Those who are trained on how to embrace good cyber hygiene in their personal lives are likely to be more aware of information security on the job as well.
That's the takeaway from a conversation I had with Steve Durbin, the managing director of the Information Security Forum, who'll deliver a keynote address at Information Security Media Group's Fraud and Breach Prevention Summit in Toronto, to be held Sept. 13 and 14.
"The impact on the employee was that they became very much more aware of security."
In our chat, Durbin cited a program called "5 to 9" implemented at one organization. The enterprise provided employees with training on ways to enhance secure computing when away from the workplace - from 5 p.m. to 9 a.m.
This awareness program suggests ways, for instance, to keep employees' children away from dangerous websites. In teaching their children about cybersecurity, the employees' own security awareness grows, not only at home but in the workplace, too.
"The impact on the employee was that they became very much more aware of security," Durbin says. "They started to talk about it more in their office environment. The employers saw an uptick in security hygiene. There were not as many [spear phishing] files being clicked on."
Corporate, Personal Environments Blur
Such awareness programs are becoming more important because a growing number of employees are using personal devices for work. "There's been this blurring of the corporate and the personal environment, which has created challenges," Durbin says.
The CISO's office should drive such awareness programs but seek help from those outside of the IT and security departments, Durbin says.
"You have to understand your environment; you have to work collaboratively," he says. "So, if you are looking for how you can [relate] the concept of security to a bunch of individuals, why not talk to the marketing department? They're used to promoting products, services on a daily basis. It's their job. They can help you in that space."
In his keynote address, "The Emerging Threat Landscape: How To Keep Ahead in Cyberspace," Durbin will discuss:
- Cybercrime vulnerabilities caused by mobility and other emerging threats, as well as mitigation strategies;
- How best to protect mission-critical information; and
- Processes for identifying the data and systems in need of protection. "We have to ... understand what an appropriate level of protection might be against the backdrop of some of the threats we see," he says.
The Information Security Forum, which Durbin directs, is an international, independent, not-for-profit association of organizations that investigates, clarifies and offers solutions to key cybersecurity challenges. Founded in 1989, it develops best practices, methodologies, processes and solutions for its members.
Click here for more information on the Fraud and Breach Prevention Summit in Toronto, which features a long list of expert presentations and panel discussions. Another featured keynoter, Gord Jamieson, Visa's head of Canada and North America acquirer risk services, will focus on: "Securing Data in the Future: Lessons from the Payment Card Frontlines."
Correction: The organization Durbin heads is the Information Security Forum. An early version of this blog incorrectly referred to it as the Internet Security Forum.