Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

Cyber security: Are you talking to the right employees?

iStock 1175197095 - Global Banking | Finance

543 - Global Banking | FinanceBy Ben Watson, Co-owner and Director at internal communications agency Blue Goose

Typically we focus on senior staff, new joiners, HR, finance and customer-facing roles. But perhaps we should shift our attention to a new employee profile

Businesses are constantly at risk, and traditionally certain employees have been earmarked as having the potential for greater exposure to cybersecurity threats than others. But the lines are blurring. Today, thanks to fast-paced changes in business practices, those people brought in as application owners are often the unwitting conduits of cyber breaches.

As a company that specialises in talking to businesses about how to reduce information security gaps, as well as supporting their efforts towards ISO accreditation and GDPR compliance, we recently started to wonder whether we were targeting everyone we should, or whether there were new weak spots emerging. It’s a question that needs to be asked continually as cyber threats evolve.

Moving goalposts and asking new questions

When establishing the key cyber risks that any given organisation faces, the same issues usually float to the surface. Malware infections, phishing and broader social attacks, an inadequate bring-your-own-device policy, website weaknesses, insider threats, denial-of-service attacks, or a general lack of cybersecurity knowledge among staff. All important issues to address.

Then the security expert will move onto people profiles – those that typically present the most risk to a business. Graduate starters, for instance, who’ve never had to think about how their actions can impact a whole company. Those in client-facing roles, human resources and finance, all of whom have access to sensitive information. The C-suite. Again, all important stuff.

But what we’re finding now is that, as well as all of the above, the focus of attention should be on those people who are directly responsible for owning and controlling the software applications that gather, manage and disperse information throughout the company and beyond.

Application ownership is a relatively new role in the business world. It’s the person (or team) with responsibility to ensure that a program accomplishes a set objective or series of user requirements for that software application. For a small company, that might be the CEO. For a Fortune 500 company, there could be dozens of applications, each with a different owner.

Often app owners are relatively junior or mid-ranking, however, and don’t fall into any of the traditional people profiles outlined above. As the software they control gathers momentum and importance, so does the level of seniority they hold. The problem is the training doesn’t always keep up as they ascend the ranks.

The need for communication and constant upskilling

Without the right upskilling and management, left unattended our rising staff member may be left to create a domino effect throughout the entire organisation. But we shouldn’t come down too heavily on them – being really highly skilled in cybersecurity has never been part of the remit for an application owner. But perhaps it should be now.

It’s important to create a communication strategy that everyone at every level can see – and then you can add and tailor for specific profiles on top of the one-size-fits-all version.

And it’s also important to keep it fluid. You can’t sit still with cybersecurity training because the criminals aren’t sitting still. And that means increased personal profiling and understanding how things are evolving in the work environment.

For most employees, though, information security is typically a dry and relatively uninspiring topic. That means our communications need to work hard to stand out and engage employees against the background noise of the other communications and the day-to-day activity they are exposed to.

To address these issues requires the development of a simple and flexible creative platform to provide the visual and intellectual glue that helps position security appropriately in employees’ minds. And it needs to be flexible enough to allow a wide range of messages to be delivered across the security programme to different employee audiences.

By creating what we call a ‘burning platform’, and being vigilant about changing working practices and roles, we develop a ‘live’ body of knowledge that reinforces the essential security mindset – for everyone.

Large organisations are now managed by applications, so it makes sense that we focus on the people who are assigned them. You could say, if you don’t get cybersecurity training right for these app owners, you’re not simply letting down an area of the business, you’re failing the whole organisation.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post