Today's investment firms are extremely focused on cyber security preparedness, as they should be. With regulators and investors demanding more transparency than ever, it's critical for hedge funds to spend time making their own employees aware of cybersecurity threats and how to mitigate risk. With that, let's discuss a topic that we’re passionate about – education and security awareness.
We’ve told you about the types of threats that can harm a business, the steps you should take in the event of a security incident, and the policies you should create to keep your organization safe. But now it’s time to talk about training your employees to understand each of these.
A firm’s security strategy will only work if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated. The goal of an awareness program is not merely to educate employees on potential security threats and what they can do to prevent them. A larger goal should be to change the culture of your organization to focus on the importance of security and get buy-in from end users to serve as an added layer of defense against security threats.
Once you have buy-in from employees, your focus can turn to ensuring they get the necessary information they need to secure your business. An effective security awareness program should include education on specific threat types, including but not limited to:
Another important area to address is the importance of password construction and security. Seem minor? It’s not. Believe it or not, password cracking is remarkably easy, particularly for advanced hackers. And this ‘minor’ step that users take every day could make a significant difference in protecting your firm’s sensitive information. Read more about creating safe and original passwords here.
Training materials should also review corporate policies and clearly detail consequences for any suspicious or malicious behavior amongst employees. For your convenience, we’ve compiled a variety of information on various security policies, including:
As far as logistics are concerned, the size and scope of your organization will be a key factor in deciding whether you want to design and implement your own security awareness training or leverage the expertise of a third-party company. Be sure to weigh the pros and cons of each.
PRO to using an outside training company? Your firm saves its time and resources by allowing an experienced firm to implement the training. Materials can also be pulled together and implemented much quicker.
CON? It will likely be a standard training program and won’t necessarily be tailored to meet the unique needs of your firm.
Security Awareness IT Dos and Don'ts!
Editor's Note: This article has been updated and was originally published in July 2013.
Photo Credit: Wordle.net