain access to them.

They were then told how to change certain iPhone settings to protect those accounts, even if a thief opened the phone with the correct credentials. Apple has since addressed the issue. But before that happened, each ambassador passed on the information about the new threat and how to fix it to their colleagues.